Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 17:55

General

  • Target

    2024-06-11_627b97044c2d938652e0891dde8c45a8_ryuk.exe

  • Size

    5.5MB

  • MD5

    627b97044c2d938652e0891dde8c45a8

  • SHA1

    f2b8f16dbc0dd9c17e51e8f4c002ae139f1009dd

  • SHA256

    cde84805039c39317f95456dd499efc8a50f35518914126bf0a1898310402acf

  • SHA512

    267ec5dfd4118613211bd6b2367658d150f2caebb1f316c2282e4c26f89ad8152ec8313044dea15285987cda15f0f9049555c4db7e086f48d998c95e8b6ed76e

  • SSDEEP

    49152:YEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGf+:2AI5pAdVJn9tbnR1VgBVmodt6N3u5H

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 26 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 26 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_627b97044c2d938652e0891dde8c45a8_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_627b97044c2d938652e0891dde8c45a8_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\2024-06-11_627b97044c2d938652e0891dde8c45a8_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-06-11_627b97044c2d938652e0891dde8c45a8_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a0,0x2d8,0x140462458,0x140462468,0x140462478
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2676
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e45ab58,0x7ffe7e45ab68,0x7ffe7e45ab78
        3⤵
          PID:4988
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:2
          3⤵
            PID:728
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
            3⤵
              PID:4028
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
              3⤵
                PID:4772
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:1
                3⤵
                  PID:4368
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:1
                  3⤵
                    PID:2284
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:1
                    3⤵
                      PID:2948
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
                      3⤵
                        PID:4148
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
                        3⤵
                          PID:3140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
                          3⤵
                            PID:1932
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
                            3⤵
                              PID:4044
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                              3⤵
                              • Executes dropped EXE
                              PID:4452
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae68
                                4⤵
                                • Executes dropped EXE
                                PID:4428
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                4⤵
                                • Executes dropped EXE
                                • Modifies registry class
                                • Suspicious use of FindShellTrayWindow
                                PID:1752
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x14044ae48,0x14044ae58,0x14044ae68
                                  5⤵
                                  • Executes dropped EXE
                                  PID:3900
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:8
                              3⤵
                                PID:4076
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1924,i,9345017235050521608,9222843744245363014,131072 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5728
                          • C:\Windows\System32\alg.exe
                            C:\Windows\System32\alg.exe
                            1⤵
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2436
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:1096
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:4256
                          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                            "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:228
                          • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                            "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                            1⤵
                            • Executes dropped EXE
                            PID:3708
                          • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                            C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                            1⤵
                            • Executes dropped EXE
                            PID:2076
                          • C:\Windows\System32\svchost.exe
                            C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                            1⤵
                              PID:3704
                            • C:\Windows\system32\fxssvc.exe
                              C:\Windows\system32\fxssvc.exe
                              1⤵
                              • Executes dropped EXE
                              • Modifies data under HKEY_USERS
                              PID:3180
                            • C:\Windows\System32\msdtc.exe
                              C:\Windows\System32\msdtc.exe
                              1⤵
                              • Executes dropped EXE
                              • Drops file in System32 directory
                              • Drops file in Windows directory
                              PID:4100
                            • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                              C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                              1⤵
                              • Executes dropped EXE
                              PID:1116
                            • C:\Windows\SysWow64\perfhost.exe
                              C:\Windows\SysWow64\perfhost.exe
                              1⤵
                              • Executes dropped EXE
                              PID:4156
                            • C:\Windows\system32\locator.exe
                              C:\Windows\system32\locator.exe
                              1⤵
                              • Executes dropped EXE
                              PID:1748
                            • C:\Windows\System32\SensorDataService.exe
                              C:\Windows\System32\SensorDataService.exe
                              1⤵
                              • Executes dropped EXE
                              • Checks SCSI registry key(s)
                              PID:1820
                            • C:\Windows\System32\snmptrap.exe
                              C:\Windows\System32\snmptrap.exe
                              1⤵
                              • Executes dropped EXE
                              PID:4336
                            • C:\Windows\system32\spectrum.exe
                              C:\Windows\system32\spectrum.exe
                              1⤵
                              • Executes dropped EXE
                              • Checks SCSI registry key(s)
                              PID:3960
                            • C:\Windows\System32\OpenSSH\ssh-agent.exe
                              C:\Windows\System32\OpenSSH\ssh-agent.exe
                              1⤵
                              • Executes dropped EXE
                              PID:1128
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                              1⤵
                                PID:5116
                              • C:\Windows\system32\TieringEngineService.exe
                                C:\Windows\system32\TieringEngineService.exe
                                1⤵
                                • Executes dropped EXE
                                • Checks processor information in registry
                                PID:2868
                              • C:\Windows\system32\AgentService.exe
                                C:\Windows\system32\AgentService.exe
                                1⤵
                                • Executes dropped EXE
                                PID:4068
                              • C:\Windows\System32\vds.exe
                                C:\Windows\System32\vds.exe
                                1⤵
                                • Executes dropped EXE
                                PID:4176
                              • C:\Windows\system32\vssvc.exe
                                C:\Windows\system32\vssvc.exe
                                1⤵
                                • Executes dropped EXE
                                PID:1044
                              • C:\Windows\system32\wbengine.exe
                                "C:\Windows\system32\wbengine.exe"
                                1⤵
                                • Executes dropped EXE
                                PID:2112
                              • C:\Windows\system32\wbem\WmiApSrv.exe
                                C:\Windows\system32\wbem\WmiApSrv.exe
                                1⤵
                                • Executes dropped EXE
                                PID:416
                              • C:\Windows\system32\SearchIndexer.exe
                                C:\Windows\system32\SearchIndexer.exe /Embedding
                                1⤵
                                • Executes dropped EXE
                                PID:4588
                                • C:\Windows\system32\SearchProtocolHost.exe
                                  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                  2⤵
                                  • Modifies data under HKEY_USERS
                                  PID:5452
                                • C:\Windows\system32\SearchFilterHost.exe
                                  "C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 896
                                  2⤵
                                  • Modifies data under HKEY_USERS
                                  PID:5476

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

                                      Filesize

                                      2.1MB

                                      MD5

                                      fdd2eec231c0fafe8f546f462d32c3d2

                                      SHA1

                                      b630d7bb22fc809fd2f9530566e7a88b8eebe05a

                                      SHA256

                                      ac9e4c2d72feb2965fe23944c6bffb3b5e741743fdb8b788a1e6b17de20a7680

                                      SHA512

                                      2949a151a823deda38ab56f9605346212f4e495b9a245ba89afab1ba4a27fe6e6d00e60ab5e63107909bd92f5f7e02d9ae215521ac0d22027a8e17fd3668e304

                                    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                      Filesize

                                      797KB

                                      MD5

                                      ed4d11fbb123acc40a986b2a118d7dae

                                      SHA1

                                      ab99e62fa9d32353dc4d72f71c85614dc1868a3d

                                      SHA256

                                      f13ecb454646750fc73efb4fad41be98a3d5273404b6d945af67836cccfd11b0

                                      SHA512

                                      60ecf925a3eadfeed4b7c9eb9af047f5781de8a41d93ec05f7b930568febcbbba126094e73c6091927ca5a7a55fe50034452f744ef748df6a0358cc63d39f19a

                                    • C:\Program Files\7-Zip\7z.exe

                                      Filesize

                                      1.1MB

                                      MD5

                                      13de736a0ba1b732f3e13543b5c398e7

                                      SHA1

                                      d150dedf4cb9585580b15e4fd3a8e8f2efbf8d01

                                      SHA256

                                      60b973084a84a1b67de2570b092fbc58de15615abe0799844be3f4c547a8ac46

                                      SHA512

                                      a9112be7d260c2b7279cf2e38851a443b6961a45013e12b778ff426681758d2e37a9165abd8753a43cd31b546bc7f81f4031e2a0ba9c0be1819befea3bebae79

                                    • C:\Program Files\7-Zip\7zFM.exe

                                      Filesize

                                      1.5MB

                                      MD5

                                      b3bbd2c4ac6c0272fe97d332ae2d9e59

                                      SHA1

                                      88503d5083d7da218cc8bab33b338e0e0ce1fa46

                                      SHA256

                                      a0acd8074965a98ce8bb55e6735aa9245b3c06589edbf92997e2e2007ba41401

                                      SHA512

                                      a8a451cd540df86beae4f95c94fc10bd3d3fcf6246530da9ccfa559e50dbe039a53f390c84b2134941861b07b49412c412e1ae596e72e2dfea655e831ceacb39

                                    • C:\Program Files\7-Zip\7zG.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      c10b040ba06d2031b089c0e94caa7d7d

                                      SHA1

                                      4c287267fe79fba96b3a2fe12e116647b2567260

                                      SHA256

                                      8d1441e8bac6e1e818bdf9429d2be682c3ce9d83a2e4067a96419b4726d4e04b

                                      SHA512

                                      1046ab356951ae2291d20581468684cbcbd9b317f5a48168540af6b4c5ff06efdf4d1eecb081808ecef34d4dde502e53f3438278027e672433a0ec40b55a2fee

                                    • C:\Program Files\7-Zip\Uninstall.exe

                                      Filesize

                                      582KB

                                      MD5

                                      244c7929a43e0f91fb2efa724606f2b7

                                      SHA1

                                      055427d71bb4f7bc06a84eeacb3e56508d054623

                                      SHA256

                                      f5bf454dcf5738ac5870ecc92f98fb92f07404c1c64b012085c8d153334c5e61

                                      SHA512

                                      a86f36ec2efacbb588d4ab13384a674ccb0c10fefed6373fea28ed9f6487f425fdf556c0ce35be23910203a1bb94b23a3d8c09cef08268e38bf5642801da4995

                                    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                      Filesize

                                      840KB

                                      MD5

                                      72442dd0b28d9f000877040929288882

                                      SHA1

                                      768bb141e121f3f0e2a695a58fdf7eb0ee090078

                                      SHA256

                                      9a38081928485ea3475df695e1f9f12a81152971de1450130fa92f02f9267b68

                                      SHA512

                                      c2d5383c8984a2444cf6f8962484bac730fd00190ac20fb2f4b8854577747d6c37182b07131f158829714b7b83752f7f5d6e2eac7b7b3fab46227d88c708e281

                                    • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                      Filesize

                                      4.6MB

                                      MD5

                                      c3d125d5b4a0f920904921a30204fc02

                                      SHA1

                                      f26056c0182438d3225b33746b8f20d663616c54

                                      SHA256

                                      20b7785e986195c673e093682e73eb3d62ddbc6ae94621f838fab99f73c960fa

                                      SHA512

                                      aeb38b0958f558f587741da6faa37043c617c58f42f8f621d2e72f9944d24880bc0457664a3784249e335a2a2013e9d78f7b61014d4a83e1c3b358b82ae65220

                                    • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                      Filesize

                                      910KB

                                      MD5

                                      17df8ff5d81d0124c4e50dd2e173b13b

                                      SHA1

                                      bf61db7299b79ed1661e9df5ce5d5a972d8d8501

                                      SHA256

                                      d07d79e9266528a908bbe846ea3a5be00fb94a90e220e89e05e6650b51866c19

                                      SHA512

                                      14b456a69e21300230d8d46ba4c329b94334a9997bfb424f1543359c90267189521132d31b4bc01f2b61bd9b70b18e7efe5f92e6f6207a396414d23d8edf35c3

                                    • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                      Filesize

                                      24.0MB

                                      MD5

                                      145d1c31b9bf1542b2d81d24c3cb096b

                                      SHA1

                                      aaec3a95ddeaf8504d8fbb0c47994af478fc4707

                                      SHA256

                                      8b3d3241851fa85a6c79dafe198ce0f452e1b4c4fe9f816252873578cfd40b9e

                                      SHA512

                                      f7138d0e0b5831b3a18b4239344603b30ad080c12cf094fd8992969f895d379404b64a3d0dd8f11a082432b8742f7917c31b146255012d9b1f3f1090cd91c897

                                    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                      Filesize

                                      2.7MB

                                      MD5

                                      7eaf5dd6eb07db0090d2d0922c4ac736

                                      SHA1

                                      4b23037bfdc91585bca821ddb0ce451c565a1f9e

                                      SHA256

                                      ddc6ebffcb8bec3d708ffb47de8b80f76fd4a6e5c0ddcd4750f7b120ef3ac39d

                                      SHA512

                                      70da4925dc4966331a4a5074ec936f6bcff9ae66c74f678abff47c09031d8e0090e5416d8ab9436eb9ddf45a861997607d6607bbeac34737921d8c2371137550

                                    • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

                                      Filesize

                                      1.1MB

                                      MD5

                                      64be2545a91cf63efbbd29a36dfb77ec

                                      SHA1

                                      68f8841d99a974682a1229d554cf0cf671a4fd9a

                                      SHA256

                                      b0674d52e0e0b96262f35716b34313f06283bcbb269d1ae100c8042e67ee07d0

                                      SHA512

                                      d6c5f5a0fbcdf794e996b0886cf95693e4c244d90a51ce70ee120b2e0999abd95809efe07ce2a5c3afcf42ab5fd936652b141be4c44f3a6fafda6d1c4bd87b17

                                    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

                                      Filesize

                                      805KB

                                      MD5

                                      6eb798b0bdda2258cadfa54017718fd8

                                      SHA1

                                      44412ce9019643ec0b1e4cb4cb8a310426a22c7a

                                      SHA256

                                      be435e5d47294563adb689614eae00bf5d57137078d0d0583c6a8b19a9a6fb20

                                      SHA512

                                      15e3f9fc471f3db47407de6ac37f1109ed9c9e3fd87b056efff95773a715c888829ccb73998bbfb29b528bb3cd77d2df3a1d5094afe78216f327be238a57cda6

                                    • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

                                      Filesize

                                      656KB

                                      MD5

                                      67725e5f8dd63714385f995fa269e5fd

                                      SHA1

                                      ffa40ac2c5f54beb83a188b68a8c78c074e5b5d0

                                      SHA256

                                      7d891998ad63336727aaf45944a96391e8a7ae8e18527819c7d6ef03b5c36783

                                      SHA512

                                      dc4ac5458af83a76952469d616627cb1800fc8c953a3691217f5b6f53a059a224258db77e6d2b4b8dd6000cbf1093c42877ce7f1c53542cae564cbb63afb9fa1

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

                                      Filesize

                                      5.4MB

                                      MD5

                                      5eea9ae844e50581137d6d029c7f833c

                                      SHA1

                                      21532063bc7b0c100dccb809449502e692098092

                                      SHA256

                                      777190eb891dfc726d96b4481b5af5273359a727e44047e4d8983138ff5efeed

                                      SHA512

                                      f15251f6e864152f7f3dfd28efab20d4b1192cc5434c7eebd972ee7453e3fb2224beb24de07c749c6212069ff46952a498cd5a450bcfb752ad7031ef604be616

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

                                      Filesize

                                      5.4MB

                                      MD5

                                      55d779e289d472b1941b789e76289938

                                      SHA1

                                      edd3ef4008b65e565e3f74af2e02456a884b3ae6

                                      SHA256

                                      11c263f90fbc91d0444d06bc46ca1aec19fbe2102f32ce7f4324116661d5f0de

                                      SHA512

                                      d31c36e36b98d97ce27895fba910ee3471711266c5fefca2887bb03715ac0d468d094c86e1553f1060bed0b28dbe54cd852d1bbd2d41a6e0f2c78436fa237e68

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

                                      Filesize

                                      2.0MB

                                      MD5

                                      920f0d616718c469a50b14ec6c6287e9

                                      SHA1

                                      146545205576c2d1f3883e0e9d9e265453038b84

                                      SHA256

                                      7c41a2a695634273a94fb177e237b807cfbf8c2b6a71b9526a1d9fec3e077147

                                      SHA512

                                      f547b2d8d141ebd9099a76527cda2d0eed07432ad1ae191147184d447398d364f786a2a345778da3c1a7a817f456f2b8ec24a2126366d3778db4acdde0378685

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

                                      Filesize

                                      2.2MB

                                      MD5

                                      882e00c22cbb8c6ea41c3cb813c8bd41

                                      SHA1

                                      9cefc5c210c881025c1628a6b71d162b29ad277e

                                      SHA256

                                      9d2818c7900b54b5b391d0b3facdedf0ca461dec1555051996cb0efd3ccc16c5

                                      SHA512

                                      0480c1a234de3fcbb8e136d010a40e6975ad087c7261ebf9c1087c2b566896d46928b3a6d93f0cee4b6a1c4b28a4bfc130b41b1cb556a33e6136f24715179a15

                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

                                      Filesize

                                      1.8MB

                                      MD5

                                      f8d3e343d5f7e2e190e1ee6005692477

                                      SHA1

                                      36d3e102069332f0e8ce1fbae3c6e9b96b9eace7

                                      SHA256

                                      0a75ddc1f40a9a2f6c16746698cb26c7ba0e0f59df2ebaef6df875f212729c9a

                                      SHA512

                                      a180d211ffbd2cc7dc8f13421035b90fdea0b4f4377a2f4d7a0c90261eea9495612c96dd2d771ac9eb306725d24429bc6d995937a747a6acad91d1250430a4c3

                                    • C:\Program Files\Google\Chrome\Application\SetupMetrics\a51518fa-c191-4c1a-b725-c0e32ad6c9c4.tmp

                                      Filesize

                                      488B

                                      MD5

                                      6d971ce11af4a6a93a4311841da1a178

                                      SHA1

                                      cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                      SHA256

                                      338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                      SHA512

                                      c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                    • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                      Filesize

                                      1.7MB

                                      MD5

                                      72a80dbfa0ddc8d19b5735f0a762727f

                                      SHA1

                                      aae36d1aa12e08e2cc0ac8724a9129fa07c7b75f

                                      SHA256

                                      078bb8182e6664e2e12eb8eee4cb85fef18356a2ba21ff64908d23fb0fb755f4

                                      SHA512

                                      eb78ee98368f28a193fcd5ea112654ed188bbc90d5aa5beb37a766ab9b89ffadcda0ef9bf27bf81a86dbb5b110d7d34d2bc76797761a7e8d1fc23415ecfce3a8

                                    • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

                                      Filesize

                                      581KB

                                      MD5

                                      3bc2134a8c09a14d48dc5060036191f8

                                      SHA1

                                      0333f438c32b053fed0a0f642b6c68ad827208aa

                                      SHA256

                                      e3e498a25081df11f73e71afae14373e85afb924d1e9354115809a1f918c675b

                                      SHA512

                                      ff04cca077335aaf4514c74ea09b29eb5366c69b24aac49c03e6c7550ed1e49245f128a14173cb80eaa2cb2f4e3c74cf948ac0e2f0f9e3756e538c40c5ecf65e

                                    • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

                                      Filesize

                                      581KB

                                      MD5

                                      191233a7cca8943806b5666c4146b91e

                                      SHA1

                                      21a084325bfbf429866d8aea3fd23daa029906c4

                                      SHA256

                                      81b3909674495fe6efefce74ebd40cfff4f055b8b37faf9f1cdc7e9a7c44c6e2

                                      SHA512

                                      b3609967b554c779101b9e31b9d286ac13d6948441107c9a032baca4552e4f4be669de281dea82f675b719d8298de87f02bd023483f92d2b469eecc71e458fa9

                                    • C:\Program Files\dotnet\dotnet.exe

                                      Filesize

                                      701KB

                                      MD5

                                      87e193bdcaa196d62e8e5f316f536ffb

                                      SHA1

                                      04d604836874a10665d286f4f8a8fe961e767f0d

                                      SHA256

                                      0cb897c1b600e390f03a1c67c313e6a6fe0924910380b80270cd8ef0a3106113

                                      SHA512

                                      abf2fd877b49e6708f4b82b8bf61b4088f2e741dd0111e63855ab43ed6d61e32db18ba35d49e105bd8ed9eb9653ddec894888e417f3dfdbe6e82a582c77e9b10

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                      Filesize

                                      40B

                                      MD5

                                      6123155f7b8a202460ac1407e231fbf4

                                      SHA1

                                      13121f6000a380f6621bcb8dc7c83f9cd10ab626

                                      SHA256

                                      dc3766fd1d9f14e305d5483a9e886548c3ff3ad2d8497e26a04c6d8c31e7be6c

                                      SHA512

                                      ef2e48a3517f58cf068d2ed9e202ba4d2a54afdccd4937c74b5c84d5c4fd47d9b92ddcf3b842a102b426dccae53ab3bc9e571a5cf27cb315be4dc58bdaad34cf

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                      Filesize

                                      193KB

                                      MD5

                                      ef36a84ad2bc23f79d171c604b56de29

                                      SHA1

                                      38d6569cd30d096140e752db5d98d53cf304a8fc

                                      SHA256

                                      e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                                      SHA512

                                      dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      9a44f42565956879c4a270210451081b

                                      SHA1

                                      9fa304df90d60e919206a86f7ec3cddb85b3c0b9

                                      SHA256

                                      4be806ecb1125cc3a48bc4affbc52993a92618089c0729453d86f391863da6d7

                                      SHA512

                                      e44695edce7540f195f0c8a98e9fc9aac7a7d1b75e5e5fecd243bb90db1596877b5f56f78ce9a1434ffdf4850c605f8d2d5621951d1c696fbd75e767e4fc679c

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      356B

                                      MD5

                                      0794c7fd25654866bf3d8dad0fca8206

                                      SHA1

                                      77bce6e5837e8782fa79baf01e2bfcfc33ee5f28

                                      SHA256

                                      7b3cc0c190562c58256ff42d5a4ba86e2124bd0b042dc652f1a0d5364275cea2

                                      SHA512

                                      c48b74bfae9be68fee5f22b1955635c89cfa9c755bd0aebe3f32453158ddd11000e21b0846492ccd90fd336d8382b3ccceba736f51a1411a3b47a6b6560545d6

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      938c42f63ff3c3f0a1a2ff391b7a4d6d

                                      SHA1

                                      a63e7a18fad5a6eb863399e0deb7dcc4e192c266

                                      SHA256

                                      84c98460a2b32d19fe8e5f57fb9b2d6e2b659f0b65ed0310f6d823fe81fd222d

                                      SHA512

                                      d25ffa2c9407b800e5025e82d40d53659d492eb1e76ea8f9568d323d6f8e6b92b94b9f1966ef470f92f53ebfc9d0bec01d4a148fc8f84c179360e88deefaeff9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe575c1a.TMP

                                      Filesize

                                      2KB

                                      MD5

                                      80c9ece824708be3255fd46fed4fa84b

                                      SHA1

                                      6ab10396c88f4760224c2820d198207c54f01266

                                      SHA256

                                      1f8af8464e8755fd26db7cc2bf44b59934126100a43b00a66da96ef4bac4e336

                                      SHA512

                                      c8e8c5ce9c0607264264ceb4ccddc869543fc5b9d3929ad42904cefd147938d6523ee61e5ed2f6f46fba1e6c92f8b6dc14300f4c6c7cfb295fe3274677d9ae2d

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                      Filesize

                                      16KB

                                      MD5

                                      3e57be18170517415312fb8cb9f16883

                                      SHA1

                                      a8ce102066068e405f6a30020c64e46083cf7d2d

                                      SHA256

                                      4cd0934f16026983720bea98ab2d8957c00437ed1b4921dc5de9540c5b1f38cc

                                      SHA512

                                      d1d752eeb22125b1a25ef30856329d8af2e101066267d112682268d3a5ff34a652370a9fe40c219bf0f9509cf4fd72911308ccc57e572e9fdb47055c04f66a84

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      264KB

                                      MD5

                                      56a300c84a138c53568ee200b3c89b24

                                      SHA1

                                      302dd2bc07f0a646950931eacbd6321bce1299c2

                                      SHA256

                                      b6f1ddc9f628b0f0f9293b9a01d79901c1fb9b5e522d7b8cdc97f3c0fa994c31

                                      SHA512

                                      3f6ce9d9a9e2aa0eafdea38b29aa1495fa9033d74324c58cc879edee17e5dd23d344bf09e3ee69aef5d70304fde994b8776ffc6a429ae2baaa90f82ee9b72242

                                    • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                      Filesize

                                      7KB

                                      MD5

                                      3980f311841eda46aecc7caa7add7ed4

                                      SHA1

                                      bae11b2382fee666b751703e76df2089b521e3bb

                                      SHA256

                                      48bff55d43947042bab2d2bf67f4fdb3ebaeffcbfbe049ee1d2877ba465582da

                                      SHA512

                                      184c8924391d2c01623d4fcdec5aa0c9b59d1e5ebfc1d004ba7736b2f5ae4d4a30757889edbe194db057ac9b3e17a169ec881bef3b7061ca8e582b48e7590491

                                    • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                      Filesize

                                      8KB

                                      MD5

                                      4a30d8ea465618050ddb78cea3cd4db3

                                      SHA1

                                      1c403f7e5db3f57d60915b62ced48e0f0c327d49

                                      SHA256

                                      3f6cf93f5112a0f6bf3806605f87cb4f80307c5cea580e6fac8ef36ea0263088

                                      SHA512

                                      dee6ad7ac28a49f4f0d98c239db877e985b00798cad2f7355806a541043978cc74eaabc6858760aafa7162f851ca90155626cf8e4d274853fdb49eae45117188

                                    • C:\Users\Admin\AppData\Roaming\656821d492be0f3e.bin

                                      Filesize

                                      12KB

                                      MD5

                                      e88615619118f20786d9ce7d0ebf15e0

                                      SHA1

                                      dfacf981e23809bc96d2c63e7e9752681e763b08

                                      SHA256

                                      8a28b844dcdf2eb91c31ec46b65554a4a7c6c75d556b09d2177071bf0aa00336

                                      SHA512

                                      2b5aef3eeaf6c860a49729a8ab705cb0f31fe84578dde7fb6fa68e46dbbd856e9116b38a31099426744979306b4f5c98aaa0f380cf1342081894b9131f32873e

                                    • C:\Windows\SysWOW64\perfhost.exe

                                      Filesize

                                      588KB

                                      MD5

                                      32c39caa621f6e0c57545526d422ee1f

                                      SHA1

                                      5ca27e6716e42c307e56df99c43ce4292c7cf16a

                                      SHA256

                                      2672d27afe1ca57d1feeacfa5c3d671dd51180694dcfb58008d8ac12a7e9e0fa

                                      SHA512

                                      4a5f52bb6d40b30ce2856b453b73bdcb7cf0bb883703deb0c92bbc5274a88b4bc6b94613875e94727aba753834c1cb0762ea1a8061088ac91da08aaf95113298

                                    • C:\Windows\System32\AgentService.exe

                                      Filesize

                                      1.7MB

                                      MD5

                                      df04935f6b862e147923522cbd29ff3e

                                      SHA1

                                      92915591e265a9a1add4ffd28afe301c334edeba

                                      SHA256

                                      7da0bebba5c221776142eb21447392dec3274c8b857b9ec1bfa17cb47b07f8a0

                                      SHA512

                                      42ee35f7e6131cbc407d7ee4dfd1a7c90f0283b1ee2f26354b818f44c1ee16db1cb4c3a96a705ecb6c6f71923a3488ad4f8fd8153b268d4649e0467c4f569cd0

                                    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                      Filesize

                                      659KB

                                      MD5

                                      de975240857635bbc10a708fc50566a3

                                      SHA1

                                      7d3e30d1e9b7ff3a8befd140cbbc55f37bf30ee3

                                      SHA256

                                      7b1cca4f8698eefe5805ea1d0d73f9fcdbe80657a51166396d09e84027084bd6

                                      SHA512

                                      69ffc4469c5ec8f7a5729d8391f6ed0ccf0b5aea9a63b003dbcd153b537a60abe2e32e77de1ba0cd51e46547c30cc40cab6ee4ac25bbfe6c55e8329fbe9af9f9

                                    • C:\Windows\System32\FXSSVC.exe

                                      Filesize

                                      1.2MB

                                      MD5

                                      8fdd796f869358986be7a551cd00236c

                                      SHA1

                                      fe2286cf38dbed62b2c4efa3d07d9cc60f91a832

                                      SHA256

                                      930311c08174c78779233b98288bbb55bde55cafd3b3d740307227fc21ffdbb6

                                      SHA512

                                      9b9587d3477a29936742b90ab10e67f1e7c9dd2562868537259748e00bee2bdf0a78c44993b753dd47a24317aad67389fa0fb2cc72fe6067cf7c7c40f7dcb339

                                    • C:\Windows\System32\Locator.exe

                                      Filesize

                                      578KB

                                      MD5

                                      e12e781512a20e5f08a9abd8de5b50e7

                                      SHA1

                                      384378427b5794f6411f4817dc878ebfe22bf87c

                                      SHA256

                                      bd62332bd69508f72aacd88cc918ed3e8609398ec14d9f686ff2e57592cf2146

                                      SHA512

                                      a3c6f21cd945a991f74b59ff4f2aab4d1ab5b3bb244bb1927f7c0c146abd4a9949d81cf9db30a890ceb4b3707a1cefba330e969bea4bc7b47292dc083c82ccb9

                                    • C:\Windows\System32\OpenSSH\ssh-agent.exe

                                      Filesize

                                      940KB

                                      MD5

                                      e34bf96c8ed2a88fbc498dda81babc1e

                                      SHA1

                                      42f0472885a50798d2249066c81d52f260b8c7c3

                                      SHA256

                                      4c6631d09b6cd6ce75553f0f83e8a9cd072e3afb67a0177ff00a81024c8c25f4

                                      SHA512

                                      9cf7160d1bbf1372e8d428b5d8ef248eb4b3c8f94c84ee850d323e0d3139806b343f9e71ec069be055fa2f310fc8a8f0572eb5301538748281b8ca9621663940

                                    • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                      Filesize

                                      671KB

                                      MD5

                                      1810a4dbe22b833ed3a0d0630c0bb1c2

                                      SHA1

                                      fecfc79fdc5cb45db905d35985629106c5462a1e

                                      SHA256

                                      02aaf542a4cb5e4d864044dd6f22b76af8f2e9db855a7f2a7541f3fd3298c0f0

                                      SHA512

                                      9c9af294dc288521ab591675dfac46880d634c10930cef93cdc6df15f6b40c049dd25f057f0761498936c40b9db20b4e889de82bb37ec68a81ba54a7071357c7

                                    • C:\Windows\System32\SearchIndexer.exe

                                      Filesize

                                      1.4MB

                                      MD5

                                      5b3d14d0bfe62a8375d517214e2b591e

                                      SHA1

                                      5bac00bba01a7afe292220b566eeab138e9bcd74

                                      SHA256

                                      7f903644b74c25722eb370450975d997d61c326fd7cd026a5b156272ad0494f9

                                      SHA512

                                      e026cd724d0f60de0400b6af807fb96937bab5489f5969c26cb1de12747516eb97b187ef54c20e0b39cafa381fdf3e83ec7c4e5e3ea8865c66b7dc7129ff4e71

                                    • C:\Windows\System32\SensorDataService.exe

                                      Filesize

                                      1.8MB

                                      MD5

                                      9ab9419a59cf668b494e30b10c659570

                                      SHA1

                                      2729e23a7003c4e7c4b781ac743848a3f45842d4

                                      SHA256

                                      4a154002f71b54dc994c1fe127806ff4ac39c783e1b0eaaad95d5cda367838bf

                                      SHA512

                                      8b0c3a13f4e3d22f4058defc2c67f0a3817916391021d4070371a60be072de66f158bd90c23ddca8adb44cd2e3780828f2ed620452950e35b40629b89269d2ad

                                    • C:\Windows\System32\Spectrum.exe

                                      Filesize

                                      1.4MB

                                      MD5

                                      84b7d46b00472cca67c6cb674bd31d85

                                      SHA1

                                      c96da1947e66e853a8affd205c2cda9e85d75e94

                                      SHA256

                                      91424296fe8610f402db558ce402fa679da6df67432824cbdabd9bb97076a122

                                      SHA512

                                      377894831bbc11405f76678385022d156155076cc05e2296f2c7f2deeea5f43a7c252436beebb1bae0692d433472b4aa54bb529d8e195dcddcf588366a246d43

                                    • C:\Windows\System32\TieringEngineService.exe

                                      Filesize

                                      885KB

                                      MD5

                                      403784bba5bda1609e61c9200da95c40

                                      SHA1

                                      b980ab04497316b4336332e7257f2b4aa5630624

                                      SHA256

                                      05baca0d561061df5648351f5a4401ae608f112a9448a9bc48d9ed8086e64d35

                                      SHA512

                                      d939744dd36389dae53e28f386308e769ca039725bb3e07efc9d4158e4787dcb061f8420be270817ec257c6bc9f16cbddf379bc35398ba54cd8ed9d99e3adcdb

                                    • C:\Windows\System32\VSSVC.exe

                                      Filesize

                                      2.0MB

                                      MD5

                                      8e5d07b256e5716e402893f4d50b4370

                                      SHA1

                                      632eb60db2ee1694bd428fa0bd98f85eeb297ef1

                                      SHA256

                                      0ee8d4933a3347410d74dd5e4920fbcd5a7ce9611db1657268ca5df3870ed501

                                      SHA512

                                      b21b2ca014eec4822ea73a81c0825a71700f6a571a2ab809389207e236d93096291afe1cb5ab1343c660975b49480f3b66f8284f590d56ebae3f9d7d3f388361

                                    • C:\Windows\System32\alg.exe

                                      Filesize

                                      661KB

                                      MD5

                                      3f29ea6bd7383a11245e2764885d6d65

                                      SHA1

                                      6da26ea3e3567cb5a55691af2810b99c854c8ec4

                                      SHA256

                                      11659b021a428a31ae99a53581d5de26466fb68353555cbb26d94e4766f01711

                                      SHA512

                                      7a2606dcb15d8db3f4f0f6adc148a1c1604045ce32fa4a8522a10148d016fc87c8749b9bdbc8f1e9db336817f25bced4d68091c5da0ae888cbd63454d5059b3a

                                    • C:\Windows\System32\msdtc.exe

                                      Filesize

                                      712KB

                                      MD5

                                      dd31412cf88283cf8b30c287374bd161

                                      SHA1

                                      d0908f3f2268b4ac9a0cc78c66f4c06f9f7d3855

                                      SHA256

                                      e04c3add444d88ced343f12234294a4170f73e71daf496f0994a608cb1d04df9

                                      SHA512

                                      57b02e1839e94f4c97399d42004b0a1257c7e0245ec7f3e1c9d43f9430a0c91434072ebc1c1e053f941726ad8b73f3e7f60a04fd005029f8d0dcf48dfd22c271

                                    • C:\Windows\System32\snmptrap.exe

                                      Filesize

                                      584KB

                                      MD5

                                      e8c3167ab818bb723bada824418440db

                                      SHA1

                                      480001f782c9a9ba17e3ebbd9d6a49226c57d53a

                                      SHA256

                                      f9a0cca133b35f9d067b347c4a91fbcba835ac99a013c76dc7becbf9951e70b6

                                      SHA512

                                      49b6c476b44f67d4c0cf4240d1dff71230d75d6ab812df73bc67d95653be0a1b2eb316beec87fdf9eae382325f3f800c177a99678aa64d2cae190d4033a2312d

                                    • C:\Windows\System32\vds.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      11fab0919a389e2e3fd103b8043d7e18

                                      SHA1

                                      96087d762c14b6e559e3675c2a132dc1178b5411

                                      SHA256

                                      84bf5a8265a8c92573121b73525f25de5332d911a32e5cdcb79fadddc9933eb1

                                      SHA512

                                      29d78ac37d8daf1d5e65bb510f90588b33ec5290b9390c84944d2586c45a3b41687254acb3b6dd2d55dfa6ad501d1f947ee7eabf8060f8bd370ac64dba7a5281

                                    • C:\Windows\System32\wbem\WmiApSrv.exe

                                      Filesize

                                      772KB

                                      MD5

                                      04b41beb952f0a94c416df0db122bfaf

                                      SHA1

                                      b32435b652d3d332b95f8d73f0948e57907d98ff

                                      SHA256

                                      75fa7828b0b7a7672991b6f07ac4051a9dc595e8111b4ff340bb9f7837f205ce

                                      SHA512

                                      7f4feff37891809aa3dfae8ebd66da0b679ce7c848d6f08fd0393d3320390995c8efc3837e81f31bdadb1d71234049626fd22ff81da448d5d12c84499b7af567

                                    • C:\Windows\System32\wbengine.exe

                                      Filesize

                                      2.1MB

                                      MD5

                                      cab565d2b5c6d0a42f255fa055ae64ef

                                      SHA1

                                      ff812e8b8ce0b3ac4bf9ad921301f6773a29e85f

                                      SHA256

                                      c450bcde2e0aa74cb7aae12844e733c3a69655c600dc70f75850a7a7911ddabc

                                      SHA512

                                      06f85e283395e79d7fae4fb15e52627e32759e561092a419630389b1b885f07dfa672ee7d64baf46acacd062837f5680547762cb42941f81bea100680d2bada5

                                    • C:\Windows\TEMP\Crashpad\settings.dat

                                      Filesize

                                      40B

                                      MD5

                                      f8da1e3912337378c0f722f616cf6aaf

                                      SHA1

                                      22482c3e69a3b76d24d4e88d30e345654afd0338

                                      SHA256

                                      342768ee193e599905624366abf160660028ba384d57ae4da8734bc9473b010b

                                      SHA512

                                      b72adac4dc3ef8cd0c1275eaf376da652f8aa271a162aac1a54571f6f93c0e5fe9fec69a9cf380f84fa3ce438f06e3c9c2493a1d422f5d1bf4c46d6962ca9f47

                                    • C:\Windows\system32\AppVClient.exe

                                      Filesize

                                      1.3MB

                                      MD5

                                      ec12663554c7ca0f415bbbd09b016e13

                                      SHA1

                                      fcef4f6cb5e850246d8d7609d2a6c92e4d2c826f

                                      SHA256

                                      9383213bebf51d3830ba2433614176abfab76105b96b1b86d663085bd7b643c0

                                      SHA512

                                      33532aaaa049f3b4b24db1d3a8a88fbcfa136336c5f3175a00bad2bbc2a4288199af1c6ab26144d681dd20a773fdde06da26dce0ac980884f56fa9ecb12f3590

                                    • memory/228-68-0x0000000001690000-0x00000000016F0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/228-81-0x0000000140000000-0x00000001400CF000-memory.dmp

                                      Filesize

                                      828KB

                                    • memory/228-79-0x0000000001690000-0x00000000016F0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/228-75-0x0000000001690000-0x00000000016F0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/228-74-0x0000000140000000-0x00000001400CF000-memory.dmp

                                      Filesize

                                      828KB

                                    • memory/416-603-0x0000000140000000-0x00000001400C6000-memory.dmp

                                      Filesize

                                      792KB

                                    • memory/416-791-0x0000000140000000-0x00000001400C6000-memory.dmp

                                      Filesize

                                      792KB

                                    • memory/1044-789-0x0000000140000000-0x00000001401FC000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/1044-579-0x0000000140000000-0x00000001401FC000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/1096-141-0x0000000000800000-0x0000000000860000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/1096-143-0x0000000140000000-0x000000014024B000-memory.dmp

                                      Filesize

                                      2.3MB

                                    • memory/1096-49-0x0000000000800000-0x0000000000860000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/1096-43-0x0000000000800000-0x0000000000860000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/1096-51-0x0000000140000000-0x000000014024B000-memory.dmp

                                      Filesize

                                      2.3MB

                                    • memory/1116-476-0x0000000140000000-0x00000001400AB000-memory.dmp

                                      Filesize

                                      684KB

                                    • memory/1116-578-0x0000000140000000-0x00000001400AB000-memory.dmp

                                      Filesize

                                      684KB

                                    • memory/1128-782-0x0000000140000000-0x0000000140102000-memory.dmp

                                      Filesize

                                      1.0MB

                                    • memory/1128-537-0x0000000140000000-0x0000000140102000-memory.dmp

                                      Filesize

                                      1.0MB

                                    • memory/1748-602-0x0000000140000000-0x0000000140095000-memory.dmp

                                      Filesize

                                      596KB

                                    • memory/1748-490-0x0000000140000000-0x0000000140095000-memory.dmp

                                      Filesize

                                      596KB

                                    • memory/1752-330-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/1752-354-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/1820-501-0x0000000140000000-0x00000001401D7000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/1820-615-0x0000000140000000-0x00000001401D7000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/1820-781-0x0000000140000000-0x00000001401D7000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/2076-435-0x0000000140000000-0x00000001400A9000-memory.dmp

                                      Filesize

                                      676KB

                                    • memory/2076-540-0x0000000140000000-0x00000001400A9000-memory.dmp

                                      Filesize

                                      676KB

                                    • memory/2112-591-0x0000000140000000-0x0000000140216000-memory.dmp

                                      Filesize

                                      2.1MB

                                    • memory/2112-790-0x0000000140000000-0x0000000140216000-memory.dmp

                                      Filesize

                                      2.1MB

                                    • memory/2436-340-0x0000000140000000-0x00000001400AA000-memory.dmp

                                      Filesize

                                      680KB

                                    • memory/2436-19-0x0000000000530000-0x0000000000590000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2436-31-0x0000000140000000-0x00000001400AA000-memory.dmp

                                      Filesize

                                      680KB

                                    • memory/2436-25-0x0000000000530000-0x0000000000590000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2676-12-0x0000000000440000-0x00000000004A0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2676-30-0x0000000000440000-0x00000000004A0000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2676-29-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/2676-329-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/2868-549-0x0000000140000000-0x00000001400E2000-memory.dmp

                                      Filesize

                                      904KB

                                    • memory/2868-785-0x0000000140000000-0x00000001400E2000-memory.dmp

                                      Filesize

                                      904KB

                                    • memory/2976-8-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/2976-52-0x0000000140000000-0x0000000140592000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/2976-0-0x00000000020A0000-0x0000000002100000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2976-9-0x00000000020A0000-0x0000000002100000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/2976-35-0x00000000020A0000-0x0000000002100000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/3180-461-0x0000000140000000-0x0000000140135000-memory.dmp

                                      Filesize

                                      1.2MB

                                    • memory/3180-446-0x0000000140000000-0x0000000140135000-memory.dmp

                                      Filesize

                                      1.2MB

                                    • memory/3708-89-0x00000000007E0000-0x0000000000840000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/3708-91-0x0000000140000000-0x00000001400CF000-memory.dmp

                                      Filesize

                                      828KB

                                    • memory/3708-83-0x00000000007E0000-0x0000000000840000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/3708-405-0x0000000140000000-0x00000001400CF000-memory.dmp

                                      Filesize

                                      828KB

                                    • memory/3900-341-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/3900-407-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/3960-524-0x0000000140000000-0x0000000140169000-memory.dmp

                                      Filesize

                                      1.4MB

                                    • memory/3960-778-0x0000000140000000-0x0000000140169000-memory.dmp

                                      Filesize

                                      1.4MB

                                    • memory/4068-564-0x0000000140000000-0x00000001401C0000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/4068-552-0x0000000140000000-0x00000001401C0000-memory.dmp

                                      Filesize

                                      1.8MB

                                    • memory/4100-566-0x0000000140000000-0x00000001400B9000-memory.dmp

                                      Filesize

                                      740KB

                                    • memory/4100-458-0x0000000140000000-0x00000001400B9000-memory.dmp

                                      Filesize

                                      740KB

                                    • memory/4156-590-0x0000000000400000-0x0000000000497000-memory.dmp

                                      Filesize

                                      604KB

                                    • memory/4156-487-0x0000000000400000-0x0000000000497000-memory.dmp

                                      Filesize

                                      604KB

                                    • memory/4176-567-0x0000000140000000-0x0000000140147000-memory.dmp

                                      Filesize

                                      1.3MB

                                    • memory/4176-788-0x0000000140000000-0x0000000140147000-memory.dmp

                                      Filesize

                                      1.3MB

                                    • memory/4256-66-0x0000000140000000-0x000000014022B000-memory.dmp

                                      Filesize

                                      2.2MB

                                    • memory/4256-393-0x0000000140000000-0x000000014022B000-memory.dmp

                                      Filesize

                                      2.2MB

                                    • memory/4256-63-0x00000000001A0000-0x0000000000200000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4256-57-0x00000000001A0000-0x0000000000200000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4336-713-0x0000000140000000-0x0000000140096000-memory.dmp

                                      Filesize

                                      600KB

                                    • memory/4336-513-0x0000000140000000-0x0000000140096000-memory.dmp

                                      Filesize

                                      600KB

                                    • memory/4428-406-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/4428-315-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/4452-305-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/4452-367-0x0000000140000000-0x000000014057B000-memory.dmp

                                      Filesize

                                      5.5MB

                                    • memory/4452-295-0x0000000001FA0000-0x0000000002000000-memory.dmp

                                      Filesize

                                      384KB

                                    • memory/4588-624-0x0000000140000000-0x0000000140179000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/4588-794-0x0000000140000000-0x0000000140179000-memory.dmp

                                      Filesize

                                      1.5MB