Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 07:43

General

  • Target

    2024-06-01_a6e1eec4372ad80d154d7970915d0210_ryuk.exe

  • Size

    5.5MB

  • MD5

    a6e1eec4372ad80d154d7970915d0210

  • SHA1

    6bf8a399a6163b967305df9ad755a63a50cb046c

  • SHA256

    e40fce63c8f44326e3cc990a35055c970a1607416da62413c951b7f3b897dfea

  • SHA512

    a9698b79b5c493aaba670b354da9fb6422ebe7490b92101cfa60dd88e12842901d925b358774dca51fe19a0d5e514608c8903d6ec252c15cecc46ae39f04bee4

  • SSDEEP

    49152:hEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfL:FAI5pAdVJn9tbnR1VgBVmdnlS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_a6e1eec4372ad80d154d7970915d0210_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_a6e1eec4372ad80d154d7970915d0210_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3256
    • C:\Users\Admin\AppData\Local\Temp\2024-06-01_a6e1eec4372ad80d154d7970915d0210_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-06-01_a6e1eec4372ad80d154d7970915d0210_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2ec,0x2f0,0x2fc,0x2f8,0x300,0x140462458,0x140462468,0x140462478
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2152
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce9709758,0x7ffce9709768,0x7ffce9709778
        3⤵
          PID:2432
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:2
          3⤵
            PID:3688
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
            3⤵
              PID:4344
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
              3⤵
                PID:3484
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:1
                3⤵
                  PID:4564
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:1
                  3⤵
                    PID:5012
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                    3⤵
                      PID:4624
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                      3⤵
                        PID:4312
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4876 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:1
                        3⤵
                          PID:3952
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                          3⤵
                            PID:4244
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                            3⤵
                              PID:5220
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                              3⤵
                                PID:5300
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                                3⤵
                                  PID:5612
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4596 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                                  3⤵
                                    PID:2196
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                                    3⤵
                                      PID:5548
                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff692487688,0x7ff692487698,0x7ff6924876a8
                                        4⤵
                                          PID:5556
                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                          4⤵
                                            PID:5868
                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff692487688,0x7ff692487698,0x7ff6924876a8
                                              5⤵
                                                PID:5416
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                                            3⤵
                                              PID:5956
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                                              3⤵
                                                PID:5280
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5132 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                                                3⤵
                                                  PID:5788
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:8
                                                  3⤵
                                                    PID:5512
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1880 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:1
                                                    3⤵
                                                      PID:6792
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 --field-trial-handle=1920,i,16968180085737949422,10480723609641280490,131072 /prefetch:2
                                                      3⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:876
                                                • C:\Windows\System32\alg.exe
                                                  C:\Windows\System32\alg.exe
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Drops file in System32 directory
                                                  • Drops file in Program Files directory
                                                  • Drops file in Windows directory
                                                  PID:4352
                                                • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                                                  C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:1988
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                                  1⤵
                                                    PID:1380
                                                  • C:\Windows\system32\fxssvc.exe
                                                    C:\Windows\system32\fxssvc.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1112
                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:844
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:3636
                                                  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:4760
                                                  • C:\Windows\System32\msdtc.exe
                                                    C:\Windows\System32\msdtc.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    PID:2952
                                                  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                                                    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:1268
                                                  • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                    C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:4432
                                                  • C:\Windows\SysWow64\perfhost.exe
                                                    C:\Windows\SysWow64\perfhost.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:1140
                                                  • C:\Windows\system32\locator.exe
                                                    C:\Windows\system32\locator.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:5476
                                                  • C:\Windows\System32\SensorDataService.exe
                                                    C:\Windows\System32\SensorDataService.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks SCSI registry key(s)
                                                    PID:5564
                                                  • C:\Windows\System32\snmptrap.exe
                                                    C:\Windows\System32\snmptrap.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:5668
                                                  • C:\Windows\system32\spectrum.exe
                                                    C:\Windows\system32\spectrum.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks SCSI registry key(s)
                                                    PID:5768
                                                  • C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                    C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    PID:5912
                                                  • C:\Windows\system32\TieringEngineService.exe
                                                    C:\Windows\system32\TieringEngineService.exe
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks processor information in registry
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:6060
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                                                    1⤵
                                                      PID:1384
                                                    • C:\Windows\system32\AgentService.exe
                                                      C:\Windows\system32\AgentService.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5156
                                                    • C:\Windows\System32\vds.exe
                                                      C:\Windows\System32\vds.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:5464
                                                    • C:\Windows\system32\vssvc.exe
                                                      C:\Windows\system32\vssvc.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5620
                                                    • C:\Windows\system32\wbengine.exe
                                                      "C:\Windows\system32\wbengine.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5344
                                                    • C:\Windows\system32\wbem\WmiApSrv.exe
                                                      C:\Windows\system32\wbem\WmiApSrv.exe
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:5756
                                                    • C:\Windows\system32\SearchIndexer.exe
                                                      C:\Windows\system32\SearchIndexer.exe /Embedding
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5156
                                                      • C:\Windows\system32\SearchProtocolHost.exe
                                                        "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                                        2⤵
                                                        • Modifies data under HKEY_USERS
                                                        PID:5788
                                                      • C:\Windows\system32\SearchFilterHost.exe
                                                        "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                                                        2⤵
                                                        • Modifies data under HKEY_USERS
                                                        PID:5704
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3592 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                                                      1⤵
                                                        PID:3052

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

                                                        Filesize

                                                        2.2MB

                                                        MD5

                                                        924a1ad93343e09c7b60b14a10151e8d

                                                        SHA1

                                                        08abb1f60db26a763adf91ae415be01d09610162

                                                        SHA256

                                                        b91d6bdeb68502af990d14f08c0689e166621eb994cf4fa3058d7c52d560d997

                                                        SHA512

                                                        c21920b306540192ae7a81cbeb59ff844da71d8d814520976b5517427d0183ad1fe5ab530fe077eacd873f625b8da0b92785941ca6842844f8db3d717f70dd1b

                                                      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                        Filesize

                                                        781KB

                                                        MD5

                                                        7a8c72b9b147ad3f2a052c55a10a64c1

                                                        SHA1

                                                        caad8d4d6b7c6c2f5501d52e095be8c380db154e

                                                        SHA256

                                                        723109e1c41f89e12666abd0145b39f594e146be5835d23ba0fe8f5d5d12ec28

                                                        SHA512

                                                        703bfeb11ff523d2a3156665f2cc9a2960a52cfb5bbf61d5aedc60091403f277963737a6fcc4aaac9d8014f85eb6c60c854b9e3c9f14cd84e721db72216d5a04

                                                      • C:\Program Files\7-Zip\7z.exe

                                                        Filesize

                                                        1.1MB

                                                        MD5

                                                        1297a58b37dcff28ba18a10916e9c937

                                                        SHA1

                                                        3d6f9e42666e82126f09536fe4eab2f2b06b48c9

                                                        SHA256

                                                        afaae49d426014604293662d95adf7b47ed71143b4c9ea983b3a5d0386f96e80

                                                        SHA512

                                                        cc46649c230691461c80e4bee77b8037b50ee1748d9f5d9eed34e5ba0e4d63b52b25658c2aeefb927fe4aa33a33dc67f1be43bb8e6445660ceeb2bbfab910e7e

                                                      • C:\Program Files\7-Zip\7zFM.exe

                                                        Filesize

                                                        1.5MB

                                                        MD5

                                                        6010465a33ae5442020a7148857da6e2

                                                        SHA1

                                                        c702b859706257b6af343695f191b957ccc01fd8

                                                        SHA256

                                                        458de595432163cb429bf5381ac17a160e517834887ebc486711015fa14e2132

                                                        SHA512

                                                        94ac675593543f9ab4937ca142a284f361fcb1a1da51ee4352ecf297a132af9c816d0c7c52587ea593fb4ea8845c87fafa9e5bc4e940b648a28f203402dd3d8d

                                                      • C:\Program Files\7-Zip\7zG.exe

                                                        Filesize

                                                        1.2MB

                                                        MD5

                                                        e2c5e6201b4f1de49fdd31d0de3c1a41

                                                        SHA1

                                                        7cdad8c7e4d93ab201eaf9f19d46dae8ae3c1616

                                                        SHA256

                                                        d6ee3614f858a19b85777a92118644a84638a77511e29081db094ad7bdb43e97

                                                        SHA512

                                                        9e1d9fe9efc04a9616759ced7a1b114c94c4898af0b02698b1f114d23cf3f2deec1c603307add9e90254c0c0c4ec49ef640ba3ca011ae4f97d75babedad1d9d4

                                                      • C:\Program Files\7-Zip\Uninstall.exe

                                                        Filesize

                                                        582KB

                                                        MD5

                                                        8ce7ce155a58c0556e6115677f6a2ab2

                                                        SHA1

                                                        55cacd1dd888c1eba1f86e49e4c2220fcc2857e0

                                                        SHA256

                                                        68e0b6970d12d3361bf9e4bd9f25686ba4fd5f880b48dcab93dbfb6b42995174

                                                        SHA512

                                                        18783416666fb9683cc47e2b22d349365c73ac3f1ce7853d4f394c4601e74930034dc418e5214d13c1cb26ecc86a9264834e2498909cb5c4e0e645586d9b1a68

                                                      • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                        Filesize

                                                        840KB

                                                        MD5

                                                        559a8cc9b7c667dcb7c080d8e5ae26ca

                                                        SHA1

                                                        6452704a17e0d090156dd4b2174f95e03b064e15

                                                        SHA256

                                                        481b1e915c72cdf98d43a8c90c930d47df97f834ab66a92c889e9ef8c76c789c

                                                        SHA512

                                                        a58a93a5626a1a8cbcdec0a38240f704f661081498ffeda11f7e56a8d47e9d7852742c7d537eeb36f12caa4101e8df841f4eab8eadfa87edde02e9f7217f3d77

                                                      • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                        Filesize

                                                        4.6MB

                                                        MD5

                                                        1887250118cd5771bf42d0b7ac32c898

                                                        SHA1

                                                        50ea80bbbb0d41349fa558b0e87185a299e26843

                                                        SHA256

                                                        a3ef373a40b67a84299416e9d0ce74421f527ab72fb41033a9c73f21fb56e0fd

                                                        SHA512

                                                        029a752b761cd2fe5211b916e1e5242e8ca672595b99acdbbdce86d61b268bc645ed8b9d06859a0e59b23357ee99611c7ba565dcecb6f4af1580821e650eab25

                                                      • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                        Filesize

                                                        2.7MB

                                                        MD5

                                                        273e7b4067df6ea341d7ce0a2651587f

                                                        SHA1

                                                        eef3b8b24b49685e7475196835e28c2a09c3fb59

                                                        SHA256

                                                        eb99d9872ece11f3e4689b33d7860606253e3b93713c544f9d0f0b6f65c5b7c5

                                                        SHA512

                                                        c9b10f9fe2f37f4c5f77d412ba73bf5d5bb9a0d3af93c7ccbbe7a665252c16c0385bee328c4dcefdcbfd40b492f4c1f60858423950cbc79399a8f9c4c36cf78d

                                                      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

                                                        Filesize

                                                        805KB

                                                        MD5

                                                        327e16c1389f9cbae2bb1e5daf60d1de

                                                        SHA1

                                                        3f9e0cc20977c1ec7da714711db6e9ab6821455d

                                                        SHA256

                                                        08d58d97eccc51a49897b7710889adf42bbf4eaa148d3f764c1fabf8f5e2ca4e

                                                        SHA512

                                                        8a1faa26c5c3eb22b87c9a8483b25b0c485672481d479b6f487e31b1dca13e2524a02422a072b771927dbe0d0b090b49c7809fba75700786d24477d7d914ecf7

                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

                                                        Filesize

                                                        2.1MB

                                                        MD5

                                                        77c56d52c2925375721bf3ce9bbed5d5

                                                        SHA1

                                                        e63e3a2f520b22d68968f5bdf921a944635cb1cd

                                                        SHA256

                                                        6669886c9f02c3446abccc650ce4aff0cfeb3151e5aaa0fdc07b3cbbd98d35ce

                                                        SHA512

                                                        7ab05a9d4767661be68a91639c4d98e77ce0f7cd8fc6ad47d7fd0c89364922c194b969b047f8068b927903ac73732c46185a1a6c3f9c8759e9352c83325c4179

                                                      • C:\Program Files\Google\Chrome\Application\SetupMetrics\3be94009-04c7-4d4d-b9c0-ddb4058ff3bc.tmp

                                                        Filesize

                                                        488B

                                                        MD5

                                                        6d971ce11af4a6a93a4311841da1a178

                                                        SHA1

                                                        cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                        SHA256

                                                        338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                        SHA512

                                                        c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                      • C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                        Filesize

                                                        1.5MB

                                                        MD5

                                                        512bcb8e76969074775291ddc33541a8

                                                        SHA1

                                                        34fe101d6be2981428158213e271c7cc05e838cf

                                                        SHA256

                                                        ce00a8b096edff08d5d7aaeff056542d17fcc7077930e70343b519679e4b3c65

                                                        SHA512

                                                        b12fea26d7bc8737df8345fa33ff684895717e3efde5d2cfba0e411000dd2904d687e2de5126213d5ed1752892ff69cc54123e2a41417a98497b86fdd466bc7c

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        40B

                                                        MD5

                                                        85cfc13b6779a099d53221876df3b9e0

                                                        SHA1

                                                        08becf601c986c2e9f979f9143bbbcb7b48540ed

                                                        SHA256

                                                        bd34434d117b9572216229cb2ab703b5e98d588f5f6dfe072188bd3d6b3022f3

                                                        SHA512

                                                        b248162930702450893a112987e96ea70569ac35e14ef5eb6973238e426428272d1c930ce30552f19dd2d8d7754dc1f7f667ecd18f2c857b165b7873f4c03a48

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

                                                        Filesize

                                                        851B

                                                        MD5

                                                        07ffbe5f24ca348723ff8c6c488abfb8

                                                        SHA1

                                                        6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                        SHA256

                                                        6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                        SHA512

                                                        7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

                                                        Filesize

                                                        854B

                                                        MD5

                                                        4ec1df2da46182103d2ffc3b92d20ca5

                                                        SHA1

                                                        fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                        SHA256

                                                        6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                        SHA512

                                                        939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                                        Filesize

                                                        193KB

                                                        MD5

                                                        ef36a84ad2bc23f79d171c604b56de29

                                                        SHA1

                                                        38d6569cd30d096140e752db5d98d53cf304a8fc

                                                        SHA256

                                                        e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                                                        SHA512

                                                        dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        46295cac801e5d4857d09837238a6394

                                                        SHA1

                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                        SHA256

                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                        SHA512

                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1e3dd185-ee5a-4b1a-8427-ea6a7a9f4d19.tmp

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        cc6bf671f74491a137953dbeebc305c3

                                                        SHA1

                                                        3a836bd65a4501a317d477809c0f947629cf0bc3

                                                        SHA256

                                                        99a04a9589f361bd76a3c1a1f15608eded41decaa617b1249b08ee7ae3037ff2

                                                        SHA512

                                                        a334d9d274c27505936916e9db4ef027a8d7ba1c5b5139918835439811d7840e5ba2f91ee6175b32ada4cd26c5c0b98fafc02bb3145f264f3071d692eef2aaf3

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        97aa78ce7d1df6c9d13511c816061894

                                                        SHA1

                                                        04eb4b18e4e2c6f02e46466246b88335164eafc9

                                                        SHA256

                                                        6059d94eb5c3c64e57dbf56691f92fc12bec6365c3ba535f0ab807759c61d471

                                                        SHA512

                                                        d28e652f8778f4f114d863224d69129def010ffa3976c57a83b3df093fad7918a9ae87fd0cebdc21a4409950200a8e879bd4f69ce155eee579e2494f016b14d7

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        369B

                                                        MD5

                                                        ebea724c473673d7e864c55bf2f1c5b0

                                                        SHA1

                                                        fab5832618da66d926a7ba52c9bd49c1140dd188

                                                        SHA256

                                                        de2d9c227742d6d35ff58ef11da1d41ab8571aa3763bf8727e9afa4c72a421e7

                                                        SHA512

                                                        4b0bc9208e5364913801e648e52031dc66f89a93e3d91170fb69b716c7b91635a0cd689c89f22fb245b7485ab828868117e2b23a0442fac0d8efa674681b8b33

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        f46c88241b305ed00956189fbd59a091

                                                        SHA1

                                                        5874403a7bd9f3dd331c25319c498217a22503d4

                                                        SHA256

                                                        8aca0ee9972ad9da5a2d94330840b7e3728228fd5ed7a2af9ad46683c3725f8d

                                                        SHA512

                                                        1a6e1327227c5c4aed3a75d977838eaaa268812d5abb9aad483c04b8b8e393f7faf34b199e1b3a34d4069085b82646db646ea82a0c468acf65aae84f16b140c2

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        4KB

                                                        MD5

                                                        2bf157f2b0bb3f22f8489491532c41cf

                                                        SHA1

                                                        008d11d00c73b4d68b22311cf2cec298d36e17fe

                                                        SHA256

                                                        46dcde213849e0d5af51f7beac29e479491fdfc9dfed634efb7efad39b1912d1

                                                        SHA512

                                                        18986c8a1b4b9a253c96391ed29b047f5db051b30981982867cd1bdea0434d3ffa3af9f6755f6a9ba77188a86d96cdcdf56bb6b629700c9c9b79161561954170

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        4KB

                                                        MD5

                                                        91ab6f7b0a8a1eb5bb96e478724b87f3

                                                        SHA1

                                                        934cfdd896b9cfd33abf1338ab6a0f527e506940

                                                        SHA256

                                                        9b58381eb7e0c23ae01417ff8626888fb3648a1175cce349b40cfd8a993a85e0

                                                        SHA512

                                                        eff2bb4a5763654ca5440ee7316694c8e4ffc00e7ea1439785a3f0ca157d454d594bf6c81b0e8c146cd8aff48ca3f081c7d3c8801f02291ceedf1a94633ba637

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        4KB

                                                        MD5

                                                        3093d667315ad9380d7efedfcb11c876

                                                        SHA1

                                                        609d7b31f171924afe612d9bd0f4116e8d451211

                                                        SHA256

                                                        b337358fc348829a3580cf66c6ba1458ee5111101d4a69129e79a3b5b9441927

                                                        SHA512

                                                        f7b1aa69c39d4d456ff56678cab9b012fbab93d9186e70638917ba4e3bc6886bc514f72a635b968d4423b9a7e7a21071fea5d7fb3d7b9aff84def2059f3cc53f

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe582f97.TMP

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        04695aadffdaf28b5be826d27d48721a

                                                        SHA1

                                                        ce79df7c80926a86b0e1a922a05bcab16c7620c4

                                                        SHA256

                                                        0bc76b0a74faa8d4d25cfa28127c42750e86004af7a10d590e07a33a89726b51

                                                        SHA512

                                                        aa3438c4a09ea9c0c52dccb6cba636ac99c11b47a5b78317869823d6c39bfdfa304f40e67867b8ca9c4269efaba12431ae59a1d54c671f38acb9e4fe3d23da54

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                        Filesize

                                                        10KB

                                                        MD5

                                                        27d3bcbfb8e7dc1206f54050bb3a66b8

                                                        SHA1

                                                        a024e440903dd253308bdd33b4f75e60f0747624

                                                        SHA256

                                                        8be2b74204b69bbb6cd4f69954cbba27ac128fea7b8a92875cb9b1c1b5952ee0

                                                        SHA512

                                                        25ba09d3822abf6e4df338aa1e872dd06468a4209d9682345d4827244bfe0188d315b625e42778eae0bea244cd34e3d1a489b4ab3d48faaa85a87542eeb5da74

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                        Filesize

                                                        13KB

                                                        MD5

                                                        38991f5d56a8bfeef3e7f0fead91a9ca

                                                        SHA1

                                                        56463220c1df0ecccfe3070986922c66bfb8427d

                                                        SHA256

                                                        d773ba477fa948bac3ecda9d4d4aad87c9daf183bdbf50818d1fdcd85f8932f3

                                                        SHA512

                                                        d65b362a7d1dbb1b704c19e09b0173559b99a69e6ade2a9c7ab62896943ff06014dfcda38123cc27eb02e2d5525c36ae0c6886c6cf7f209bab62a489f08a4748

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        270KB

                                                        MD5

                                                        af91a827e5ec91b049d5409d163b0de5

                                                        SHA1

                                                        30d1379d689527163379a02924973d01f654aaaa

                                                        SHA256

                                                        2bd6c0a0ce93093c8a207bb66069e83234a9363927f1bbc0eb4e65ef4f201c12

                                                        SHA512

                                                        67a26a640e64fdef8db80ebb56a10186ba9f6df4850852f801bc17356440b771e2de5a9831e6b304e41352a3d37b67e16a736af563877e118682556b0fcfa826

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                        Filesize

                                                        2B

                                                        MD5

                                                        99914b932bd37a50b983c5e7c90ae93b

                                                        SHA1

                                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                        SHA256

                                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                        SHA512

                                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                      • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                                        Filesize

                                                        4KB

                                                        MD5

                                                        c354fe5c6d6e7901236f22c6e0e16627

                                                        SHA1

                                                        6063bdd382c281d3b48e7da4f0cf57f8059e68ce

                                                        SHA256

                                                        f52bb3c63b9e063b12f6de91b75dded93ae13c9de4fc6ed439d513a6555d787b

                                                        SHA512

                                                        8f0ec84942ea3a845d09075c866c0c7db0324e4002f3e3f976dae7cc3ed26fd9ee5c1e1bf8e17c37ec4a652836efeece86fb6326d026f9c42d8fb1c76038760a

                                                      • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        ae893430c6018c7c4c717179887bac17

                                                        SHA1

                                                        d7f3c6d5827141e487d5e3f485bed182c937b5b5

                                                        SHA256

                                                        5399d2ffa39331902110cae7516cc2f8ab8e9c943edd327d9d84b6b88cf5c8ce

                                                        SHA512

                                                        038a6402560ede612059d0308c13292252f5cb39d3d452b3a83716371b7ce7cdfc356205366df162972b50a7b58734e4247a43a8dc9823690f843a1236130daf

                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir2720_1970733013\CRX_INSTALL\_locales\en_CA\messages.json

                                                        Filesize

                                                        711B

                                                        MD5

                                                        558659936250e03cc14b60ebf648aa09

                                                        SHA1

                                                        32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                        SHA256

                                                        2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                        SHA512

                                                        1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir2720_1970733013\ac4993be-cd17-4237-84e5-01e55ae7d355.tmp

                                                        Filesize

                                                        88KB

                                                        MD5

                                                        2cc86b681f2cd1d9f095584fd3153a61

                                                        SHA1

                                                        2a0ac7262fb88908a453bc125c5c3fc72b8d490e

                                                        SHA256

                                                        d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

                                                        SHA512

                                                        14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

                                                      • C:\Users\Admin\AppData\Roaming\177d0d41b3e2edcd.bin

                                                        Filesize

                                                        12KB

                                                        MD5

                                                        ff50b226bbbbfe1aad72b65f3d98cd85

                                                        SHA1

                                                        edca1c2a0b437b24f4ea66de4e982f3c60081d7b

                                                        SHA256

                                                        640f8ded763457b89c4794fdaf65c09ed6a1eacaa9e5b60994f9fa6540268aff

                                                        SHA512

                                                        18bfabd5a25863a6f1557e66907088858d8402554bf98810606e0e1bb2e6fb7c05bb8a81f489928ce1735f46bff66f67326b365d76ab93924160e54e0eaf3336

                                                      • C:\Windows\SysWOW64\perfhost.exe

                                                        Filesize

                                                        588KB

                                                        MD5

                                                        333b8155bedaf610e42860925fb4cf28

                                                        SHA1

                                                        04ce3cf7641b9070e3d10bea08b62f014426db3b

                                                        SHA256

                                                        fa6b48531147c3129b8d936b6e5fff721d9573b35a829197a034f6ea8a0c0923

                                                        SHA512

                                                        2214ea68885543de0baff4264a9dc79854b9d04733becd949594b384edea2a2e6a82c66cdbc80f9d7256c90d9a23d1db5b0b85d322ed545be55382b9a01384f9

                                                      • C:\Windows\System32\AgentService.exe

                                                        Filesize

                                                        1.7MB

                                                        MD5

                                                        fe85a878ee774da611e131039db4d397

                                                        SHA1

                                                        10dd1d8123d6506dac551b7be1ab850d2d3d35c4

                                                        SHA256

                                                        f1ca52009de6778d882382846ac9e0612080bac3f8ecc24417eeaf9122922edc

                                                        SHA512

                                                        015ee9a86f72ac2b5af3a7e22c7393ed01e790205274e2ff4e5f4dd87983b35ecebbe2d013924d30c24f14d619f9e25300cb12f4dddfa7dcca7e38ed8fc46da2

                                                      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                        Filesize

                                                        659KB

                                                        MD5

                                                        a5a0962141a0b5a1f2d8828159c54f86

                                                        SHA1

                                                        7c17991f599d88942e57bd445a83f335d77ed033

                                                        SHA256

                                                        93633b66e6e01689090b165395b798a537673d6007311a12d1109e95bd631683

                                                        SHA512

                                                        ceb5e72a60b79521624820565a2c1ed280390c1da69659482c7b1e7cf4e56ac6c0d4d92d7e68180501ab62a4a0dd59e4b2ab2567fb086ef8410846c2ae738d7d

                                                      • C:\Windows\System32\FXSSVC.exe

                                                        Filesize

                                                        1.2MB

                                                        MD5

                                                        6c9d6429a9c72eee9eab17753ff66f42

                                                        SHA1

                                                        0d85dd6da5fdc89c2014137b7f438b8c41d05cc7

                                                        SHA256

                                                        ab8a35192d0da73138d38c235d622a68b362ffefbd178991b0b9366e4d73bcf9

                                                        SHA512

                                                        ddb6ed581cd715c9131ae10ceab96eafb3528a7fcb7db1b8c1726bf0d55a913dc8d5e6250cb255c33d3a5814f557dd4ac8810005b13b826fe468d13356a71f88

                                                      • C:\Windows\System32\Locator.exe

                                                        Filesize

                                                        578KB

                                                        MD5

                                                        0be5a6e0db0a77fbb49ce9beb21f427a

                                                        SHA1

                                                        50dd9772c499eb8ed984f7cb01efaa6d5c04f626

                                                        SHA256

                                                        50a98c44586a2c34f5f291f3eb01c5e0c9ecbc800cd6f7623bd790fe43f1cf0b

                                                        SHA512

                                                        0820eb97a29f0c49ced95fd1ca18efc2ad465a1f15dc35f47db6c248759b3bd1000952e08f317d531b1d753072de05cc9ac957c6148f67a3b8a2832435b9768e

                                                      • C:\Windows\System32\OpenSSH\ssh-agent.exe

                                                        Filesize

                                                        940KB

                                                        MD5

                                                        c4618c11ed5fd9f91cc9518e62740194

                                                        SHA1

                                                        847810441fc135ce7442de501a369b4863676192

                                                        SHA256

                                                        4432c4bff7d8a5472276c1f217130efb88f627d951c92ba0be20fa8840218c1d

                                                        SHA512

                                                        5c0af64bcc6d85051e5f998b283f0357ace68e3b2f3400d8fe345b2dac47dce0bdd52da9fb3e98194a0a0ae8c3b3a41771a169c587051e9f6ac56e42be8ddfde

                                                      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                                        Filesize

                                                        671KB

                                                        MD5

                                                        90928d035fef4cb9923b3504109776bf

                                                        SHA1

                                                        19b0b460005ebaafe2e21cb45aa442752af64e1a

                                                        SHA256

                                                        a22f7f4d7b481a64eea64afd3b17468e5d90c60cccf1356e503b33443b80e160

                                                        SHA512

                                                        e081a4925a70769f050a6c827e553f0efaadf940c71252fb5876b7136b373c52927a038614e7ea11461b50fe22769de7628cd8b6af284329df1c06dca3ba8f9d

                                                      • C:\Windows\System32\SearchIndexer.exe

                                                        Filesize

                                                        1.4MB

                                                        MD5

                                                        f0d64220155fc7057b89a136f9d85045

                                                        SHA1

                                                        421bcfda76f428624b9ac6460bac7277f496432b

                                                        SHA256

                                                        4cb84ee506a471d6f2cb93dff53d10bc2c26c506a244e585a66440d55649321e

                                                        SHA512

                                                        bd6fcf47c28edc208fbda1ff2ef2838ae572d29a555bf2392cc478cf93320b14b245bc00385cca0bb4f1fad4fc8d314c9a463d2e5417a0c52931016760fd5199

                                                      • C:\Windows\System32\SensorDataService.exe

                                                        Filesize

                                                        1.8MB

                                                        MD5

                                                        6472b077c4361eed994e491c037a8897

                                                        SHA1

                                                        32546f17d27e33f11a392dff262d38eaef437372

                                                        SHA256

                                                        9499ea9aaf9dfd9398095ce3ba49f0e6cf06c6a12185e164e4e57447fe51835e

                                                        SHA512

                                                        d6f508ca46c0158e7d49dab307c9f89f37bc231b8023aa3f99f8fce96454f3cf985f7f317eea5698a79e3848e2654159ee80d08e3f2bbe7436806c8e8c77cf33

                                                      • C:\Windows\System32\Spectrum.exe

                                                        Filesize

                                                        1.4MB

                                                        MD5

                                                        bfdaea53462419371128e1d518d79626

                                                        SHA1

                                                        6286ede3a63f25a65acd4ffef07bae2d773ad893

                                                        SHA256

                                                        0703736bcf82b657504d805c067ccb307d85711b26ad6505478ba9ed3a996507

                                                        SHA512

                                                        d221883e172fd9223402144caadb5772e83c0e6f4b964cd0c5de652997027226e096fdadbf1a1a69e38daaa65ab48fcb677ea0aa2a7a7dad366823f32ef881c6

                                                      • C:\Windows\System32\TieringEngineService.exe

                                                        Filesize

                                                        885KB

                                                        MD5

                                                        26bfe672bc81ac8fb4356099b13c48ed

                                                        SHA1

                                                        a5d29a47a6d123018712185eb64bc2203cb7282a

                                                        SHA256

                                                        c6950ca997b2792117d5a4dceb84c88db724b2f58e9c0f2ea3b0f78bb2ac76a0

                                                        SHA512

                                                        9a9201e226a2361ce9364a396bd4bc9e87a01395294b61c69245da3231159ac667ac96fe3cafa76e6f5d1aa9b9ce08e1e543e2fa896987248b50b0cd52f67d68

                                                      • C:\Windows\System32\VSSVC.exe

                                                        Filesize

                                                        2.0MB

                                                        MD5

                                                        050b0c41371d479253f6e341c540ce05

                                                        SHA1

                                                        e350570a245c77fbb90c32e5d3263fa702fd1228

                                                        SHA256

                                                        79b81ae944332ce2ed716f2a754c61b6d3754d94ada2412d9f6c08d41f5767da

                                                        SHA512

                                                        609e3d539f4d0352f613dd68bb08f0a16b897ca8d242e23d8566f36b9379147c1933670d5db131456204eb0f6a7c2228f47991e06e646e893428d090a0a3fbfd

                                                      • C:\Windows\System32\alg.exe

                                                        Filesize

                                                        661KB

                                                        MD5

                                                        ef34cf57a62d2a4585bbe2a377dc903f

                                                        SHA1

                                                        f342260ad44fcccad0b9cbc1dc780872cd7a828f

                                                        SHA256

                                                        96b6e5d4d3700b232cf03271a218c409d5746486728c3e40507d3540b127b419

                                                        SHA512

                                                        a91bb4283343a2e68ac0be736537339ab1f7509455ecb1d90803b6e6373ce3b06645aedcd885a2ad7e653d6b8cc1acea32db37d5438e72794f23fcc1c12b264d

                                                      • C:\Windows\System32\msdtc.exe

                                                        Filesize

                                                        712KB

                                                        MD5

                                                        9e5f491f0d65686cdfa815c8a7caf2cd

                                                        SHA1

                                                        ed8478eafdb38425a5acb02b2a4a0f1f275d36de

                                                        SHA256

                                                        f3fe5016fc9d4930310fea0e4a90ba37e67ef50986b5e785e548d2fb2f067660

                                                        SHA512

                                                        f3edc812e8fc2acd974500ce34fdb4575e4a1b2c2029c12821132c5379b46cc5d86c657631ec18d6f23daf276573351654d8806850c73855b63e754e54a43e11

                                                      • C:\Windows\System32\snmptrap.exe

                                                        Filesize

                                                        584KB

                                                        MD5

                                                        2c03de2c63d54434b312aa4cad8c3555

                                                        SHA1

                                                        b651057745456a239ddee5a19ab10c9d9310e229

                                                        SHA256

                                                        8e3f60b33425d9e06b893f78d090ac8a116408e63a260cbea0b3691a2aff0b10

                                                        SHA512

                                                        74a4afb7e64f976c6e48754fb49726fa5af206e8e2355dd31fcfac222480fa21237b855e56ab8ec1693efd59fe7abf8751446f7efe3f6d70f391b1db7d18c3aa

                                                      • C:\Windows\System32\vds.exe

                                                        Filesize

                                                        1.3MB

                                                        MD5

                                                        a64fa476947e51c81d65a4e03c9c8016

                                                        SHA1

                                                        c8ca971b660f8ddcf2fcc2a6b4f92e71ed9f82cd

                                                        SHA256

                                                        2d7b4194e077591633c4b28c70337e17679a06a26fbed14c49067934c570cbb6

                                                        SHA512

                                                        3aa4a629c78267b217db48478582d086ea891b7fda43b18edca43572c291cc4a1169ef5aa3f053c8d1c2f127782f1d397d44703d43aed3377cdae8debadc8724

                                                      • C:\Windows\System32\wbem\WmiApSrv.exe

                                                        Filesize

                                                        772KB

                                                        MD5

                                                        c713d6661609478baeecd6346d7ccdc4

                                                        SHA1

                                                        5038934ad9238ce2ff6b94182e76335655d60e44

                                                        SHA256

                                                        3f5a7d3fd46a0ee2eb68d43429af5aa45d5559a5a329e686f925995fb0d6ba26

                                                        SHA512

                                                        7ba9b15f869cb4513902faeb715475c43af45b70c6e14b0d77729149b9213f9d74cd393556e4350b9de7160e7badb2b68a2968f336ef440703e6c66a396de610

                                                      • C:\Windows\System32\wbengine.exe

                                                        Filesize

                                                        2.1MB

                                                        MD5

                                                        ae7a65721af25173069fdfd6f7376504

                                                        SHA1

                                                        5017dcc30727862a5bd2e5e09ee8966909835fbc

                                                        SHA256

                                                        181ed3b9e2eb2c2e466e7e4c46b4ecf5fec4b81a9f1df724ce0f99d0de0456fc

                                                        SHA512

                                                        4a587b5ed64ea7851c2acc4a0a7c7d5c3ae81f70a6e4f2a7bf379ee07ff7b78c21213c8f621cdb94ed5ceb1140d5eb615a4ca91353742d9e1fcb4ddde6d57e92

                                                      • C:\Windows\TEMP\Crashpad\settings.dat

                                                        Filesize

                                                        40B

                                                        MD5

                                                        0e1a0df5323f02fa141b11070035f203

                                                        SHA1

                                                        4662c48107aebe02429f78dc0ab4328f88ea9e8f

                                                        SHA256

                                                        169bdddd028372b9c8dc1bbc8bc1a48dce9089467cf7c3b5967ebc20713b1bb7

                                                        SHA512

                                                        5ef418e1f48b459f21f15f8462fceebbe5da2e16ff4cd02a614a6a508c1a9e28527c0d0778840600c85ba60d412de91e754b3aa0173ac4db70460367a2abc6e5

                                                      • C:\Windows\system32\AppVClient.exe

                                                        Filesize

                                                        1.3MB

                                                        MD5

                                                        69e12db29f4f26814405440fb11a08d5

                                                        SHA1

                                                        1d5d424b1a362955aac95fe57272dc3c3e4a2720

                                                        SHA256

                                                        667300e97ebc3b33790aa0f2a7909c0f647a7e2d8a082d96022940e439fc97db

                                                        SHA512

                                                        6951f1186e9ca170c754b7663b4569fde7f801a24afb70c01f0478bbad35fad2ff898f99429953dc7f2ddcdd4a339e1473280a3752567dc9f4584eb3ae7758a6

                                                      • C:\Windows\system32\SgrmBroker.exe

                                                        Filesize

                                                        877KB

                                                        MD5

                                                        455f232b29c9086f30a7c1361d00c437

                                                        SHA1

                                                        b0d814569e1acf22302c4cfcc477c54ca8b0b945

                                                        SHA256

                                                        fa048da304830633a185839b90bd1503f50b90775f11250115e9c82396950e33

                                                        SHA512

                                                        26c1974ed460ec2c5ce2eb16789e1bb7e20becf998c89b30e5f3934542fb9b61d7d54021d6ef3a629eaeb357583b6ceffabe77cc4292f72dbcff6f9a6c84c40e

                                                      • C:\Windows\system32\msiexec.exe

                                                        Filesize

                                                        635KB

                                                        MD5

                                                        bf8f25d7b3a0685a476a114f8dae6a03

                                                        SHA1

                                                        5934d151807b481969b0e36b70debcbae4adc82f

                                                        SHA256

                                                        60cffc0ffd4cc22d559e27d64fb2e9aadf7ebeff67e79cc7bb31a6b037ab9b9d

                                                        SHA512

                                                        542d79c128e4cd31161ee3c98567136eeda1f4b6fa3c8dbe8d3238890fa179448977048c3da51298280470e689f468ffa9cf14496078a2cd549aa8063fb675ea

                                                      • C:\odt\office2016setup.exe

                                                        Filesize

                                                        5.6MB

                                                        MD5

                                                        9a644aaf8230cddebb85ba0920af19f5

                                                        SHA1

                                                        c9fec793ef51d5e0665d74dec3cf797efbc82f02

                                                        SHA256

                                                        3983410320953a2d065a2594e0a325b114161053200095367fe0d95f0b288729

                                                        SHA512

                                                        22624aa1b368b5e47f7335e15ace1a1e87c3faa0afd9e2385b984b396881fd1049f9d6961a5b36a7416884fdf880a0cbe878c453ed6fa3e0ef82d858d6d69a29

                                                      • \??\pipe\crashpad_2720_FFBEMYBLBOFVTRNO

                                                        MD5

                                                        d41d8cd98f00b204e9800998ecf8427e

                                                        SHA1

                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                        SHA256

                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                        SHA512

                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                      • memory/844-126-0x0000000140000000-0x0000000140237000-memory.dmp

                                                        Filesize

                                                        2.2MB

                                                      • memory/844-79-0x0000000000440000-0x00000000004A0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/844-81-0x0000000140000000-0x0000000140237000-memory.dmp

                                                        Filesize

                                                        2.2MB

                                                      • memory/844-73-0x0000000000440000-0x00000000004A0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/1112-59-0x0000000000E70000-0x0000000000ED0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/1112-71-0x0000000140000000-0x0000000140135000-memory.dmp

                                                        Filesize

                                                        1.2MB

                                                      • memory/1112-69-0x0000000000E70000-0x0000000000ED0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/1112-65-0x0000000000E70000-0x0000000000ED0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/1112-58-0x0000000140000000-0x0000000140135000-memory.dmp

                                                        Filesize

                                                        1.2MB

                                                      • memory/1140-173-0x0000000000400000-0x0000000000497000-memory.dmp

                                                        Filesize

                                                        604KB

                                                      • memory/1140-338-0x0000000000400000-0x0000000000497000-memory.dmp

                                                        Filesize

                                                        604KB

                                                      • memory/1268-142-0x0000000140000000-0x00000001400CF000-memory.dmp

                                                        Filesize

                                                        828KB

                                                      • memory/1268-284-0x0000000140000000-0x00000001400CF000-memory.dmp

                                                        Filesize

                                                        828KB

                                                      • memory/1988-53-0x0000000140000000-0x00000001400A9000-memory.dmp

                                                        Filesize

                                                        676KB

                                                      • memory/1988-45-0x00000000006B0000-0x0000000000710000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/1988-54-0x00000000006B0000-0x0000000000710000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/2152-128-0x0000000140000000-0x0000000140592000-memory.dmp

                                                        Filesize

                                                        5.6MB

                                                      • memory/2152-19-0x0000000140000000-0x0000000140592000-memory.dmp

                                                        Filesize

                                                        5.6MB

                                                      • memory/2152-20-0x0000000000820000-0x0000000000880000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/2152-11-0x0000000000820000-0x0000000000880000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/2952-268-0x0000000140000000-0x00000001400B9000-memory.dmp

                                                        Filesize

                                                        740KB

                                                      • memory/2952-129-0x0000000140000000-0x00000001400B9000-memory.dmp

                                                        Filesize

                                                        740KB

                                                      • memory/3256-0-0x00000000020A0000-0x0000000002100000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/3256-39-0x0000000140000000-0x0000000140592000-memory.dmp

                                                        Filesize

                                                        5.6MB

                                                      • memory/3256-32-0x00000000020A0000-0x0000000002100000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/3256-9-0x0000000140000000-0x0000000140592000-memory.dmp

                                                        Filesize

                                                        5.6MB

                                                      • memory/3256-6-0x00000000020A0000-0x0000000002100000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/3636-85-0x0000000000990000-0x00000000009F0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/3636-236-0x0000000140000000-0x0000000140245000-memory.dmp

                                                        Filesize

                                                        2.3MB

                                                      • memory/3636-84-0x0000000140000000-0x0000000140245000-memory.dmp

                                                        Filesize

                                                        2.3MB

                                                      • memory/3636-91-0x0000000000990000-0x00000000009F0000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/4352-23-0x0000000140000000-0x00000001400AA000-memory.dmp

                                                        Filesize

                                                        680KB

                                                      • memory/4352-35-0x0000000000510000-0x0000000000570000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/4352-24-0x0000000000510000-0x0000000000570000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/4352-172-0x0000000140000000-0x00000001400AA000-memory.dmp

                                                        Filesize

                                                        680KB

                                                      • memory/4432-161-0x0000000140000000-0x00000001400AB000-memory.dmp

                                                        Filesize

                                                        684KB

                                                      • memory/4432-297-0x0000000140000000-0x00000001400AB000-memory.dmp

                                                        Filesize

                                                        684KB

                                                      • memory/4760-101-0x0000000000C00000-0x0000000000C60000-memory.dmp

                                                        Filesize

                                                        384KB

                                                      • memory/4760-109-0x0000000140000000-0x00000001400CA000-memory.dmp

                                                        Filesize

                                                        808KB

                                                      • memory/4760-123-0x0000000140000000-0x00000001400CA000-memory.dmp

                                                        Filesize

                                                        808KB

                                                      • memory/5156-269-0x0000000140000000-0x00000001401C0000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                      • memory/5156-283-0x0000000140000000-0x00000001401C0000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                      • memory/5156-368-0x0000000140000000-0x0000000140179000-memory.dmp

                                                        Filesize

                                                        1.5MB

                                                      • memory/5156-995-0x0000000140000000-0x0000000140179000-memory.dmp

                                                        Filesize

                                                        1.5MB

                                                      • memory/5344-849-0x0000000140000000-0x0000000140216000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                      • memory/5344-339-0x0000000140000000-0x0000000140216000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                      • memory/5464-285-0x0000000140000000-0x0000000140147000-memory.dmp

                                                        Filesize

                                                        1.3MB

                                                      • memory/5464-812-0x0000000140000000-0x0000000140147000-memory.dmp

                                                        Filesize

                                                        1.3MB

                                                      • memory/5476-198-0x0000000140000000-0x0000000140095000-memory.dmp

                                                        Filesize

                                                        596KB

                                                      • memory/5476-344-0x0000000140000000-0x0000000140095000-memory.dmp

                                                        Filesize

                                                        596KB

                                                      • memory/5564-209-0x0000000140000000-0x00000001401D7000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                      • memory/5564-367-0x0000000140000000-0x00000001401D7000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                      • memory/5564-582-0x0000000140000000-0x00000001401D7000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                      • memory/5620-815-0x0000000140000000-0x00000001401FC000-memory.dmp

                                                        Filesize

                                                        2.0MB

                                                      • memory/5620-303-0x0000000140000000-0x00000001401FC000-memory.dmp

                                                        Filesize

                                                        2.0MB

                                                      • memory/5668-534-0x0000000140000000-0x0000000140096000-memory.dmp

                                                        Filesize

                                                        600KB

                                                      • memory/5668-213-0x0000000140000000-0x0000000140096000-memory.dmp

                                                        Filesize

                                                        600KB

                                                      • memory/5756-351-0x0000000140000000-0x00000001400C6000-memory.dmp

                                                        Filesize

                                                        792KB

                                                      • memory/5756-890-0x0000000140000000-0x00000001400C6000-memory.dmp

                                                        Filesize

                                                        792KB

                                                      • memory/5768-230-0x0000000140000000-0x0000000140169000-memory.dmp

                                                        Filesize

                                                        1.4MB

                                                      • memory/5768-585-0x0000000140000000-0x0000000140169000-memory.dmp

                                                        Filesize

                                                        1.4MB

                                                      • memory/5912-609-0x0000000140000000-0x0000000140102000-memory.dmp

                                                        Filesize

                                                        1.0MB

                                                      • memory/5912-237-0x0000000140000000-0x0000000140102000-memory.dmp

                                                        Filesize

                                                        1.0MB

                                                      • memory/6060-253-0x0000000140000000-0x00000001400E2000-memory.dmp

                                                        Filesize

                                                        904KB

                                                      • memory/6060-655-0x0000000140000000-0x00000001400E2000-memory.dmp

                                                        Filesize

                                                        904KB