Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 07:12

General

  • Target

    2024-06-01_232351465b08f58d9841106f7040610f_ryuk.exe

  • Size

    5.5MB

  • MD5

    232351465b08f58d9841106f7040610f

  • SHA1

    8c9424c2dac3358faa5882b0b60ef3e41711d912

  • SHA256

    10531d56d00accc17e5a514adaaf2ccbf6063544880fdb09de715e01db2496c8

  • SHA512

    9742098d111254aabb155b7b454f8a8badb5c541958bf74e05e56eb7ffd05db4f99e4d466f74029c158aad1dd71c3962966cb2a3e123950bfc7adba265a3c795

  • SSDEEP

    49152:LEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1bn9tJEUxDG0BYYrLA50IHLGfD:XAI5pAdV9n9tbnR1VgBVmxKYpfg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 21 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_232351465b08f58d9841106f7040610f_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_232351465b08f58d9841106f7040610f_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\Users\Admin\AppData\Local\Temp\2024-06-01_232351465b08f58d9841106f7040610f_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-06-01_232351465b08f58d9841106f7040610f_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2d4,0x2f4,0x140462458,0x140462468,0x140462478
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1420
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1340
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe6e939758,0x7ffe6e939768,0x7ffe6e939778
        3⤵
          PID:5032
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:2
          3⤵
            PID:876
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
            3⤵
              PID:3772
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
              3⤵
                PID:1900
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:1
                3⤵
                  PID:924
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:1
                  3⤵
                    PID:404
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4356 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                    3⤵
                      PID:4624
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                      3⤵
                        PID:832
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4672 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:1
                        3⤵
                          PID:2136
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                          3⤵
                            PID:4420
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                            3⤵
                              PID:3580
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                              3⤵
                                PID:4116
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                                3⤵
                                  PID:5396
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4804 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                                  3⤵
                                    PID:5524
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                                    3⤵
                                      PID:5608
                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff677c67688,0x7ff677c67698,0x7ff677c676a8
                                        4⤵
                                          PID:5724
                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                          4⤵
                                            PID:5936
                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff677c67688,0x7ff677c67698,0x7ff677c676a8
                                              5⤵
                                                PID:5968
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                                            3⤵
                                              PID:5756
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                                              3⤵
                                                PID:5768
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5504 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                                                3⤵
                                                  PID:6104
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:8
                                                  3⤵
                                                    PID:5764
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4804 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:1
                                                    3⤵
                                                      PID:6536
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1732,i,16798394474430223541,9668740592244180821,131072 /prefetch:2
                                                      3⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6592
                                                • C:\Windows\System32\alg.exe
                                                  C:\Windows\System32\alg.exe
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Drops file in System32 directory
                                                  • Drops file in Program Files directory
                                                  • Drops file in Windows directory
                                                  PID:3856
                                                • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                                                  C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:1688
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                                  1⤵
                                                    PID:3632
                                                  • C:\Windows\system32\fxssvc.exe
                                                    C:\Windows\system32\fxssvc.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4116
                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                    1⤵
                                                      PID:2296
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:4296
                                                    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:4768
                                                    • C:\Windows\System32\msdtc.exe
                                                      C:\Windows\System32\msdtc.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Drops file in System32 directory
                                                      • Drops file in Windows directory
                                                      PID:5024
                                                    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                                                      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:1516
                                                    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:3740
                                                    • C:\Windows\SysWow64\perfhost.exe
                                                      C:\Windows\SysWow64\perfhost.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:5184
                                                    • C:\Windows\system32\locator.exe
                                                      C:\Windows\system32\locator.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:5616
                                                    • C:\Windows\System32\SensorDataService.exe
                                                      C:\Windows\System32\SensorDataService.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Checks SCSI registry key(s)
                                                      PID:5708
                                                    • C:\Windows\System32\snmptrap.exe
                                                      C:\Windows\System32\snmptrap.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:5956
                                                    • C:\Windows\system32\spectrum.exe
                                                      C:\Windows\system32\spectrum.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Checks SCSI registry key(s)
                                                      PID:6116
                                                    • C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                      C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:6032
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                                                      1⤵
                                                        PID:6112
                                                      • C:\Windows\system32\TieringEngineService.exe
                                                        C:\Windows\system32\TieringEngineService.exe
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Checks processor information in registry
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5856
                                                      • C:\Windows\system32\AgentService.exe
                                                        C:\Windows\system32\AgentService.exe
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5948
                                                      • C:\Windows\System32\vds.exe
                                                        C:\Windows\System32\vds.exe
                                                        1⤵
                                                        • Executes dropped EXE
                                                        PID:5248
                                                      • C:\Windows\system32\vssvc.exe
                                                        C:\Windows\system32\vssvc.exe
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5352
                                                      • C:\Windows\system32\wbengine.exe
                                                        "C:\Windows\system32\wbengine.exe"
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5548
                                                      • C:\Windows\system32\wbem\WmiApSrv.exe
                                                        C:\Windows\system32\wbem\WmiApSrv.exe
                                                        1⤵
                                                        • Executes dropped EXE
                                                        PID:6024
                                                      • C:\Windows\system32\wbem\wmiprvse.exe
                                                        C:\Windows\system32\wbem\wmiprvse.exe -Embedding
                                                        1⤵
                                                          PID:6104
                                                        • C:\Windows\system32\SearchIndexer.exe
                                                          C:\Windows\system32\SearchIndexer.exe /Embedding
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:4624
                                                          • C:\Windows\system32\SearchProtocolHost.exe
                                                            "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                                            2⤵
                                                            • Modifies data under HKEY_USERS
                                                            PID:5656
                                                          • C:\Windows\system32\SearchFilterHost.exe
                                                            "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                                                            2⤵
                                                            • Modifies data under HKEY_USERS
                                                            PID:5680
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3560 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
                                                          1⤵
                                                            PID:6340

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

                                                            Filesize

                                                            2.2MB

                                                            MD5

                                                            dfe3d76bab9f2be9b3dd80682d12d8c3

                                                            SHA1

                                                            7bd0405b97eeed753b954829b2ac3353c9012754

                                                            SHA256

                                                            611eebaea04ebea317e24f87003b6101b18bf49a42f091ab6b57eefaf68ff083

                                                            SHA512

                                                            08515ef8de69b1375713ceff40c49b19fd79cf14656dc04ff1bd1e56271e3374c0e5a85e99a03c85fe4ba83323b07dc655259c42773c86cd293cffdcba58090e

                                                          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                            Filesize

                                                            1.6MB

                                                            MD5

                                                            ef35448b8f55ce2a2395023b9fbdf351

                                                            SHA1

                                                            b4c4d80608b60faf5d92de469c187fe344172362

                                                            SHA256

                                                            ac19fb3b5771a3876d64d6939dfda4d284382461e71cd5ca22e27650240345ef

                                                            SHA512

                                                            84d2743150aa4c612ca5422c50c8b2a380aa934b5c7a828f62a6d9a16736958fef0eecc45df426ffa221a291c45b7053e47cd39aeb582a8a611c83e50380e30b

                                                          • C:\Program Files\7-Zip\7z.exe

                                                            Filesize

                                                            2.0MB

                                                            MD5

                                                            72160d1cc611bde7a7162bfcac00826a

                                                            SHA1

                                                            ae3a40f621b4b14bb9f6040622d6796c4ff6dd46

                                                            SHA256

                                                            da670747d2d5900e072a7112387029e8a9cfeb1fc6d6f272b5855d22013f3464

                                                            SHA512

                                                            1bde1709a5e5c4207dba90f55249200c931bd29ce7cc09996f6a84e57726ffbbf6a9e99f0f0b64fe56a9a926e0215cd35a83b62da265f0f5fa79c08006feb16d

                                                          • C:\Program Files\7-Zip\7zFM.exe

                                                            Filesize

                                                            1.5MB

                                                            MD5

                                                            1ba1cc447f14ba2e86ca662d047e9846

                                                            SHA1

                                                            4f1da9cbf7d64b09f02d1c36dfa36542c34b16ba

                                                            SHA256

                                                            b868da3c29fdcc420ca64ed56a8bd896b4788882a4d861936d399eca7baf5897

                                                            SHA512

                                                            2c5e6fc633ba5a73adacf9feae6ecf0eed43c5a91f1d359cee0623fccb9dca04497ff4a6627383f21dfcc6bcb7dddeccace38427f11ba9e0f7d3cc4fc0de738a

                                                          • C:\Program Files\7-Zip\7zG.exe

                                                            Filesize

                                                            1.2MB

                                                            MD5

                                                            1eec6b70363a43ff314cc96532404141

                                                            SHA1

                                                            ef717f6c97c7aed81a3ba4fee7dfc4458ddbdcc4

                                                            SHA256

                                                            29310b0311f1bc2a93baef50fb74ee5cd999adddceaf960b5d3beb34c4285610

                                                            SHA512

                                                            8f39ea492da3d05daae1af90e4c08b337c2d47b940b3a681d5ab8a04a0a9db3092516f14a78c49864c9ebd35721eec0b0163a5faf1ec48a2a6634017d149cf7a

                                                          • C:\Program Files\7-Zip\Uninstall.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            d209d4e4b980915f2e012661b9f7e39e

                                                            SHA1

                                                            15b5f83f00b2f6aad5e9b5baca19c75181e86fb5

                                                            SHA256

                                                            0ef6268e64d372b83bf5308d6f81f7a7378282d8a55c31d59398ec43407d9952

                                                            SHA512

                                                            ab7996b4ddb7ac82926061e71e1f248bea81aaef353f965d96cf87659491f074db39dd0cd466eab9c74497754f7f860c1d865490e263ec8d98a9ac6f7dcd49b2

                                                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            d30b7775fa5f63714648db8857328434

                                                            SHA1

                                                            801bb519a3fda940baf4d8d6f7242c21bf0c602a

                                                            SHA256

                                                            97ff57771c2dd1c4adb348be0e36832b26370403dc77b8c3e589f6d7db1f4784

                                                            SHA512

                                                            60c7554fb385bab436fb298071ebd03457b5c894088fb02c954e3fd75b9e4891b4c7913b54a788f9b3d54415465d122a6027939fae0b6a837c2d349f09342685

                                                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                            Filesize

                                                            2.7MB

                                                            MD5

                                                            e9e9a034435a66ca7cb2db51c98f8483

                                                            SHA1

                                                            e1f66ea1f78931480d0a9eec6fe5ebecd3416efc

                                                            SHA256

                                                            1cd1585f3aa75fb2ec19dcea8ebf28cce0192a5f6503960a0d78128e0b3e3e17

                                                            SHA512

                                                            59e0fdd16ee4ff3bc8272b0d04e52986dd0e27715c82685bbcba93b63a267d37377bba511bbc9c9408a5cc8e53f4f7dfa2cf7713ba684e6e0ce389c1a9f8e2b4

                                                          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            1432d7231237811fc771b0868d5ce997

                                                            SHA1

                                                            5a1003229ec8625090d409fa889a263adde22e7b

                                                            SHA256

                                                            9930a4aeee85049b26cf131df9afbe0e52df84faf2d5f2af57756551234cff7e

                                                            SHA512

                                                            e804dffa073b2230b619188b03d454211d46d4a650e79fb4989fac47afb0985eeabfee85506833eecfc93f7c92f151b8513f5cff4f98195774400e05ad08a93d

                                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

                                                            Filesize

                                                            2.1MB

                                                            MD5

                                                            30f823b8faf2045f7f0e59f20c7990c3

                                                            SHA1

                                                            72c57a293dcf796418c8753160ed30d4afc87190

                                                            SHA256

                                                            4b1b2aa0f73516e0c25aea7b9815ed106b1d80f51c326dcc7611e59316955ff9

                                                            SHA512

                                                            6fd917d10893e141962f1de780949349dcc3dfd41719abebe83d8dbfcc9f7681138e0dbe56e80517e82b09567d7600a8ee79cf9f7e8c4f12672ff6e633547f08

                                                          • C:\Program Files\Google\Chrome\Application\SetupMetrics\20240601071320.pma

                                                            Filesize

                                                            488B

                                                            MD5

                                                            6d971ce11af4a6a93a4311841da1a178

                                                            SHA1

                                                            cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                            SHA256

                                                            338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                            SHA512

                                                            c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                          • C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                            Filesize

                                                            1.5MB

                                                            MD5

                                                            11eae1fcb0589cc15d863194231eaa3e

                                                            SHA1

                                                            183b1a022c14cad0ae33c361f99a694ec54960d5

                                                            SHA256

                                                            495d80d35b886bd4cf3c4117cfae8dee4437f48c8761d3ebcfd81d1927608ec7

                                                            SHA512

                                                            cd0f9ebce7b7991c786ce981826edc642f938bbe4fcb6985b37b8bdac139910677cfa1a0d6487dcef6e4e52dc38f8c5c164937c5641969831695e30a0b9d04b4

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                            Filesize

                                                            40B

                                                            MD5

                                                            85cfc13b6779a099d53221876df3b9e0

                                                            SHA1

                                                            08becf601c986c2e9f979f9143bbbcb7b48540ed

                                                            SHA256

                                                            bd34434d117b9572216229cb2ab703b5e98d588f5f6dfe072188bd3d6b3022f3

                                                            SHA512

                                                            b248162930702450893a112987e96ea70569ac35e14ef5eb6973238e426428272d1c930ce30552f19dd2d8d7754dc1f7f667ecd18f2c857b165b7873f4c03a48

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

                                                            Filesize

                                                            851B

                                                            MD5

                                                            07ffbe5f24ca348723ff8c6c488abfb8

                                                            SHA1

                                                            6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                            SHA256

                                                            6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                            SHA512

                                                            7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

                                                            Filesize

                                                            854B

                                                            MD5

                                                            4ec1df2da46182103d2ffc3b92d20ca5

                                                            SHA1

                                                            fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                            SHA256

                                                            6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                            SHA512

                                                            939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                                            Filesize

                                                            193KB

                                                            MD5

                                                            ef36a84ad2bc23f79d171c604b56de29

                                                            SHA1

                                                            38d6569cd30d096140e752db5d98d53cf304a8fc

                                                            SHA256

                                                            e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                                                            SHA512

                                                            dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

                                                            Filesize

                                                            16B

                                                            MD5

                                                            46295cac801e5d4857d09837238a6394

                                                            SHA1

                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                            SHA256

                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                            SHA512

                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            08d50aab8ff4abce28123adca46f4fae

                                                            SHA1

                                                            95ffc2d72d19213fd90d0a5c115022c38fc9edcc

                                                            SHA256

                                                            9fb8f8a2da2c53983d125d1d4cafabc1eae231effbb98ab4e455207b173e811b

                                                            SHA512

                                                            05b3bcddda1fecdbad7948b35e5128eda7ed905ea39cff2d9506b8c929e35467f0153db3b9524bad42f3ab2bfaa3e573457f0e4be909ebcb0281b24f02897b0d

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                            Filesize

                                                            369B

                                                            MD5

                                                            7c2578b790f4f010b96f9e1c26086163

                                                            SHA1

                                                            0f8882acabdf6028b41d12095990e0c9cc68d77c

                                                            SHA256

                                                            3e2e865c5d63bdda1e4a9eb38a8185e45fe8eb28cbfdd892fcfa2aec0b6b2719

                                                            SHA512

                                                            48bfca1f674ae9a6a159de8c7dfa4a6e0f931605c7cef9a6b3272807a267d2057f939815e34ca656258c8ff413ece83bbd9b4a733fc2b7945e15e66abf6d6570

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            5KB

                                                            MD5

                                                            2b562c854a1bc0e19198c90e4b47efc4

                                                            SHA1

                                                            60fa752707445377d4ef2d35d71d04edb1a0bd48

                                                            SHA256

                                                            53989d64fd8edb2a96a92e2ff652fc7fcee8ebbbfd14afffb9b94b8d1e5035d7

                                                            SHA512

                                                            c7a40fb55a40cf78c704b6ae36082aa007cbfc9fb9c04f5d99efc530b216bb5cb52408d37a7e1be8ac7eb4e03c12beb956a0951afebf4ec23ca7daf0a842b89d

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            04695aadffdaf28b5be826d27d48721a

                                                            SHA1

                                                            ce79df7c80926a86b0e1a922a05bcab16c7620c4

                                                            SHA256

                                                            0bc76b0a74faa8d4d25cfa28127c42750e86004af7a10d590e07a33a89726b51

                                                            SHA512

                                                            aa3438c4a09ea9c0c52dccb6cba636ac99c11b47a5b78317869823d6c39bfdfa304f40e67867b8ca9c4269efaba12431ae59a1d54c671f38acb9e4fe3d23da54

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            88873a9f064379a8ce55ded9017655ee

                                                            SHA1

                                                            1a3bf653ebbd616e132dc44376b1ddf2ebfd3359

                                                            SHA256

                                                            0d53fa064e7c6442d901b6eac1176588e16c07db9887bc4ba12285a24469f569

                                                            SHA512

                                                            d378d85cab9e4298de8f2720f9815f50cca9d4162f76c80f1d7b64feac9dbd46067f5364ad0c5c5cd92362876e9ba9b6e045d316e294f9320ec98267605868ef

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            2f959a267dd31e75e880ae615926992c

                                                            SHA1

                                                            95d820241f2d346062137c61bd1684558748565a

                                                            SHA256

                                                            eecbcbfe5a7853cbe72b7b8384af49d49971ce1118357ea5d68461acca98e88d

                                                            SHA512

                                                            db68b9ce22ca2aa8bcd18544c820dd31e3f71ccd9c245672527e5c4aeee29a92dc6112301d4a831d2a385251a207e82b2f791f1f564b37cb8744241eea5a3615

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            53eedae6d69946cc5d823caddcd61ab0

                                                            SHA1

                                                            0f99e77ec8826225d300b1619b8dcd5b3d63ceab

                                                            SHA256

                                                            0f1e253c6b436f693e871d82698b8924c4b664e5d6c32d6a07b70943feea5146

                                                            SHA512

                                                            0b9c84f33cd835c1089eec02880c2284579ad8e11c0a7cc620628664d2e3061c65b06fd30c6fa95ac998ad6c6e4e7b21ec32ed6a62e3eb720bf9b57697899fd9

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            74520ae49ffca8b93bc36c361114df4d

                                                            SHA1

                                                            274a5fb1ba084befc3950389ee9a25ba88f68d6c

                                                            SHA256

                                                            138e95b74c918fabe67524ea4d4b29138cbaf1e4c38a3e982e7660bdc5a28758

                                                            SHA512

                                                            db6399a59d8da0687834f2bbb18a22ea8c82af47b8f5525d47627486a9ad28d2e1727a92b448c2c96aa561063a750bf0d6d5ef26a3803635ba478f4d68432eb1

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                            Filesize

                                                            10KB

                                                            MD5

                                                            cda412266d481f892bc7889cf7151bd5

                                                            SHA1

                                                            fad96c509b245bb89367d92ba7383ffbe824d7ad

                                                            SHA256

                                                            7cf0f90a8dd145b861efdd6edce1d703b0efe13b97fae1dc4fc7504cea09f9f9

                                                            SHA512

                                                            407a8e080d0095e870140c8f6dc2dd8962bc8b497c15244a89cd4f13001d6fbe5e724b97114de40095eb72ef698115722d46125048b42fabb558eeacc55d4e99

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                            Filesize

                                                            13KB

                                                            MD5

                                                            e465c8b3eba5b4a90f12b1f0d419e104

                                                            SHA1

                                                            1ebb40cf7b1544084dbafdd51938782b6d129846

                                                            SHA256

                                                            529a0b3eb8709c617620d0be08733a807e9ab349d23f14e957e3fdf221e8ed80

                                                            SHA512

                                                            37ebff1af94b2d244d70ecfab590eec7c9578d869f45ad3634d68e8fae7169adc1b52c7c1fed06d870d08995eccde2e1e7ea0039571984056d7095c972854fba

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                            Filesize

                                                            270KB

                                                            MD5

                                                            37dfefb7fc0923dd1cdb70725721cdb0

                                                            SHA1

                                                            a4d61b05b6c0eabc15a09e93f8d8e78f8da57814

                                                            SHA256

                                                            8ac97ae218daa106f20a35d84e39555ce364f9be1da014a885df4b150791140a

                                                            SHA512

                                                            eacbf86ff45ee3ab135352f0edc9c40b6b02ee40b5c7b7da2200887eaf25bd126e229c6ff63696de2b989e9a7ac0a256dd7b22d33b91dfb0d848cf7d4bb46d9c

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                            Filesize

                                                            2B

                                                            MD5

                                                            99914b932bd37a50b983c5e7c90ae93b

                                                            SHA1

                                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                            SHA256

                                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                            SHA512

                                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                          • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            045dbbd585b66901a32a4f8fe9490b84

                                                            SHA1

                                                            52e161187ee68ecaffe05a4978d1117d27fb341e

                                                            SHA256

                                                            17334f37cdb8ddb271912023af64b6c9170695b7f53d50b3f1dcedf44f72c866

                                                            SHA512

                                                            21e4b1d7b20933b385cf5f51e71c317696385ec5c3ccee3aea058d28cfb6ab75777beb3def6f7fe0cb431346fc64ad02eef501408000aa4752884bcd504ce607

                                                          • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            c1ad7e7678e2ba4cb4bbd5ef0237bac3

                                                            SHA1

                                                            546a408b122bf0f1ebbb358b0bb1992858e15ef9

                                                            SHA256

                                                            af05f4aed892461e04730aba96ec311bbc9b9ecdf95adb9e158a2def75122baf

                                                            SHA512

                                                            a746ead6c8187d2b4532f1f19226f8d85c46fed40ae8e6455366df6d3c56ee028fbd88a7a295dfd4d64d46d933e10e1bf36634741613617442364882d5a36523

                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir1340_679683621\2035ac20-9c0d-48be-ace9-1a08d3ce5ba3.tmp

                                                            Filesize

                                                            88KB

                                                            MD5

                                                            2cc86b681f2cd1d9f095584fd3153a61

                                                            SHA1

                                                            2a0ac7262fb88908a453bc125c5c3fc72b8d490e

                                                            SHA256

                                                            d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

                                                            SHA512

                                                            14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir1340_679683621\CRX_INSTALL\_locales\en_CA\messages.json

                                                            Filesize

                                                            711B

                                                            MD5

                                                            558659936250e03cc14b60ebf648aa09

                                                            SHA1

                                                            32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                            SHA256

                                                            2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                            SHA512

                                                            1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                          • C:\Users\Admin\AppData\Roaming\8670dc90b3e2edcd.bin

                                                            Filesize

                                                            12KB

                                                            MD5

                                                            628e1b1664628474fb11596720f5e349

                                                            SHA1

                                                            324fdeb19a4d2e4ca16133348910a80809fe2ee9

                                                            SHA256

                                                            0831bb467c24f8e9a40192432de6145995f2334036e138c364ca76cef67ce341

                                                            SHA512

                                                            f5d8fa3f47841266ac182a4ff3f6ad370886507cc7a8d687fc6a41e98909435f2554630a9d4d9cb280c2def1c255710de68020814e4be9835203274a7bedcabc

                                                          • C:\Windows\SysWOW64\perfhost.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            f59c5024044785d4c50bba9d6becf5df

                                                            SHA1

                                                            a0c8ddfcf841b0e0cd626b4296a33af2a7595a02

                                                            SHA256

                                                            ad9b02dc8e20030dfec68efe8533995c2d3d716acf8d27d571a8792cadb21bfd

                                                            SHA512

                                                            71d6c33650b3a0482a501c3f3d123d965e112e17bc05392ec7fd457573d71c324f3b2a3b733e1c16ad9fe0e889fd2a729f5f2124326596ee6acac290035f06ea

                                                          • C:\Windows\System32\AgentService.exe

                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            55f730f008f2953db21f121b5ab4383f

                                                            SHA1

                                                            b85646b8229486c76ef90382f4f603ae6b6c3e69

                                                            SHA256

                                                            bd373270f38823af12eb02f8f90473bf17d53138c29ef3ad0dfd162c39dd90bb

                                                            SHA512

                                                            ac878172cfceab53a24dac106ef6b769587ec818378fadaf0c4e245c49e3a0f6f828bb5779817123b27aea48a8fb087d804baa645e95f5f51648ddfe533e8e49

                                                          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                            Filesize

                                                            1.5MB

                                                            MD5

                                                            93ee4b8cafbd70520d9db6d5645c8d0a

                                                            SHA1

                                                            8a6c6531c66df0f3c98e3e3e7c74eb991c37cc29

                                                            SHA256

                                                            414ef73c930bb9fb0e238f213599623f47b1e37ea3e4a0a0327e65e1b41190df

                                                            SHA512

                                                            8c8a04b4066106d87222c92ab6d3df055e45da0b464790993d716d441791729040a39eb006db3679ca4f96b92a016db23bae7b67c2fb327c9d44f5b6ff18f55b

                                                          • C:\Windows\System32\FXSSVC.exe

                                                            Filesize

                                                            1.2MB

                                                            MD5

                                                            5ae72c2c6bf97ac90f9e081086fef8ec

                                                            SHA1

                                                            640b5ee18bcbfa7491300e4f363745c13665829d

                                                            SHA256

                                                            5cd02792f72224a99c7e337cc75aed27658e1b09c37baee5a747d74a8fbbcdf5

                                                            SHA512

                                                            149ecc0fc75ea13aef6b0010be0bb5e3577d67f5bf82c7b11b7b812e5944221d7688d7665a9bf953782fa5645a2fe658582d69944beedb09367cc6040ac0c01d

                                                          • C:\Windows\System32\Locator.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            de8aeafcbf18214c2c3ab5defb72b899

                                                            SHA1

                                                            e241694c83163d005f44e4f1358dd26239554275

                                                            SHA256

                                                            78af2716e09e53e79cbba174130d82bfcd351e330a2f0ac854f05eb6936f7d1a

                                                            SHA512

                                                            dff2b4f3096b051020ad0f4e4e141ca0c8c24750987eb912b2de99593e22385ef2cb0952c3cc2f12d7280ecd9becc80f547fbe2771b9f7463f91f5f2fe4d2421

                                                          • C:\Windows\System32\OpenSSH\ssh-agent.exe

                                                            Filesize

                                                            1.8MB

                                                            MD5

                                                            20563a6620dfc7dafc281d98ee31c605

                                                            SHA1

                                                            c0ed5010c6aaef465ad320dd1e5e7b8006b6724d

                                                            SHA256

                                                            2cdca5c3a85c28b3fe0235b0ad849a4e43e6b02d2b1fd6d208e6df8363919271

                                                            SHA512

                                                            b23a93f8f56d0dd55a4ddcba909445df73503bfaae39654bf69edb20ea89755e76571a521a213ebf9b2f7831930c47a7e4fd22bfd67958da2c575d454c52781c

                                                          • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                                            Filesize

                                                            1.5MB

                                                            MD5

                                                            3d0ab3a4a9b452474b8a27d28b997022

                                                            SHA1

                                                            4dfff12e9167c55488de6ed82e29795a602aa44e

                                                            SHA256

                                                            08f2e2a4add22d9907ceab509b4326d44c9c4f8e9983dfb7deca68bc08035f86

                                                            SHA512

                                                            4fb0f98f1be77d45103e1fca2ce5dc38eb71ee9785da861c877babe66ae474c1119d96364d732e182bb06c9a10e025da6606f2ec59114b9fc06bb1b66b109336

                                                          • C:\Windows\System32\SearchIndexer.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            a8b6e4ec2ba62563d81fc31c44dea27e

                                                            SHA1

                                                            3b078e49691a2aef8a935df02b19e54daf1abb25

                                                            SHA256

                                                            5dd5e6458dacd6a9e8d172770b07c3f841953b38dcb563f5f2ae41cb8afb9363

                                                            SHA512

                                                            c60ab1c05ae2a141910ddfa8e92b245fb78fdea0872c657d98efbd3da84543e361efd0e6a9d047e6fcfd48ab266c311b0b2b060c10548fd559e42e1059b5a27f

                                                          • C:\Windows\System32\SensorDataService.exe

                                                            Filesize

                                                            1.8MB

                                                            MD5

                                                            1b275190b3759196d8d6b4e4c4e1c362

                                                            SHA1

                                                            459419eb885902e67d8dec317f1274f605a5d9f2

                                                            SHA256

                                                            ef4a9f9862e08884d7aebbb3017e35c4a11909e52af2a60861262f12b7e61569

                                                            SHA512

                                                            52d30f1235260a887ac7f60ba3503d6fd416617404fbc821c09c96f2ecc13c2de8c4ef0ae907900bbb523a4807975d19756b6e8270bf3e9ad299f37a716b3379

                                                          • C:\Windows\System32\Spectrum.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            0ce60b5e414d53eb7e54a4fded126408

                                                            SHA1

                                                            fe014d04dfe08b3493d3f91558362bcb51adec46

                                                            SHA256

                                                            481b294ee6413aac2248839f5ec3f7d7b1fca12f49f25a387d4c10e624c8b857

                                                            SHA512

                                                            97b6a5268ee874b15c7a078d673a91eca780164149106eadc15ff1ef03d5bb09f54d547f59987e555f185d52ff32eaa4b5ba29e0a2e944f6626658d4538036bf

                                                          • C:\Windows\System32\TieringEngineService.exe

                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            298dd6a23487822e0658383efebd881f

                                                            SHA1

                                                            e47a750f44e5c438a4c46e28e9bb129f75fa7ba6

                                                            SHA256

                                                            aea493a8ac0a9bdabe4961ac205d59c62efb0e789cd029d520f6832a703c009b

                                                            SHA512

                                                            7a6edb875293e0ac6b5a92b55e09fc30bbafbe285bd4bd09aff5ba785a3065a34b6031f5e5bbbd616294af2bb55cc46cfeeb476482b5088e6f87c0d628819933

                                                          • C:\Windows\System32\VSSVC.exe

                                                            Filesize

                                                            2.0MB

                                                            MD5

                                                            65cfeaf1cebd89d47eb9ff97ef7568be

                                                            SHA1

                                                            28a83e72ebe20a46345e40d1963f3a1194ecbd6e

                                                            SHA256

                                                            b6efeee58e670e640ba7a26007ab203231bf2d0b46f28e85bf3def0b18590a53

                                                            SHA512

                                                            f576a6fd911be24a0e91eecde58bcaddd2cdd9e8e1a969bc7a5cb67c8b5ae424c3c5eec95918543a073595cb57329471c1db28d1731cc528ef6ed62708fe3dec

                                                          • C:\Windows\System32\alg.exe

                                                            Filesize

                                                            1.5MB

                                                            MD5

                                                            c6d7428ca2f4e6d7bc3a4889ca328aa0

                                                            SHA1

                                                            6807e6d6f7c4c29b1f6626cd5a2bee01495f2d0c

                                                            SHA256

                                                            8cf39524ff59e9b63eb81a34c136ce19b555a1b538cc3e3682b7627107887084

                                                            SHA512

                                                            c2e58609dba84e9c87172348eb2590e948eeb2eae1ca3afc00e5003ff2aa6c0487fa196ea245942373fe0fd9c52810a929b5464f313e22410a735583f8613954

                                                          • C:\Windows\System32\msdtc.exe

                                                            Filesize

                                                            1.6MB

                                                            MD5

                                                            f16a22446fe2dd37130fd45bf736994a

                                                            SHA1

                                                            954c6e77d1eaa25146e0e6a6c8ffa9f76e165bf2

                                                            SHA256

                                                            a48d1830fbf4ad6bf2cad40650eb5cf913e231aeee54ab159d897fefc2bbec90

                                                            SHA512

                                                            db161e596ecc2d295bd0295e59d50db4d888797a01c1dc79e2b9a4ccb4ae8e4e54bd9533976c59f2f309f425cd5d1a1a4c732499581667309735bd63f45b33a8

                                                          • C:\Windows\System32\snmptrap.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            51daa4e68dcc70fb2876afb57a62bca6

                                                            SHA1

                                                            99d5b0491a358f666c1b5a34f0f953028644bad1

                                                            SHA256

                                                            1d9f63a445911f7b05cea7063be158b28c9fccee3cda9cf44223afc7ce4e262b

                                                            SHA512

                                                            55a58d9ca16abbeb6b07e2f3d6cc48df04f60c02a53dcf5ffb959d66ea34ad3025dce19487c9efd005f874fcae0d4ba76f877195f281ded4b58374ed6ce34aa6

                                                          • C:\Windows\System32\vds.exe

                                                            Filesize

                                                            1.3MB

                                                            MD5

                                                            0a20cc9e4d57f21b1bb44048f7b45fbb

                                                            SHA1

                                                            3cc1e300ffa28627eae57fdc799ef1223b9ee8fc

                                                            SHA256

                                                            f4cf62c65f69fbbd0b1277abdfb8233ea2fc3801e2bb3f2f8185eaa87703c647

                                                            SHA512

                                                            a638cbe13f1ff02ae91bea428323f4a3a8beb81671d3cafad09cef90d212c55944e793f0cfcde1776b6f43c8101ee7e416d75ce19e0d8c06d2513804e4489195

                                                          • C:\Windows\System32\wbem\WmiApSrv.exe

                                                            Filesize

                                                            1.6MB

                                                            MD5

                                                            93ca504810501e03d7cce6447ddd761e

                                                            SHA1

                                                            308c8e70b3b574303c6867feedeb450dfd4c0e44

                                                            SHA256

                                                            3ac89bd2edea3d62930c258e2b18723e7dc0f0964f5d72e9776b26251002af49

                                                            SHA512

                                                            7314a71d4ae30616128d33a9c13c50ffb29d4a280d683df365a335bd5f3994e8a92a57d75c1dc30655735332afcdb4d82cb8ee720fffb9243b93cba4ca83dba7

                                                          • C:\Windows\System32\wbengine.exe

                                                            Filesize

                                                            2.1MB

                                                            MD5

                                                            580539f9948e943c655da39525d2c57d

                                                            SHA1

                                                            ec17b65f024291f1354b62b4edf3f0fa0a1ba8b7

                                                            SHA256

                                                            04de7a68fcaf322b9c2c8a070f281d3385131b7e9c3521958a01755201e726f1

                                                            SHA512

                                                            bc8fcd1a31e4b11fd1fe461db12dee4def934f6b0899662258018159e0221f794e4cd04db96c2385d253499c4cb6613b6283736bf592c1e37fe0e9651c820dc0

                                                          • C:\Windows\TEMP\Crashpad\settings.dat

                                                            Filesize

                                                            40B

                                                            MD5

                                                            0e1a0df5323f02fa141b11070035f203

                                                            SHA1

                                                            4662c48107aebe02429f78dc0ab4328f88ea9e8f

                                                            SHA256

                                                            169bdddd028372b9c8dc1bbc8bc1a48dce9089467cf7c3b5967ebc20713b1bb7

                                                            SHA512

                                                            5ef418e1f48b459f21f15f8462fceebbe5da2e16ff4cd02a614a6a508c1a9e28527c0d0778840600c85ba60d412de91e754b3aa0173ac4db70460367a2abc6e5

                                                          • C:\Windows\system32\AppVClient.exe

                                                            Filesize

                                                            1.3MB

                                                            MD5

                                                            9074170f5ab4572e7af6e6c613e9328d

                                                            SHA1

                                                            226a807576dddb211871185853c1397de0fa7ff9

                                                            SHA256

                                                            b63d8b8c4bf8b372dc434160d146bcf275078437f87b5d87ef614963ecaf50cd

                                                            SHA512

                                                            7e6904e599d61148a216d09419e7436c012e555dc7a7b83a169b5d0e79acd873ae8f1d433035f5864ca4075f277dadf0a46b55e12d546966368ef54dd4d63ab9

                                                          • C:\Windows\system32\SgrmBroker.exe

                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            87a7fd031351994abe05b373e84f6e6e

                                                            SHA1

                                                            1f437c66da30452db6016ec92c95b79863c89a21

                                                            SHA256

                                                            d49a710d59afd5cb672238328e6a6e84c65eebe7ff7521183ef185749cc4666b

                                                            SHA512

                                                            d0e227e0ef48ed13596ecd60c874d0ccd2bb7acbcbf92355d39451f5c37923929f37c843a5cd40e786dd2aef188441ca32338e008188db940b6c34e23acdc278

                                                          • C:\Windows\system32\msiexec.exe

                                                            Filesize

                                                            1.5MB

                                                            MD5

                                                            6fbfa4d06cfeb41a71f2509fc9ad55cf

                                                            SHA1

                                                            70ef27939924f377d7a293f89e836a0d376429b3

                                                            SHA256

                                                            cdf490fe0bb5da0de3cdf7af67f5b3f69241a88b12b759dba68d58b4649483ce

                                                            SHA512

                                                            008a09a6f74b8b5564403ef3f912399260fb7187e9c4f1fee927766ceecac070810e3b524c9d460b5f89f00227f018978422c7df41162573c16512a010b2235f

                                                          • C:\odt\office2016setup.exe

                                                            Filesize

                                                            5.6MB

                                                            MD5

                                                            04082e93aba7954244f37732e4771d13

                                                            SHA1

                                                            023654425a7e4e2391e43c4412b970c6d53aaf05

                                                            SHA256

                                                            b69c16b3f54a6e53f9a37ecbc16553b5732a0ad260e995530a6931fcee0bc566

                                                            SHA512

                                                            452d0b4b2e3eb8d39bfaa6e6183b6f3e62cc02bc7ad840d96f65eaff70fcc4eaef2f70d74a900dd58326b16f1512465beb383074a221758bc41da5e6c22d0841

                                                          • \??\pipe\crashpad_1340_TEEQDBQZKPMCAFLQ

                                                            MD5

                                                            d41d8cd98f00b204e9800998ecf8427e

                                                            SHA1

                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                            SHA256

                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                            SHA512

                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                          • memory/824-27-0x0000000140000000-0x0000000140592000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                          • memory/824-8-0x0000000140000000-0x0000000140592000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                          • memory/824-24-0x0000000000840000-0x00000000008A0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/824-6-0x0000000000840000-0x00000000008A0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/824-0-0x0000000000840000-0x00000000008A0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/1420-17-0x0000000002090000-0x00000000020F0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/1420-11-0x0000000002090000-0x00000000020F0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/1420-120-0x0000000140000000-0x0000000140592000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                          • memory/1420-19-0x0000000140000000-0x0000000140592000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                          • memory/1516-143-0x0000000140000000-0x00000001401AF000-memory.dmp

                                                            Filesize

                                                            1.7MB

                                                          • memory/1688-45-0x00000000006D0000-0x0000000000730000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/1688-54-0x00000000006D0000-0x0000000000730000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/1688-53-0x0000000140000000-0x0000000140189000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/3740-157-0x0000000140000000-0x000000014018B000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/3856-142-0x0000000140000000-0x000000014018A000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/3856-33-0x0000000000520000-0x0000000000580000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/3856-31-0x0000000140000000-0x000000014018A000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/3856-39-0x0000000000520000-0x0000000000580000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4116-92-0x0000000000EA0000-0x0000000000F00000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4116-72-0x0000000140000000-0x0000000140135000-memory.dmp

                                                            Filesize

                                                            1.2MB

                                                          • memory/4116-95-0x0000000140000000-0x0000000140135000-memory.dmp

                                                            Filesize

                                                            1.2MB

                                                          • memory/4116-79-0x0000000000EA0000-0x0000000000F00000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4116-73-0x0000000000EA0000-0x0000000000F00000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4296-359-0x0000000140000000-0x0000000140245000-memory.dmp

                                                            Filesize

                                                            2.3MB

                                                          • memory/4296-90-0x0000000000890000-0x00000000008F0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4296-94-0x0000000140000000-0x0000000140245000-memory.dmp

                                                            Filesize

                                                            2.3MB

                                                          • memory/4296-84-0x0000000000890000-0x00000000008F0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4624-973-0x0000000140000000-0x0000000140179000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/4624-468-0x0000000140000000-0x0000000140179000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/4768-113-0x0000000140000000-0x00000001401AA000-memory.dmp

                                                            Filesize

                                                            1.7MB

                                                          • memory/4768-100-0x0000000140000000-0x00000001401AA000-memory.dmp

                                                            Filesize

                                                            1.7MB

                                                          • memory/4768-101-0x0000000002280000-0x00000000022E0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4768-107-0x0000000002280000-0x00000000022E0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/4768-111-0x0000000002280000-0x00000000022E0000-memory.dmp

                                                            Filesize

                                                            384KB

                                                          • memory/5024-384-0x0000000140000000-0x0000000140199000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                          • memory/5024-121-0x0000000140000000-0x0000000140199000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                          • memory/5184-429-0x0000000000400000-0x0000000000577000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/5184-163-0x0000000000400000-0x0000000000577000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/5248-780-0x0000000140000000-0x0000000140147000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                          • memory/5248-407-0x0000000140000000-0x0000000140147000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                          • memory/5352-800-0x0000000140000000-0x00000001401FC000-memory.dmp

                                                            Filesize

                                                            2.0MB

                                                          • memory/5352-418-0x0000000140000000-0x00000001401FC000-memory.dmp

                                                            Filesize

                                                            2.0MB

                                                          • memory/5548-811-0x0000000140000000-0x0000000140216000-memory.dmp

                                                            Filesize

                                                            2.1MB

                                                          • memory/5548-438-0x0000000140000000-0x0000000140216000-memory.dmp

                                                            Filesize

                                                            2.1MB

                                                          • memory/5616-195-0x0000000140000000-0x0000000140175000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/5616-452-0x0000000140000000-0x0000000140175000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/5708-526-0x0000000140000000-0x00000001401D7000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5708-459-0x0000000140000000-0x00000001401D7000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5708-207-0x0000000140000000-0x00000001401D7000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5856-380-0x0000000140000000-0x00000001401C2000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5856-734-0x0000000140000000-0x00000001401C2000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5948-404-0x0000000140000000-0x00000001401C0000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5948-385-0x0000000140000000-0x00000001401C0000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                          • memory/5956-533-0x0000000140000000-0x0000000140176000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/5956-222-0x0000000140000000-0x0000000140176000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                          • memory/6024-842-0x0000000140000000-0x00000001401A6000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                          • memory/6024-455-0x0000000140000000-0x00000001401A6000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                          • memory/6032-589-0x0000000140000000-0x00000001401E2000-memory.dmp

                                                            Filesize

                                                            1.9MB

                                                          • memory/6032-360-0x0000000140000000-0x00000001401E2000-memory.dmp

                                                            Filesize

                                                            1.9MB

                                                          • memory/6116-549-0x0000000140000000-0x0000000140169000-memory.dmp

                                                            Filesize

                                                            1.4MB

                                                          • memory/6116-236-0x0000000140000000-0x0000000140169000-memory.dmp

                                                            Filesize

                                                            1.4MB