Analysis Overview
SHA256
93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7
Threat Level: Known bad
The file 93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Azov
Renames multiple (8234) files with added filename extension
Renames multiple (8237) files with added filename extension
Drops startup file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-22 11:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 11:15
Reported
2024-06-22 11:17
Platform
win7-20240508-en
Max time kernel
140s
Max time network
122s
Command Line
Signatures
Azov
Renames multiple (8237) files with added filename extension
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"
Network
Files
memory/2980-2-0x0000000001B50000-0x0000000001B54000-memory.dmp
memory/2980-1-0x0000000001B40000-0x0000000001B45000-memory.dmp
memory/2980-0-0x00000000003E0000-0x00000000003E7000-memory.dmp
memory/2980-4-0x0000000001B50000-0x0000000001B54000-memory.dmp
memory/2980-6-0x000000013FF10000-0x000000014000A000-memory.dmp
memory/2980-11-0x0000000001B40000-0x0000000001B45000-memory.dmp
memory/2980-7-0x0000000001B40000-0x0000000001B45000-memory.dmp
memory/2980-13-0x0000000001B40000-0x0000000001B45000-memory.dmp
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
| MD5 | 78ede93114e65f9160fd03d3357c56e6 |
| SHA1 | 88d531b101e57655f1d0d26c6b3257aa2468d460 |
| SHA256 | c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5 |
| SHA512 | 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF
| MD5 | 33ca78a611c8c2462231235b57d24f15 |
| SHA1 | b896a03ba269a2cd4c867eae907b5dc614767933 |
| SHA256 | 271f199395c9ca65f65b24be22e485d73651f2daa0a4aff7e6c009c8bd4c2023 |
| SHA512 | fdfb38d3039981fb02ddb3fddf8ae4222f0f8daf6635c870607da021e5d0999d1215efdc26ef9592d26764ed7c1c707817a519428e8f95ddb4a0fe26a9491299 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF
| MD5 | 677084e88eb3c16683d5ecd89d2bf6d4 |
| SHA1 | c0bfed1dedee03ea2e9c8306824c6050e788490e |
| SHA256 | ebfc17100a95d2743fb246fe31bb1719d4b5c4926bd5ddc48b50f203e6165531 |
| SHA512 | 14feb6365a12f7fbb0382ce53620ef72d36e4e7c9a4ce32de93b0b18aabf1d23c187f58fe079ac5d247baae4f029d81ff1cd1dc2831aaed01b13b6b49f2fe60e |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF
| MD5 | e4fd4a9ed2a059dfc83e62ce18852244 |
| SHA1 | b0ee6c0036fc8c0d87157b93625162fa03107c37 |
| SHA256 | 5358480da7921ffa3f636d8d7f6cc0123f9d3093d2a242459f8be9a2b3458e72 |
| SHA512 | ce73f2b2808164c44675116298a35f87d5178312ab785285648ed385953d26609f8bd725aedb02f7972e04ef6624fa61a8c3465fc1a4bc783cd687787227bf0b |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF
| MD5 | 6f3fadd699662304dfc9683c42caf878 |
| SHA1 | dd6f2f702a498966880213517011206efd22437f |
| SHA256 | a4f9c184579f7e86c580c3f2698cd2034327330002855d73d8e9498222a1f90b |
| SHA512 | 008c00e9eba1baf73a0a3ce6d2df24676be9b673d55b8d68ee6b5b8d717cf7e26488c433d62006752d0789da437ea6dcd7517befb14d9052a1879dab7525f499 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF
| MD5 | 457ec997335436ecfcdffe609297c2e8 |
| SHA1 | 40e980b7ade2ba5438e112265d30479f9dffd9e2 |
| SHA256 | 6fcc1586bb76787b2f3677b5e30ea426001079a07891206e5ecb9948621387f2 |
| SHA512 | c6c0faef6acebefcbcd30768af2fda77714188a176d466b093340030e0fdd40d5a71e77a8fe023b6822ea319d88fcef24d643d06e2114ce53e49eb0bd06f39b4 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF
| MD5 | b25b1f20e404d4e0c75433e0084e83bd |
| SHA1 | d0e96f71c06db23718af859aa432705a7580b7de |
| SHA256 | 2f49f703f3a251546cf9bf9700698e8607718cfa96e91262292d1a7210f18218 |
| SHA512 | 848232c063b2fd650c70fbd5ab36f281884764fb977f4bf5fd433d559a8d66fff2018f949327bc605646333f36b9e8e2a21eb304f5381bbcc250d5c83f9f2831 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF
| MD5 | 97b1bfb2588024c38f1c2239986cc12c |
| SHA1 | 58317ccdb2c2663cd27f581c4e191fad96b9171f |
| SHA256 | 0cc4bb080d92d2d812d1cc3aa388afacfc148eaf769df2549bf4b4f309b5dc5c |
| SHA512 | 8bd74b3f6aa0e1827d14f410388ac148e59f8458dc06f99e6b5c035e629f031c45a71769aea99e2215ca3c6f370f70e40c928491b5f0a1c25b1f50d7b6030941 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF
| MD5 | 323106797abf43db77d71ba83b822e7b |
| SHA1 | 283d7eb8627a03b9fac46d3709cd0a12f0778035 |
| SHA256 | cd652dc03f3eb7427539a6f8c07fb210e2343c53700cb966950ce2af375cabaf |
| SHA512 | e72c39aa10a4ffc25f4fb4f0d2e6b29a58f7675aaf6e9290e2a7cd35e28ec35f25529bea0566c0bf1bbd494db73eab82197574eac950441b40020205f98bc4e3 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF
| MD5 | 2525b3c18b9e0f077cf4ce9fb9f9f7f9 |
| SHA1 | 77dfbb029801676dd440cd4e0a58ec963eb7dced |
| SHA256 | fff0189c76c3bd3f3c43a2a62369ce9991e05bb385462f8d5ee86346039be25c |
| SHA512 | 4ddf155e8733dcaaff3219ba3682d8e03f1373e8d7f89c2f72a2bef29a06261094b64872fdd3532b02b89187eadd7879ccdc9c8561473b26e5d2868367ede37b |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF
| MD5 | 54793dccedf61e584f22bbcd1b4e7c65 |
| SHA1 | 6d8a671eccc386df95be03f6a0eb9d35bd7433a0 |
| SHA256 | 7e56e35d3c26391f82509d19538544bbbf8b40c927c46830171af52e4491678c |
| SHA512 | 005b68a60ec8dc04f30b6dff1da4bc468b4cfe2f957ef241c27b0d0a0f8aa70ef351c3d23ef6088d8c462a64182671741b980a7d81717fe168e8100343dfd22d |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF
| MD5 | de4c07e57edd00ffb0a0084016ab28cb |
| SHA1 | d82c5e585494dc2e35d6c014a38f5ea8664ce201 |
| SHA256 | 077ae3b8b406a8b5f6ecb1d0155b53f4f937aff5d26c912f12e6ca7d91cc7f1d |
| SHA512 | d1f69081abcf6fb2b9a8d1d0f1b11f4c5146c64d5a20bc1ab5006a5cbae8bf7cfbb953512b174de83bbf9c6af1e405a14de57193272769e39e722136262a63af |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF
| MD5 | 3d0b219b29819f5cb6c47e49db94097d |
| SHA1 | ce457278a5476d32cdf24a7e62e8759ecdad9176 |
| SHA256 | 2da7e512290fad4dca729a7342d2a3c023b426c522aea848573e5570c3e13989 |
| SHA512 | 7783967cac135c17e67e8844656bb772157c23e90ebaec836bd6537918db2ebf9b4c5c6045bf8dc9bda2716dfde238d5eec543bef6eefc1b2858f680d4b00478 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF
| MD5 | d1436c515f30683e779cc98c3713c05c |
| SHA1 | 6f7e18c19636ea51d69c612e778aca62d2a7f16d |
| SHA256 | 2f0fb52d9bc766ef698246d95fd97b63ed8871146f18b8da5c53f7af16b49550 |
| SHA512 | 33da8df27c99aead58bb5edff0475dc3c2ad25d1c184fea04a14d189f01067736c3ba8af6fd0b518762d769301f01920712c74925dc60c4e4db42addeec0e7d1 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF
| MD5 | 47f9fb6ff846ab828063856c031386f3 |
| SHA1 | 3e8069f33868d42b271f895ceff996e1f8fc4a8d |
| SHA256 | 11708bd6a9f036534b703ec627d22de9b3794c8c98a77573c2912a3e62ca4f28 |
| SHA512 | d2a602dcb6b1d62caa26e7b119ed9a308031bd7ac284a1f6980581e317bc1f425340c8dc087ed8ecfdf92fdb42e3645089fcd748012e9f0586afa8fd1a979fda |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF
| MD5 | 61f5d5f76683b1bffbbdbc32c5581c15 |
| SHA1 | 5913f44953ed3bc543d7c0b610a5991acfe938dc |
| SHA256 | 83474d0708d03d069b128db07f5ca1a5916faa39c6225d5c2752081078ba0ed5 |
| SHA512 | 3e693e404faeeeddf197de1fcb4648e4104154a94da55762b1de80bebcd8b8f28d2f148f2cdc12aeed2f26cc0d30f998a82a2c8ce028684cd37250ddf50b32c6 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF
| MD5 | 6ca43723cab6b6997d7bb8650f32c1a3 |
| SHA1 | e6a299d7f0d36c667a7915ef085c59978a36673e |
| SHA256 | 6cd22103c802e5b6e904d4029a2fbdce942b68a2ae4f59595d00e48ce6d41651 |
| SHA512 | 16b547e3e221f54abce33fdaca98b8efd221e46600b3a6a3c10bad51e6d7c9fb7fa5078f0b1ad4cd6dad59d07679435a961f680dfbfb7bd933c8219ca82fcb85 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF
| MD5 | 6f8d1a0524f16fded710a25daeb23f56 |
| SHA1 | 4b3c1fdde383fd11e3ada8f6794466337e931f80 |
| SHA256 | 61f926fc50713455754776b407e20cd8d529a6bfca212760fee34493effd79b6 |
| SHA512 | e25003b5c7fb9eef8c915b486f4f1164809aa7258afb362f9e59be819cfae5ba469e737aeea69df0ed97bc0757861175b4f3b5ef06fe91f76e873b6d5edc79f3 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF
| MD5 | 923c49872356e9c9d90e215120f578cd |
| SHA1 | 740de65e2b6e22968b1f509018f4c01c33f409ee |
| SHA256 | 734a5a45a7a1ddf9b92a4a70fedb784bfcc13867be28b9707a826638ea45702f |
| SHA512 | fa60326c895e54fa6895f7bf1f805731e70399a55150c1aacbce7468de50fc455335be003d5d09883efd191f7f775e69b9948e30f0fd11de1ba0e6284ba83ed4 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF
| MD5 | 7c0df08707928a32df29993500aabaea |
| SHA1 | 4492fc8243561452b9fc2d74f9b7045fe8df0ee3 |
| SHA256 | de888ca94f0c51e23f6c5dc84287357cbcb33545801666cf60f5f4e94d853388 |
| SHA512 | fd57f9d2e361d2ee817b92ea22e787ae16041b7735d0cf705edc9e32fc10c428d371ad4d9334daabe5df994cbd6a04d2465bedd6b46d6502524f5e5c71370e97 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF
| MD5 | 1972d08fa55e97b3547ee425a2a8c64c |
| SHA1 | 596d8c9477d15cdbd6759223dc8bb01d5290f085 |
| SHA256 | 8f483dd0960f491f0095adb78fa7aff9aa22d76de05e2f2f3cb35815a0625f12 |
| SHA512 | 73d3a96672a454eaede4dded38a27400abc44e72e52789e9ea665ac152b25b2d25ed9dcb8dc9b290fc2bd1384a149f933faf37ae1c27543b5fb6ccb97a4b3a84 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF
| MD5 | 6259059d0485c980f824f5b7554f3416 |
| SHA1 | d64ef3536a3d562f0f5b14b2d8bbbabcc80d663b |
| SHA256 | 95f95a7c2e8bc125ade35db3b6c592882a3571fa4e687107b4dbf96faeef9f1f |
| SHA512 | de6dcda14c23587245f16b8f017c5295121f8cb9984ffc446bcb25a5bc950baaeb644ba5e8cce198cba4f2b6c4fa8c0eb992c00fa44b34ba9d7811a02bd27844 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF
| MD5 | e7ef0c954a0033d22b72febd46372b9c |
| SHA1 | f198c71ac479f9b9ef0f58e8d4c368d49870ba4b |
| SHA256 | 64b876c093ed85874d5b4edbc5eaa7fd88e0349b7a1d44f497fc20e0c3906918 |
| SHA512 | 880843f4af516cc19aa02c7481add6e9b5c988b4ca1184775ed3448a595adbb04e20a243d9d2f9c8f9fc12a75bf157d45c6af132f263c98aa6ab97c20936c349 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF
| MD5 | e95e63d0f0e79c9950187119e8b15062 |
| SHA1 | 74a85c7fa2a474926054a9a8b6d90b26ddde4992 |
| SHA256 | b813459af00617cabf06687048071b78f7808f7d6b61ec985411c14cf5715c66 |
| SHA512 | 03117b6a06ab3520d7c672ecc4a220a5416505a74b4a8ea9802bf07a3bd442cebc57810dae9e0ac182d72480800d666c644ef2b0c335055fd8427721a873006e |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF
| MD5 | 57d346afc52650138c9b658c37194f5a |
| SHA1 | 323b31332dc71966a4ce8502043fc232d01d4c1c |
| SHA256 | 2c74b20f942c284715dcf5eca78f8454911630506d9d16a5eea758e6f3b2ce9a |
| SHA512 | 3fc6556d99e9cac3274843afe76554a2869ed1223fe0d2b904ad35e5204e1128daec4dce983ab34ddbb64b0c5de13abd2ab274733d0ef5a8a31f46b8dc616259 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF
| MD5 | eaa3e82d32ce809008c4f89b15a3e6bf |
| SHA1 | 203891cf641580ccb63054fad31b44962a8f7ac9 |
| SHA256 | 61e9527ca209d1f904806913a467b6198364789f9485ad6ad1a7a9d6a3e69ce6 |
| SHA512 | 35663f2af3fcb936057e8221cdc663e0ce60bb5726dbf4048ba2bedfcaa1505b36dc3d53fc194916cde508cd5358c743d30ed50acef01cb03e74277c08473f57 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF
| MD5 | 1ce72dcc122be83c18572b7e678648ba |
| SHA1 | e694aabe3141da671c2ec4201f041281861b35bf |
| SHA256 | 155a0ae8cdd9b4ab7d73e60fba54aa142a4c3d2c519ebd644d7df86c91210915 |
| SHA512 | cd9cf35104468af953ea7bf42f79d37c53ad9297b24105eba5c5de800ae474c51e4249466c09c291d135e6cb383472efb0ace0cf9f19ffc8ca7a642197799cc3 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF
| MD5 | 30a3ebc2059e80e0fa72b47a3465bc77 |
| SHA1 | 3465fffd364ae9a7baa8adf3d800bb417f1b6fca |
| SHA256 | 31b53e7af81529de5b48ee6adb1c66d863473f15b4bf96833f1552e8599c1ff3 |
| SHA512 | 3c2a405e4da6dd50d62e4e4c3a7587d80578ae0f7f33ef1334e8e75d5055815cd39ba7f2b75d010f80460c99495beda93acf7ee13b4bbb9b008e91f96d4a5e5a |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF
| MD5 | fba741276c26c2add95d9bff62358b48 |
| SHA1 | 154f9ece468d25db7c4efd4cd4c8809c10b14a52 |
| SHA256 | de7d40a6d33941d70e40923b74352d86894def0f48dde2768a52e84434a87d30 |
| SHA512 | c879659d760f5da032523871926a85f2840ebde26eebbff39792db7b331f52d3d861b64872d95ee457b5b9beeb2a2c479cf5fe5b9d04e655b8b3a18761169a4c |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF
| MD5 | 1e3153d12e9d7fcd7b5298bfb3a32dbd |
| SHA1 | 468dee010d8f37890af07f23aa20b00f6a8eb507 |
| SHA256 | bb2a716725a2531402b0f1d5c71f8682bc174da95c9d93aff49704065e27582d |
| SHA512 | bd083d75d9f1abda06993e2fdc6c6cc0ed09da0c4876290b8746ff496ae1ee8483bb665f233d1988f257eb59de920d523c1ac08fa8a2974cfd51cc3520ffa46c |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF
| MD5 | 33903b6c924c4b1c52c1fc97656019ec |
| SHA1 | b62249724598895159de21c49f50712d35a04294 |
| SHA256 | 106247f9b937bf95fe355bd00aa9d6e4f63e5a439678b403c36d3dddd17180e8 |
| SHA512 | 1515b8fdb706d51a196fcfb80b3b2e53d47ca8aa49e18d5d89b0e9d431453e899a094f083aa3b5617e1da1f8ff782e00fc6736167cee0d05e5d697b3eb7e9d79 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF
| MD5 | b8b3e0f354942ea999a64400169f52d6 |
| SHA1 | 92ed500b14da3132bc6a93546f578635fa1da901 |
| SHA256 | 6586cfe0da24af8aadeba58ad7163cdc37dd8b6fcf45137cd2d674b78f5e6ce6 |
| SHA512 | 093b7b74c09d9b5ff6f7d71aafef86a2c3661a0991dcfbd226846e8c0fe441a9fa890ef33f461e986b4eccd6a177492e77f27718b8c9568814875541975bcd0d |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF
| MD5 | 4dbea4b2053180886f1a766d96fed327 |
| SHA1 | 580d707d89e74541b3d5debafaca2c9aed08c06e |
| SHA256 | b7ead53eacf8c5873b5931c777ebdae65649c676f1bfa4f8a24cd8f65524b160 |
| SHA512 | a61a99449ebf40c17e4d5d1ae96938ad6817803930a09911247d98641d8ba9af5bd4670582c867b5f230be6326f97a21789d6690f1afccb07da39291409eb64b |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF
| MD5 | d1c895d9d7e0acd3d245498650e2b4fe |
| SHA1 | c4867568eaafdb07e50518ce7cc909761dde779c |
| SHA256 | 743abd131215b7554dc3316b8ba7b52b8a213e93cde415f6ad3b4166f4d37689 |
| SHA512 | 43403a1cd2039f00e8087f462b6a102d5c0dcc03822006c097c8d9a64ed9de31497949da192428839b7dfb6dc0ca0a16b6caf98d2eacd8f06b00f5e64bd6200c |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF
| MD5 | 650cd66f10a8973a1f8468c6534d88a2 |
| SHA1 | 84ae9db62b6358c3def39d66b6c08154cbba7d16 |
| SHA256 | b773d5eb454dbc5826bd9ac67651e953a11926335b806a311a7f3bcc07bd0381 |
| SHA512 | 93c06ed7154ca9421bae1af88ef2e54b7bc884784f060855459a77dd367a63f57795c70bacfa9c21a7a730d0c53e200597050051900b4eefb7f4a679bba1f5a8 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | fe01c7602a1dec58ff9273619c645b62 |
| SHA1 | 21628d603ad1fb78c76b4615fbb8c8a04f341d66 |
| SHA256 | 6a4eee6b43c2a170edc5394443bca43cd3cff23b0606bf73087190777921dd43 |
| SHA512 | 759e615057ce048127f28ff4339857b6dfc602728c8d5bc7b227e1694972c73de78e01a535202b3847ea5b1f340a4b6379e64d111bf9a884cafa1a6e88de66bc |
C:\Program Files\7-Zip\7z.exe
| MD5 | 5b4a948c3831db552e8899ccc51c21c0 |
| SHA1 | 23511145a827cd01c0d1ff6a077c1d938715f4cd |
| SHA256 | 83908b94c86eb855e3d2052cfbcd0396772a016393074904351c8fc18a02a6e3 |
| SHA512 | a8520ea92ad76350812889e3378d978ef255c16206b2e338a5d613e506a4c9fa63f7aee0aff01e5cc3f0bdab5e065b6ce7f34432704575c126d16f4d8d3b5299 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 147616cec6ca723d38caefe538f4408a |
| SHA1 | 607569e0db3525c5697bf0fd6107f29dba8cab36 |
| SHA256 | 45b8b493da6d29fbc832eeacc72411612ea333bf5243f1bc97761704fead2ba9 |
| SHA512 | 747ee58f0f2595488ca2db358fae35b6d699710b11a1923b53400459cabd8bfab9d98200e39094ddd1e43df7b7624592badc8f971f5436b90492783fae475ead |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | d87294896f75136bc491ac257c203f2b |
| SHA1 | 38638095e3e57a34e8c0a5a3a96330acb9e16066 |
| SHA256 | 70df01af3d089cb39bab26be8b314e090acc99e123424ce4f193bdf5bfcef8f6 |
| SHA512 | f01dde248c2a0146a63bc003d3e2b3ca14496e09ab5582b0cdb986b904888363df9d3e89f173d7de85547eb7c1994b7ee99e9bd1c82f501abd667ed6275d0008 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 9516bb209689d3a7f55c1767cd33bed1 |
| SHA1 | 1fd3a1dc33b2ff98a60239b405e7cfbbba88d827 |
| SHA256 | b9112f223c16cdd15589b5efc31674c02639b104e1951abb61e157978c9475d6 |
| SHA512 | 9f5d9ea29f7f99c0dd7e8847fde273566eebacd2691218aa582b64f96552fab9dd75ccbc853672d71d572253778de5e97240e0debbc696faa6ededc9e1c1e65a |
C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe
| MD5 | 85249285cb3d750762bed9f08d0b5326 |
| SHA1 | 933ae804ee165b4ac5a3cac0eda6e530fde382da |
| SHA256 | 04538de8ecf768467583759acaf5d54093dc7a236fd69f6e8b978851f67895ab |
| SHA512 | eccf9ea6e0b411f8997e175c9e344f8005f6f48ae19819a30157ac5bd2f3d20823b21d97731fcaeff829882ae98464c16bd241eb04113e5b1d91638ac62ec6d5 |
C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe
| MD5 | 4aa12301ce178f582fd00f503f5522ee |
| SHA1 | 71304559d91e91febd562c10eba0facc1f7a2c48 |
| SHA256 | 017d42571325dc867db462b03d9cf20542cca793fb0a90aa7aa17512ffede1fe |
| SHA512 | d9ad1cce0007ff4051a6e50ba37c6afef25146bc8bce5458ebb6054acb96d108de3f73afd26008d9412e10e486941472fc21784b7ba36d1de600550b2c92a9fc |
C:\Program Files\Java\jre7\bin\unpack200.exe
| MD5 | 64e6940867fd62501d1a430ab4bdeebb |
| SHA1 | 9ca5d8e6d41e013ce8be6aa0b8d764a8364f349a |
| SHA256 | 22fd95e98b222e52c56345c58cf859203c88ee90717096c823910a90aa731fd3 |
| SHA512 | 5f55cc20d2b98b59099f6ad5aca7bb6501c60f46da63d555839307d39cc772da11aad7958758a3f89a1dd167f1208e69fa629ff5d8cd1e6a98761ef444cc2c37 |
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
| MD5 | 4ea219546c1d847e9c8456279f5471ad |
| SHA1 | 1217c8b3aafcd6cd00178ee24c4d83ef9c053189 |
| SHA256 | 74b895ccf4064e981fd2d8fc3adfd66aeafb32388b37128608ffa9df2a83791b |
| SHA512 | 4c81a36597a36110a93e965c545e17442168b9f321d472ab0f89cc856165b6a46223b2d0c1871c8402a82827e621d5b79b965a7787bbefb8da06eb713d0cc9f9 |
C:\Program Files\Microsoft Games\Chess\Chess.exe
| MD5 | d79800082b7783af1e9ca5e5d4f3acab |
| SHA1 | ebc9a9126705cb3cd36f837157232d44a5f6d039 |
| SHA256 | 04cf656df85d291eafebabfeaa1ed60f963bed4ce02e46c5a3c46e03583cc0eb |
| SHA512 | 9b3ca65ad9e42652de27b89ad424e2b7c841859cf38533aaf0c8774fb84b1c3ea00b70ba5c56ed3deafe9ce29ab063271c64966721aea0bf8314035baefa6897 |
C:\Program Files\Java\jre7\bin\ssvagent.exe
| MD5 | 1e2f59d216f36d5e250770eab5658e24 |
| SHA1 | a9894ccd1a3d39a416bd23668b4c5c7e8f229d4c |
| SHA256 | b2619bc17d81e48618237f15f1e0ea577dad78b66f8f3933da297b87cfd93327 |
| SHA512 | f641a03fbb72f1a57b2f694fe4d12e42fd063d0b8d8690d5a9eac2265d27a9bee5da1d9f516d11c5d591b8fcd95a8ffbd4e1b51615cc0332547dbe91be1e0e58 |
C:\Program Files\Java\jre7\bin\jp2launcher.exe
| MD5 | 0ff2663b548ba68964b7901238e99b2f |
| SHA1 | 277ee321fc7f49d9efdd669c2f17a5f7b5b5cd6f |
| SHA256 | 47b988fefe053595dfaa995e1381a80844368b89e0384d8b11fec6aeea7eeefc |
| SHA512 | e0a04995c93dcb25de5ee061a4f5c72b72259249a9fdebcb7aea13f4cdb2972cd749cfeacfce186299198c7dd2730c5e88e7f5d815c2d34b4549874d2fcc5461 |
C:\Program Files\Java\jre7\bin\javaws.exe
| MD5 | 786fe674572053ae9a7e8c181b44ec85 |
| SHA1 | 7def907c1d576f34a65cd2e2c8e7799ca652a661 |
| SHA256 | 4bc7857513d2c1dd37d0e81cee5b4c11c19fcdc63ac02f5427d9c57c680bbe11 |
| SHA512 | d121e64be147f06ecd55f41d8ffdfb02182acc5ad5b0c17b1305605cb1cc3c89d050653954b2ebe34c39737c3beda9e18a91f1a3df73f8152d90753562ade295 |
C:\Program Files\Java\jre7\bin\javaw.exe
| MD5 | d2a307d1513580de6bbcaa1687b8b842 |
| SHA1 | 175ef66af3034bdc9e37eb56405156937594db2c |
| SHA256 | ee4e0f9b96779f1d76d2eec8d557f258945e2a85ccea93a3e180786e4270662a |
| SHA512 | f41b46cdf4d78068049a805e990950c25fda4125e025ddb3d8282970a6f175e543862bf3b4c89153821cac7630f3dc57091367735a1fa7b06f8b3070df8aa741 |
C:\Program Files\Java\jre7\bin\java.exe
| MD5 | 65c156ea63a5fab0de86a677099ef939 |
| SHA1 | eb978f0b26a32d68b302d2252afecc010fa09340 |
| SHA256 | 73a76bdb2ab29dcbc29fbd2f72c53522a203b07a92ffb29bfb78bc7b5943b15c |
| SHA512 | d803cdb979011a7fdf2b2069aa6eedc912613875c10a782ea2867f1e6436fd8b31ddf837f2dca0cc10e6f8e6a87caccbad9923b7c68339195133fe7d62929728 |
C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe
| MD5 | 6b900a7606f90d5810a6c89802510301 |
| SHA1 | 20c4872f4d56764158bb06a764b90b3af522f637 |
| SHA256 | 45d3cf30780512360419a54c1cb2b997e3609405e7497f8406ded416b18a354f |
| SHA512 | 601d95a653f5be44207bbea9fbda2630f128558867b8108d21a6f5c04f76fa4610f2965dba626c8350cf1ba6755255f5e3991701d13d827b4f981ee946835fc3 |
C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe
| MD5 | 93fe2037a8a16ece9f20806fdc95080d |
| SHA1 | 0e700f9b8c25ac3c9d10779d6e8cde9c6f295db7 |
| SHA256 | 646a3143e5ea38e48b79a6e9182264f5fa3c6b4e6b82fcf22e8673c35b621c18 |
| SHA512 | 51ef1ef9b9152e8d360f041d923cdc80a463c97662ee39a587449fb5d2ea87c605759b9aa6e4ca81a4ca0318218a4cada845f0f84bb9e24c4ad5e6ee9681cf67 |
C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe
| MD5 | 3593929badeabeb7a8c410356b623349 |
| SHA1 | 2803eb4843c8b07404864c598778403f6403bb83 |
| SHA256 | ab23d9da1712f5db8d2df9a5a76552026845a4d81733b71add96260c33378323 |
| SHA512 | 8afc37c450f1973cabaa44036691dd3f88287b57e679318c4416dee5f46178aa79347496f0479b7c0b1ddf38d81c12935105983301c206b35a4a15e5b12f100f |
C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe
| MD5 | 3e8e9c61e41836c4b766765c4334e061 |
| SHA1 | 83fa4433233b3f804af51dd3a2606eb07bfc17f3 |
| SHA256 | 857962a2165c264ac4e4b3939ff54d8a79f186e18fa28e93d5d58c95b37cb739 |
| SHA512 | eec02423f00751f145ec0fdf9e8230e78978f13e2fc65110785859859a3a415680be21da8c0afbe0589aa72d704e1e61073dee75d4eb1e4c89575594dde58c2d |
C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe
| MD5 | d75edcf78ad8a4f7485f1a59abc85fa9 |
| SHA1 | 5ae5c0091b610a653c653dfb4557cbdbadcdd43d |
| SHA256 | 930e859bb94c1b6b519542d2bcf38442ee38ed0cbe9517566df829cc19a8260a |
| SHA512 | 6dc0f1644996a525ebf30e3013f542299f7e0544bdde2e35053835ff4b9dbcf45ab1da3957dbf2cae1dab5b31d2008b02c19251280d00f66058484a9936b3a6c |
C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe
| MD5 | 1701fcccf1ef3cd85b18af1fd7431e7b |
| SHA1 | bdb29967b836d6535a22e9c454f3cb926b7476eb |
| SHA256 | 9d7b1fdfcf3766effb780b248fd5ca6f5fcaa4b707ebd579cdbaf27201f1b3b3 |
| SHA512 | 1fda5c4001c052ece5ddcaf84e58681f8ad1b012d4fe46f43080142c924c9a601fa4642cd4d0b201f72ca86824f7fcc7b1f7ea3b716e781372a77db5500ab76b |
C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe
| MD5 | dd1f750bfade2217c812e3d5bb8a6b69 |
| SHA1 | 75907ec0219c8779da78f49127a4c3bfcf615af2 |
| SHA256 | fde01e2dc76856bffaea65cc38cce82be070cacbfd11a011705e57cfcfd09b00 |
| SHA512 | 44f4b3f5a6f0741757583c5f6682c0cc04dbbec0b1982dde629cba568632a6cf68364c4287d4a47ae38b0e9586b85e9c2fc1971f9ae1401b421b15990a2a6d8c |
C:\Program Files\Java\jdk1.7.0_80\bin\java.exe
| MD5 | ac1429dd779ebfeb3db422d4d8e3b9ec |
| SHA1 | 3b140adf7044e6065d08f2704210e304802ea1d6 |
| SHA256 | 58e2f1a9fe4f70aebaafcdbfb76d69bf854b9b7cf305cc5176e38781a33b1e93 |
| SHA512 | 5681842701023c16e0379846c1db4a8b3b175425008f236474a1b0ea48bd0def2703cb90f66f2221f9bef2edf2934a8329121ccb972d897a92ecf610d36627f2 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 2135b7b5dbbde8af281b366a91d8e7a7 |
| SHA1 | 6cf48cb680ec56afb0253002ac6a283b86a24672 |
| SHA256 | ec15513e08c24d1e24ca3773a1277ef40245f224704da2c178d60fa0ff481dbc |
| SHA512 | e39626bbdd39e3829817cf4ff2e3b19a0431bebc652a8a8c41a085be01aef364e182fb9967e0967de8d67f9839d0275de589c3653cf2748a72bfe2b79265b712 |
C:\Program Files\Google\Chrome\Application\chrome.exe
| MD5 | f5be5306b83887464e1159359c84e2ef |
| SHA1 | 6db4d2f2d674e1f570d6cfdc8bbd50749a2f9c1b |
| SHA256 | b5ce1d929fb7a1e88a8d675e2f2ba82a46f4653d59346e3fce215c4249aea497 |
| SHA512 | c2a5916f6a9aa72414ea2b0d6b6d46960c57e59181e6c1a3c4e78f8c43d4ef9285abab1e2cd1ce9fd3b813beca584663b91bcd0fd2f54f6a9f0aad5f8893f4a7 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | cd5f73afc106178bb60d6c00277e3dce |
| SHA1 | 465d9e1c6c4049bb4227d924f8f008a209308070 |
| SHA256 | 1c5b3d571b17f9a7af5d4b6b0ac9b681c791eeb416166fc59d8424935021a9f7 |
| SHA512 | 674c2dd4e6c7feb00240bf14a5cafc8dbad98314812c702cdf4b49f26b0c892696a65f3da4f0178b72d69d7c605c07baff87eac6fa7486a049ac8e4deb3786c7 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | 977cb510757bbe0846b1d46031338495 |
| SHA1 | 5ab132068a6ea894df562cf3086617615656c2ae |
| SHA256 | cf75e27ac5af562d2a3123410f69cd64db33cfbda57e8cb21c9ef72d6a07f58a |
| SHA512 | 7698a66734df720cdaa3abee524ef7862377f3f0593f1d94d39811f5853470ec81115d9f2c2aeb7c902dbf40ed28a49da837ea3f2368a0ec5304779da7e35143 |
C:\Program Files\Microsoft Games\Hearts\Hearts.exe
| MD5 | 2df4dd51326083820de7a70cc490dc2b |
| SHA1 | cf299098c418d3733e077e6f237fbebfac4fa5ef |
| SHA256 | 960923f4da9d8b01636e99f0b0bcea0e3351fd0cb5bda729e077b597a6a29f9a |
| SHA512 | f0211bf21f2caeca5efa0eec595e31878d7a0787707942c4d3e66f9d8c30ebf987d33abeca3a9c5b55d04d4f7e3a2830efbe4ef3e3ee663880ead4739d449673 |
C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
| MD5 | 6be2b85afd17555e3a747c1295f99c33 |
| SHA1 | 13110d2792467f7fff8e916b4685b59a47db8f24 |
| SHA256 | 7b551302559e60369c87615e068f0afd36e218ef4f7175cba91ff2dbef4c5049 |
| SHA512 | f06ed8a6fac135681809d55195eba399831398fc21835fddecc4b41f767ce86cee6764ba33dd06a7b06c73a9318b1700d270c42ae32d77d3fb9e6ec0015b28eb |
C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
| MD5 | 28c90ec13b3eb6cd54a575035943ae4e |
| SHA1 | 03026b2bae7e8fa77384569e101df98ef2fae6ee |
| SHA256 | bfc1f6dcf5f5fd9418467693ff297e3f1b6e3dbf67ca301d8479711c3014ed1a |
| SHA512 | aa1f915c1d0d49897872753d165532524cd1a8d09f8ad59600215132a59dede31ccc73ac9a76417e898993178e5482f2aeba0f958b5ef70703a14875618bfbfb |
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
| MD5 | 1c1f4e6c2c33c403d179195364962551 |
| SHA1 | c2c788377153ef5e2896c700a1f8cff41452e17f |
| SHA256 | 197c32ede13ea3353e04996ddf82cfd8a3240fa6f02624f728fdcdbfcc99686a |
| SHA512 | b86836452e9294915561f1335d7d59cee39c4216a7fd7900cab99bc9f3affa72a0197b54690dcc5d7045cc1dfef8d682a68fc47ad3da877637163e00630ae023 |
C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
| MD5 | 18bd30a5c177fd22ad6c35a023fb6d45 |
| SHA1 | 5b165b8d7332e360e79ca939f87cc51b20fcd0df |
| SHA256 | dd1742b098bc2b0487268b5c6e352419093ca3a66f45a90854a819c49c38dddd |
| SHA512 | f03b6a8538b9ca3438d639a8eafe3ef8e6a0779d8609ce82a327cee214939f2f4c656914f06412a3df909a3379a545627924275b946c18f3c8aa23fec8298271 |
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
| MD5 | 20101d9aa55ab7f3f33c824a7db5bc73 |
| SHA1 | ff4837401cac5c6a9973e3782b3bb857a6d1c363 |
| SHA256 | 7cae1f729b6aafb95070273539de3ac9b68f157b2f704652a0765e5e4a38ac8c |
| SHA512 | ae562ee9aea029ae6082b9601a2fd2e7b2410dbda4c6360a5b636004f577a7cbba3bf77029175de83ff1d27c3b7ad1ea372e55230aace1de08e8653f29fad700 |
C:\Program Files\Mozilla Firefox\crashreporter.exe
| MD5 | db27c80b7435822088f0f311f87cbf91 |
| SHA1 | 9aeea06e55afbb0a68401fd7805dca16f70940f6 |
| SHA256 | 2e248b06bd184051e2a3965ad3dc9139d49bae74afafb2c7b6e6369a863b87fd |
| SHA512 | cced59c670f5c6ac9f224464a06775357f144f0906a8bfac9750f6e8f14c9f1cea97b69735432aa6fb14206f4d87b3957f9828539fd246c08e6505cbe5eb33f9 |
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
| MD5 | 4c5b13dc4437a2c0de1de0aa7300b9fa |
| SHA1 | 3c284a5f90f7d89820c24b44a76922812c9fd928 |
| SHA256 | 0b292d8192e8c8a183322fe96e9febdaafe3ea5076ca946d6a747e95940f8868 |
| SHA512 | 70a88d6eb1ba2098c3b99f568757d163ef64518466a4b08f80f25f6b555d3a8bed7582e5c7e6807ebcf47985e346c603234c92c249e0a6ce94e134544179408a |
C:\Program Files\Mozilla Firefox\firefox.exe
| MD5 | 96dd9206c6ae8b7f27c4adbe7539bb1f |
| SHA1 | 0a62ee9ef84614d5c26176ccb267da5808a2da53 |
| SHA256 | f0ab2741ba4ac26f1476eb391836e8ac33f3bee804774fca2329c4b33512b99c |
| SHA512 | a406444facae355f3484891a3e4f6f9a3b913eadcffa1d1c2469c1b247034683c4c7e0ad96068e4461714d91729e832a79807818744eb44047323afc7c3dacca |
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
| MD5 | 2a34791a54aa3ee99465d97da1ea2ef6 |
| SHA1 | 8eb2dacdf9f832280201366765e21569bf3bdd91 |
| SHA256 | 43f3c4430c7ba8de45238f52f7b89794a1f65b640f8c5f8d75c5454151d48198 |
| SHA512 | 58bfb05484f257fc705064c87890239c64d13ff67b7aa6b74477b87aef545635a17ab5e909e80668930bfb6d3082df72ae1b3a741436676fbf93f410992d4dfc |
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
| MD5 | ee2b6bcf8d01b15aa57110a84cf20684 |
| SHA1 | e627a4bc7d5e4b7f6863f1c33ed4cee280ded0c1 |
| SHA256 | 89bad2271afee4ae89f0e868621fca7f6c66f401c44f50f9f13e51c2a06c02b1 |
| SHA512 | 1b1897c4f659e0b8f8a4ea8abd79e2163bffc3377f5649b9cfd01698869dcb7de7e15b90a50548ed6678341081e46aa80f7483e0d9fe1301dd9f0c3d147a77c7 |
C:\Program Files\Mozilla Firefox\pingsender.exe
| MD5 | 8be9e4fdb92c2e5cd824a00af4d70b27 |
| SHA1 | 4140b3ca81e7aaf64014473cf4f3fd388300af0b |
| SHA256 | 4723001c9b12184708b59deb3e23bc18dac54b3feef78744125289e7a47e613d |
| SHA512 | fc7779f489f727fa0d60204adc8e0a5a82a3a9f66f93bd74f8b1d0054a7ce77ab9ec15d849cc5d557b10e93825b73d07779f1fc25825c9a96dc94251180db68f |
C:\Program Files\Mozilla Firefox\plugin-container.exe
| MD5 | d537b9c8a1e98f3d208e0749ecf1fde4 |
| SHA1 | f184bdee15040501e26df27fe0121f57706351b8 |
| SHA256 | d861c685e8c06613a0b2987f85bb4748648918ad387cba176f9c2afe85c8f386 |
| SHA512 | 98e6ef0e3dc2f8e5556c8b543e434f3e32ebc581b3b675095271775ec68f3168420420a0cdcc637233dd83974ddda8056f42b73fbfcd7616953b4e880233e804 |
C:\Program Files\Mozilla Firefox\updater.exe
| MD5 | cce035f87c77ea92f877cc8bcc127c03 |
| SHA1 | 8c1db4debc4afe6f1b913f74ce77b72302f375a0 |
| SHA256 | d11ca9a282258c6b0a378810862091cec47bbc22706be9989bf04ec68f2c5209 |
| SHA512 | 7e80e15b3fdfe8139784b0bea98f33feacc1284230c13686d4a1e4dab48336126c5ae3ad8a25d1dcd132c701f1db2beba481c6574582d355633d27c70aa06fa6 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
| MD5 | 4cb0bdf85f29705972d683eca7fb0d66 |
| SHA1 | 23ae322096b5279028987c360439531b6b8ca038 |
| SHA256 | 6a00fd384db353f0af9277b950c61582f345cf65a530e6dd90f664a560d31b04 |
| SHA512 | 63fe21a5b9c92e06eb257f82cf8b7636f27725f211ad33fca97acdc756aa1fda9eaba54f4e9a05fde8e8cdaec946e671b9fd2f18cbd88f0531da824361366b6a |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 4e90b2af59317956d9b422121c72cf49 |
| SHA1 | c9ed85bc32886028dc27933ced7108931b3ab1a0 |
| SHA256 | 0105bbe1a63dd32bf0764ead1ce81ee36078362ed7d935f944d5e68c62543afc |
| SHA512 | 3dbacfbb0f2637f396c4d3a3cfdf1eefe49e7d4103b83ae64aa64318756b5a1c1a6f288b8df723f10acbcbed348105c2e834019704fdc024acf5882a9f290d07 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 11:15
Reported
2024-06-22 11:17
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
53s
Command Line
Signatures
Azov
Renames multiple (8234) files with added filename extension
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-140.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses.svg | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\plugin2\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\SmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Generic.xaml | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Button_Click_Sound.wav | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-400_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.schema.mfl | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\plugins.dat | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\pt-PT\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-256_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\microsoft-logo-color.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\13.rsrc | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-64_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Microsoft.IoT.Cortana.winmd | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-200.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-125.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\MoviesAnywhereLogo.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\19.rsrc | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-80.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png | C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"
Network
Files
memory/3152-0-0x0000024502390000-0x0000024502394000-memory.dmp
memory/3152-2-0x00007FF7F2B70000-0x00007FF7F2C6A000-memory.dmp
memory/3152-4-0x0000024502380000-0x0000024502385000-memory.dmp
memory/3152-12-0x0000024502390000-0x0000024502394000-memory.dmp
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
| MD5 | 78ede93114e65f9160fd03d3357c56e6 |
| SHA1 | 88d531b101e57655f1d0d26c6b3257aa2468d460 |
| SHA256 | c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5 |
| SHA512 | 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d |
memory/3152-11-0x0000024502380000-0x0000024502385000-memory.dmp
memory/3152-10-0x0000024502350000-0x0000024502357000-memory.dmp
memory/3152-3-0x0000024502380000-0x0000024502385000-memory.dmp
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
| MD5 | 8688495478562a342681f29ba30bdb1f |
| SHA1 | a73dd8877679c5283b003215e55ad89c13279d5e |
| SHA256 | cbe236b284169140dba7ba3b8d3ab09327b29a3111959d3aa3ee2a549202e6b8 |
| SHA512 | c179d7d185c01e70849173eb6155895b09f2e43ee91c7b7b6b8a02b25a8ddbc7094e2257343f355d946e83e7ee06d88e50335390a27383105dd0086d7b99b740 |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe
| MD5 | d04a7b58c5ecaa5049eb1362f4aaf1a1 |
| SHA1 | 354b8c28bedcf6f7fdde013c3a21418f34a5193d |
| SHA256 | 366920211e7b8ba4d11608e3da93cd55950a9886ad6291a8846f4ab93e770378 |
| SHA512 | 051c9d9c5fe38bddb9c23a426b9c295a658042534e14b10aca4207c3c8ad636a70504244c4f18b6f16aed127a20bd4bb5199646e60bdaad9fc265dedd99cea17 |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaws.exe
| MD5 | d3c4193cdb809138a9e92525d0461d7e |
| SHA1 | 1fe0cd3c02056694f84385d2705f66d247c1fa6b |
| SHA256 | db8037de2eaf69954dfbcd69028105fa399e613eaf4c7b40224adc0b407dee07 |
| SHA512 | 62901059cae202171e8a7a1fe66f03f67c185e262f8be7dcf48053e1eedab86056babe4237f19ddbf238d5bed6d706d7d15ed755fead2a1ab37109652eea482b |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaw.exe
| MD5 | bada1ffa5f7b28e7ff2776ad0f5e628e |
| SHA1 | de5adb80f0274c1830ace88058f121b31436b2ef |
| SHA256 | dddda9e2bcc7d2d03d3e76b165b8c939703065ecf3455e965fb949d74fa48bbd |
| SHA512 | 2a323e833714a4f7047bcf13bfe63d6591428d9b574d94599aba5bd695a5405f776b795b4e9a1321b62f86450152a5ca4f30c4a34f02c8a208778314f55d4d08 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg
| MD5 | 6b230b8fe1b21dc240529bdf17b6651f |
| SHA1 | a1c19530a14fbdbd7af7e133a872e33466ed927d |
| SHA256 | 4fe21c40aa7e6e51ad753afe203aea00746b9a9237d15ba29d9e162f929e79b4 |
| SHA512 | 25592446972647264d0131d46ecb6e95c86a7c9a5fa0e4a7d98142ed8395aa4a1d04e913ad8e2424af980f762338a2523a3f57430f9d766030ddd0fe84c7157a |
C:\Program Files\7-Zip\7z.exe
| MD5 | dae69d507a335b0d150ee43e6b9aac9e |
| SHA1 | 97ac8072136a362698c17b6ad352a424486e36f5 |
| SHA256 | 2846e4b31d7a3e9b8418a29f9da22b9d155568c9d0666fa5490325e02d1e8002 |
| SHA512 | 86c7421fdedf9e62ad1fe94cd9d4ff4e4b0f9fdae5daf5ec542dd3ba1719eb7f8b6d5ce5d1dede395952260279e595837555db383039499b931dcffedec4cd9c |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 82673938081d85138afb054c4b54ab55 |
| SHA1 | e1e001b41c69c1ea0c4e2117ceab0aff5e827201 |
| SHA256 | 0e00d0807a53f35d463a8fe731f2611d7aacf661b2ef4064baacf6147da8a449 |
| SHA512 | 6f81483cd2a143cbbbb1167cb242acceffe94d49ab2484b0834f934b41b5f2220136755aca917aebb7d7390ed15c57dc546e7c42658a45e1aadf1510c5c16839 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 3df53428e02ea2d0779d144dbf31ff42 |
| SHA1 | e5e9eb08d2cb29e5f2f254964044079acacc4225 |
| SHA256 | ca429ec805ba471d42abf90b643810fb2c09a5f787d12127c06b19a2c792681a |
| SHA512 | afd88123ae245c0cdedd7e503d0920d4e92b70ec29503d0aa19890a353e37a4212f1d696a739a4a8742772d11edb5a673b8d3f3d9df822a731104160b677606a |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | f2c2588f3ea27c5b89877d39736568e3 |
| SHA1 | 2353ec6f3aae0924c478ca156f1e82d07df6ae4e |
| SHA256 | 6a7e179ec3269ed9a0327e042fdcf7a41e227e0aee7efebf32f78fddf48a2059 |
| SHA512 | 1155c81304e141c216143e690921a3a54f7704e8262870a12dee1333ad0bd930d09e6eff4448bb457c187fa144ae987c3ffa5468aed7caf939224e7320a8a50e |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | cd3301d0fe44f63000b30463b13e564c |
| SHA1 | a74735341e4f35593bc2d6987574484c7b294ef5 |
| SHA256 | 5e0b092f503862830b21df802ad3f3d49c5e0bfbac1d4a6a328fe9c1e408db70 |
| SHA512 | 37a4a74695851b7b5616aceab14fd974a3b7864cd2d46133fcc82b6b8752c7635cb4b0c094719f6b38796f6a8d89b60010ac2c526072264d11f313ea0f9b71a0 |
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
| MD5 | 53585f15c9cb5ab9e0c050b571b3f12a |
| SHA1 | 0da6cbdbced87df7308e46ee9d352c8bfc53b5bc |
| SHA256 | 1554e67d80e02a040951dab0a0f27b3765c51fd6fd3616c94be4b35b33a74311 |
| SHA512 | 016ff23c76f818653ed330036b7fab7f9e7ebc241abb367fba3889e6e2f0065e12eba2af75a6b7e710d71068553fb43e06fbfda9d5c9d7d253b13494641ac4c2 |
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
| MD5 | 01ac148e6c36b39b66eaa71271536d1e |
| SHA1 | 2778bd33f91bd4f14e864879c62e4cb66e21d6ad |
| SHA256 | ec7d046e3b1d8ce5e3f73968e5fd6158e7cd1fab76739fc85cf68f60deb9d1c2 |
| SHA512 | bf09efacaab7ee6be2b65d486ea16f605074b3d9981a7f7a2c9f2e2a633365a0041ad98c406c017ed32c75e937aaa557c60f26d2312a40b57995d049b1dd7994 |
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
| MD5 | c6979d961af20b6d5ae1e35be29092c4 |
| SHA1 | 4c1f655baae3a7dd8a20cc816e7caa306524cd82 |
| SHA256 | 64b518abbe3a30d2fb41e090d78462f798ae62875c0765756d5ef501bd85f6dc |
| SHA512 | b76a61d5402626f8bd342e2827a3dbc96faf5d721a3263faf464f6f15fc5743c991514df1d3f80c3d0b0151e2960eeb02e68e880e0e31a8d55f52ed5045b9a33 |
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe
| MD5 | 5c657a342b3c1e9feb5e2df7e8816dc0 |
| SHA1 | 2ae883ddee12e79de8984e1656c041b1bae74ca4 |
| SHA256 | 2ba906d54ecb73006b7f4c19831c66b737b8a8c40be5eaf5c2ba3d64b02bd64f |
| SHA512 | 05074127b550921b7db4cda2e38372ab20f95b333763d09d9ec1d7edc0a81c2b14e4d869799de4586a29e82e86c8f73f94f622e52e86ebcd4d2c7276416acf3d |
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe
| MD5 | 5b4a82ffff6fe3faedd2e99ee9284da3 |
| SHA1 | 467c366b709c7d9e03aceea16e90b8361afbb230 |
| SHA256 | 520f7e708863c82cdc2dccb8c227641eb0f388818499fef655723cafb4cda554 |
| SHA512 | 755eff9b22e63c095858f03c0327774db886be18fd76ef3fcfecbe13d2afab4715de534cb8ccc149e7c6051e22b98838a94ead094a86a9da4a7b13515d97d440 |
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe
| MD5 | 45f908de776b6874880b0752c2a7c311 |
| SHA1 | 81db7a5f98d56726f302baf1111a9d22a71d50a5 |
| SHA256 | 2900521fe2a053d00a10d9917b5cfbd6d13fd2d910cce958d1c31b7a311740f6 |
| SHA512 | ef137c1c3168f2287a7351ba7301685b6c9265361575042f3f11c8aa30f204e5b39992febd53d9507ca569b9033c94e6ad2086fea9d6f6abd88348fb434c7467 |
C:\Program Files\Microsoft Office\root\Office16\msoia.exe
| MD5 | a289327bab7739fc17462b726d5170f4 |
| SHA1 | a0b9e785592fbfe2a62bb9d63a7ccb9e493d3596 |
| SHA256 | 197a535e836da520934863923d2d1911f63e16fcc1166694250240c9bfc5ffae |
| SHA512 | de67e9fbc503593ddfbfa2cb95718c4848a8e08ab981b45b68bf7c7255f0fe730aeacb03bfcf747138ce2fde4f5be5eb73397518e065c7b0ab07adb4a358957a |
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe
| MD5 | 92df4492b588eef270faa35329e4580d |
| SHA1 | 88be14f0400b01bb2dfa61d842e8e22ddaef1375 |
| SHA256 | 114b76d8ab8882477084b0378a657f76fbeecf5a29bea49a79c5bbdff456092f |
| SHA512 | f828e7a9a87801f17dbcc6f0c95ffa457376a31d3303ab2428f5929fec582235c36cfdba24ff9ae6f6c3da71ad5df14e45f2185ef2926b0007ed5ab42db1b148 |
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe
| MD5 | 9a498b91dcacbfb490d28ecd7cceff90 |
| SHA1 | 23be23cb6f0ddc62ae5c7f13ade6f595043a22da |
| SHA256 | dec3a8e599e962ea11288cb70690e065e898eef992c2aedd8e233c367a6a0371 |
| SHA512 | 4cd747d01a598666b3b58b60d21d3a21744ccc374323fc9f424ceaedb8a80c405b64e5c3440702098d8cef62633786ddb65f7a4f6755fb2475e612fed5181f17 |
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe
| MD5 | 9394d5053c661760ab30684977625ec8 |
| SHA1 | b7a276bf7d63684a416bfd3e7a9998dd85d66e65 |
| SHA256 | a271e5311d81848926a427beb8b9d94eefe80ee3b8cc7ed42e6066d59fa88ddc |
| SHA512 | aad185f2bc1a2609fa8aac833a0c5064725fab9224099e6702a3790bc3dc575f094584c88eaf7d0c256984b6c8c56c331e4a3852e06a644aff3a71633d51fad3 |
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
| MD5 | 836fb6ed9063771659eec9a68f40d69e |
| SHA1 | 4b825c5831fdd433b7cf2900a79a25a7b7009ab7 |
| SHA256 | 941a438a8fa5de2e5bb0a6905ac6da52204e7e5df85bd945c41d06f6fe676a85 |
| SHA512 | fb0d27dc2b8d0c468516952e1092ce644e156d91a263ad0cd96142dc91e0fc7137103beecb6200574f0e1f01b6d6f87cc944be44e16eca53a8079a591ea04d32 |
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe
| MD5 | c576d6de5d1a4cabc74651bb818b9acd |
| SHA1 | 15dc3ca2019a6ca20753527b8413aa38345755a5 |
| SHA256 | 2fb37abb9c49fe08666ef6bcda51b4e727c6daa4dcb9374103217d41cffe5202 |
| SHA512 | bea6ebd176c72074698227323fab6c58391825ed31d646084bcdc7f6ef39aa6093f32236aa4d0a45ffb0374782906c02e239f1112396cd494f36655d2c919bee |
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe
| MD5 | 899a3ae76943c870c4de3b8925e0f707 |
| SHA1 | fa27943645045eea4324cfc0e97bbeec1ce2249d |
| SHA256 | d06f0daf602e3431e6af37544ecff4f15402047b9ff6524ec7f933fb93e237d7 |
| SHA512 | 6d343f6c38fafd2a49cf4eb7b0eba0dcc68cea90901bdd033a781cfac8551de92d52c92759a8077ada472b975671296d5d69a3ee734cef8b82b3e883d6a81851 |
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe
| MD5 | 69ac864042efb64b30a4b60368f58a5e |
| SHA1 | a87234ac1bda87313aa8e53bd9d302b7e16e553c |
| SHA256 | aeeb5e809f00f7436a9b272a7ce68a7cef18324d65b8394d14bc01cc8bec4f7b |
| SHA512 | 4606002417823880f0b7d7ea703d4f6c37d9aa2f79a389beb0ca391873379611fc7413673cb451b84ba621c74ccdbc2a5b815987cdb0c3d18a4d54d6fb998490 |
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
| MD5 | 7450cd9fb720d0ea4d37fbce687c7fa5 |
| SHA1 | a39b5479fc6644461994f38e208ed8badd1d7a87 |
| SHA256 | 08b120424560fa3865b5f2821ae471a6de60f8f90abf7b104b3232fdf4e60b62 |
| SHA512 | 0c1bc25a9cbfe4a5215d3d5ae30ce77aa8218b3f88b22cda75e60e19cc3713cd44c07c04405989ab5db7f083f5d81012d79afe2e4a837537a0c857663646ec66 |
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
| MD5 | 0f80654b0aa8a097295cfd15283c99ee |
| SHA1 | d8af26ed7f03f70a1d09064db0d7a76774df4061 |
| SHA256 | b004fce3176e8f074a28c940461638b0ecc51f055187a89c3cf784215f5102e4 |
| SHA512 | 279b86256581d99616743e46da3008919bf4427b435813c548eaca3abdf3e57598c2883e2c914c7f8c415d6b5b121baa22905269e6b0437622a3968a46a1b6f3 |
C:\Program Files\Java\jre-1.8\bin\javaws.exe
| MD5 | 8e035046e8b773c936abf76e1cc56822 |
| SHA1 | d4bd97324260acc393f7e4986957648071e8b6c0 |
| SHA256 | 7740ff8c294e63db48cdace35000865ba3588cb57f011a675cd454cd4d92e7e3 |
| SHA512 | f5bfc3070f4d69d921fc1356681afb2744e60e2c1249ff728720d79b34adec9034df5a6dbe083f536a9d7fa05bcb9a140586066948985d3df5c7e303689e10d9 |
C:\Program Files\Java\jre-1.8\bin\javaw.exe
| MD5 | 7880291fecc33566f3fc636f0af26b0f |
| SHA1 | 82f2949a737cc69901a18071adcca054ceddaa4c |
| SHA256 | 43fba635df6d89d7154f4d7af224230d284adf20d06b951e482946fcb172e0ba |
| SHA512 | 2fa858e710c8962b7d51bb5418dbb0c9e554c158af9b81c9013702121e57d6034899d41e7cdee8e3cea38c940f1e3127bfa2242ed928f27366cb3ff5dfc099d8 |
C:\Program Files\Java\jre-1.8\bin\javacpl.exe
| MD5 | a42a21de424274a6f902539258450fc8 |
| SHA1 | f103ed284cee87d0b7afa493dc221c29e48256e5 |
| SHA256 | c1a76f14157f2172961ae9f404356ad90f35ccfda7624b8618c9cf62bede461f |
| SHA512 | e6cf33fbbb086291b85b681a4510e3e7a911a503d759e7cfe00d9c3060725a1762ad25d0436ea30543144b845ad6c98f36a37c0392e56f7c18ba91c14767cea9 |
C:\Program Files\Java\jre-1.8\bin\java.exe
| MD5 | ed2188364c6a97cc8bca4f6e17d7fdb4 |
| SHA1 | 949f6fd86033832879dd46937cfaacbe2e7fbe8c |
| SHA256 | fb3fa7b23e7144a026a78ee3d780e91f93cf954532bc8e047d7f72ce6630c898 |
| SHA512 | d8bd49302596fdcfef1daa531ac41388b83febf8d3b4b85bf6c6605426debbc98f956f0f49c110613282225c571bf5c10b2418ecc8fe13b1d70f2b4ddd72d02e |
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe
| MD5 | bbeb7c76b4771d70d6e39ac562b5bf96 |
| SHA1 | e8ae659c797135f03d677f900029a13fea011325 |
| SHA256 | 033e5d02d1e3158943fa4e90aa545945555a85107169c118d8f62207775e096e |
| SHA512 | f41e5abf762623b8ed222e5c7d95e783854d5d97f046b6d409a72bb76d7f2cd8fa35d30ae917096bd2e7dc411b9f4c4aa7dd8f3559ffa8605a866173b5ffb94f |
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe
| MD5 | 45356448361370c24f0ee7b81b030df6 |
| SHA1 | a4d3cc283f5688a364e6fc318efbcb778f8ac7b2 |
| SHA256 | 4b7b19b515f2f1bdbf7053769bfb9ceb037e7a9f7f57244183876bb0f6b92b4b |
| SHA512 | 2aaec83ba816250c9ce74d6316f9f1fa2cc97a78ffca09566493271f1202330d9d00adaddf91624985b949006477b530d3b1c4c563f003ad8a54a798f3890b66 |
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe
| MD5 | 7a995adfcd63e35030b81d624a60f509 |
| SHA1 | 68d8a2ff5eca138ccf7494de95dd2d86542d40eb |
| SHA256 | f302ee42c500e5e4198d1620b91d75cf3eb1ec54330f052c229b607ad61d3b14 |
| SHA512 | c12e9b13b31be1ed9841247de1c143b72b9cd1643a8502e93eb8c02254d3a55565343676ef42b82839ce48ef2d913a6b4f02a80e8c9ce6b6a20a293bc4bbf2bb |
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
| MD5 | edf0b21b7c5edd0b3a5d2ae58ede7257 |
| SHA1 | ca69c24ac45b7b6f0a5f21d8a5f8cf39ae90f1a9 |
| SHA256 | 7bd03d4f1b83bf83216eacd8306676dd60e93531de93eab0f86699ec2a16f528 |
| SHA512 | b2375d5e3b8bcc11c1a0dbefd2f4e0932f719a7785a56fb33b2ffe9ee28c9df164b40f6ca4734075251e7108262dc96aba4b65c0d5c7b88fbf689e42e949c837 |
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe
| MD5 | 1c93e966128144122c267a2cdc44bb8f |
| SHA1 | 471b060991818b4ed53e2c29eb93e1a1af4edbf1 |
| SHA256 | 108bb7213d9ede912fac19ec78e3f59ab7bbe44276850bb2549a76164e2d0ebd |
| SHA512 | b69ecb357de1f29436e2715cc03ec6f6b7a30363dc9b09821ad8fb6c4462a1933c9a8b17c62a17a5515b292920ef87ae7d6f29731e31ec9a4099eea1ae969f00 |
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe
| MD5 | 6428a35cffb7b16502bfe83806165942 |
| SHA1 | 8c0f3095864c662833cda476609b75692b8d34da |
| SHA256 | d745fb730737b997dd140ab726ff93a3dd0c2de8472de8faceaf5f3cc7086f3d |
| SHA512 | 1cec4fef0b76643c263c1863e7a2aee17803f28e0e96ad7ebdc7095aa0701b9ce7d784bc5e3d71e239686637b857f5ed196026ffc40749358120de650abf790b |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 0d6f86c105fbd3208742f82f14589475 |
| SHA1 | 69399f55e6fa42cb0e20775f5d18cc3ad7b7dbe2 |
| SHA256 | f0c0c2f9378491a7a54416750bdf8afcac126dde90b1dd59436ae442d3847c2c |
| SHA512 | f5fa2bde24a987b150fed661f2348ecf9cae944bca674c25d56a3548e8e4515b7d6f128d5942de084939b2b19130dec93e5db353d1a7e76a68fcf96c6ed87fce |
C:\Program Files\Google\Chrome\Application\chrome.exe
| MD5 | 8c29b027a605168c65bb84e20ee107b3 |
| SHA1 | 2819bd241db28a3730d09b0d48047c1c2164a8ee |
| SHA256 | 7b0fcf472352ef9dd84c6eb60967c77046076c6c50712852b749e3d63e10c845 |
| SHA512 | 38cc6edd30eb409d9d688d16ad606b8fff33354e5650f6d52b2640a4e1ec3dab5ff94eb38277bcc1ba63217bdad6ee25b06269e0b428cb15a1dd0d8133a0ce87 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe
| MD5 | b5ca49b865b76fa4a6f4f290e7f3d1d1 |
| SHA1 | b896c054a70e05820dd9a7ac96ea506b8ae4d61a |
| SHA256 | 930ba492f2ee3d3fd437ce666e1e95afb88987ea6b230ceb6fa80b2a003c8508 |
| SHA512 | d2c4d7eeaf2c6dd6e9e5b47b564c5b8c3c72bf1f0b98cefb8885ebbe8349fe50a92ae5ac532bfa6db1b253c7a2acf9b349ff5bd0096db5e1560b683ae0386ae8 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
| MD5 | bf53ce636c09bdd3df6d99e175b1028e |
| SHA1 | 4eaae8e242f70b124891dd562251116246341f6a |
| SHA256 | c3d40b2124bb7c0e191ed985a287313dd65e074dff54271caabed2dbd9263f1b |
| SHA512 | fa91858fb80a0947b7816eac269e5ee4660dc37d45fcdf4e40e2ea831a57fff044cca1a0e5cdcbde64ae3dbd44f06d139a8b2e95987604afd5be23596885c6c0 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
| MD5 | ae215ca94d3183a2571545796884abcc |
| SHA1 | ba4c723847f2ccd25de268a6c5811408faffdbc9 |
| SHA256 | d7ba5ae4544d0b18a7afe2536ce306d0bb0ae437f18a831842da68b3cc647ba8 |
| SHA512 | 6371243d04eb56b1d6cd4ee62d2e9b28697b2ee369cc1f7fa682932e2236ea93a5e4022b3d24497e539e32e52fe26e8fc7b018099ed839d10969df7e122f92a4 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 62836d60683a0af8e1982ba5f1534292 |
| SHA1 | 7f9066dfd17f129a5d28bd0830a676a4c4f9574e |
| SHA256 | a32ea068c796db1061e0e119478620d1c40c8cfd73b622b151e90dc007c8d6a1 |
| SHA512 | 1ae33b0c2a9d83d1249056ac12c513edce0c266e174c8d4775d170c91ac26c2500fd5d170ba28a9d60b5855b6b8804d14609568f8ec00e9dd916461e22a00d35 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 775d48deec6c3ebbe25bde1cb1344ba4 |
| SHA1 | 52338f6b766e2f3d4c478f4ade443471d335f13f |
| SHA256 | 96f040785542e79c31b3a65ce2390468623abb985d769294c4913f87ffe46515 |
| SHA512 | 3f949e381adbf3ce3acbc4d8727e2a8977ececf10eb26d53329c0f2fdcf9c5daf49d45878e9f8a8f7f4e1bb7513196944af0f5041697b909761fe4d8f7fb40f8 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | bc75f93b6bc96efb73a86e8e474e3765 |
| SHA1 | ae9cb082b5a69582bb061c037c15f906c1a3d870 |
| SHA256 | 435f1f4bc7b636d091f6c58f038afd53f07ee1697dcb4e795047eb93b6696a10 |
| SHA512 | 6301ab7c4a26a09e3c7a2d1b4bf05458be473004a6a49bbaca6679053297c58c204f60a760f5a19da41026202d292dfa9c9990b0cc2c11ac2fbad6ca06d83b9e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | dde6273a729b321e75aa47204a22f739 |
| SHA1 | 609b7aecd06c8dc711a7aff3e0dea2b6d31a5a65 |
| SHA256 | 1aabe23f5d194434c2d6c5218a25e0b228d050732ff87f69651516fc3ebae7cb |
| SHA512 | 9c6083ce698c869e98ac9dd9bd9c5b8b2b7be943faa034820bbfab186a094c7eb57d7e8b0091e086da816166ac66104f96b4c21f3701e7ed70bf8ad49c9cada9 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 3e96134e9153231d4d3647312925ae2f |
| SHA1 | 9d02d3ae562dd29e9f4264d42c3afa0b0f888868 |
| SHA256 | cf0f7f164f5d8847480e2954c63bc6509353dd69c4e790ac6a5d6830b7389c7a |
| SHA512 | 4953fc8b0bbe864468aa6c4ea07001a46183069b4347c07bbe35014f8278487c8f112947973e5741d2ad2b9e5d6ec697a8b0225acc28e607883f614abdd6dcbe |
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe
| MD5 | 248b808ef87314f23d79e5ca0da1dfa7 |
| SHA1 | 9bc3a8cff6f4be5124504d0ea1f91cdeaf68df0e |
| SHA256 | 7cefebd0b544ee435d8089ae128bc5cea4f4c03855636caf341f07300cdf23e4 |
| SHA512 | dd78806e278c95ada432ae5a75076d015ce2fd155c086fe51afcf5e90362783d4226d2f2463f0b29d5452228bfefd7438a84ad670fd7f0e5b574fdecf21689ed |
C:\Program Files\Mozilla Firefox\updater.exe
| MD5 | 42ca2c50b81aa38a87b321668587f6dd |
| SHA1 | de40e424ae773efa667dbd61bbea311978905844 |
| SHA256 | 3b8dc2fc0cfd4fb26377de2bb19028f3800cdb37de1bbe0dacd2dcc19f815f00 |
| SHA512 | 676bc82d8f0a716a63fe21fbe176e20dca30458a6beef7e037e5a83b0abff0185d0a5bed02c684fea4e984fe229c29a8241c55ee4de5924082d7e5c6ea21d3a7 |
C:\Program Files\Mozilla Firefox\plugin-container.exe
| MD5 | 63042d4b8e056c8bf835941ecd1eeb04 |
| SHA1 | 5118ec0d69b3d737bae76017cf010e8168492308 |
| SHA256 | 729ed0126ef40f91cfd2b416984571e2d0c5e1fc30edae25db14ebc781429f9a |
| SHA512 | 215a9d3919e97212fcba21b1be15fb95473b033024921ac8760ffc6e260c683ca2ace3bcbac0bb5871f795c511eba3dc2ce363c93eb56921f08efeea80a975ae |
C:\Program Files\Mozilla Firefox\pingsender.exe
| MD5 | f10982c5ecf4b04bc13c62297fec21d3 |
| SHA1 | 836a1041f05ae2c6d49fcf64ef68dd6212489364 |
| SHA256 | 44bd5bd226722ea0da59579a4354135b2c94562d65cff559c20b56d8cee34abe |
| SHA512 | 5b88e31cd58efdab1a3fc86f3ec1b683297d0fc802452f1fa7d0a77cf9df423b7782084707538763e83bc85ffc81b4449703ee22f1ca8c94fa8f702f57dcebca |
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
| MD5 | c671f7fd1d12eab1437f518405f44299 |
| SHA1 | fa0a1ccc9d218cd313e90bddf8e69e177be12774 |
| SHA256 | 6e3fcdd454d8ed45c0b9e7a2cf095ca2ab8a92176fbe48b9d8c431e9f451b854 |
| SHA512 | 4e1957f50f837d2712487bb3130a1537de1e569f0ae2242642619774a79470e4c23b4cd6c56ddb1ae0d6fcf46190417d5d8b404fc7ed5ce22f73eeac59592b50 |
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
| MD5 | fbd0a801e16f0e73bc9fffd040e9d4e8 |
| SHA1 | db80e8b047a97089122e00d45334a52d877063b0 |
| SHA256 | 570455f4bbc854b75ef213266734a83af70245205bbf78f7f53bec54056aa82e |
| SHA512 | c493e8cd41809419e7f7e3e27cec15e1a8573806248d4d5ace0063ba5d3be05aebc8a549133c367726c3d8577ffa641f3ef30a12cffe55ccbf009f6485bd4177 |
C:\Program Files\Mozilla Firefox\firefox.exe
| MD5 | 7abd409c19527d15d5df666eb1f0a8dc |
| SHA1 | 5dedafae7be52ee33fe465c8acafaad82a5ae49e |
| SHA256 | c1d80f17eeac765b2dd48caa38b77b1b3cc113c2aa442058858f4acd4913a656 |
| SHA512 | a56afec858c2d47cdbc605521642ce325c27681c9e0e5a71c9e40c8123824ad3a2d4dc7a29d5cbf3be52d8f7cd97afc4e2f3d287c22e8af21a9e09ecce2a6f0b |
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
| MD5 | 29f362a65002531da5d1d0e4d54547e7 |
| SHA1 | 917246cb0b853e3281afeced7a9fd310aee4cf92 |
| SHA256 | 5f1c864d6c80aefd240a77b83ece58d429461d5d954636b5458a59392282aa31 |
| SHA512 | 0ea658a8b414660324dc3964548313a3183851b14ca642d609145b61e3cb8e9b330090fdacf4d03c73f434e1053918ed71f81ec01bbe25474dff0a5a49adaf34 |
C:\Program Files\Mozilla Firefox\crashreporter.exe
| MD5 | ae73a2f542f68da9ccf086c46359f739 |
| SHA1 | a46b87d896ce7da33889836d6f7a04b77e4d5698 |
| SHA256 | d18bf5a11dedc1391c55a89fb5111436aa9fe651173cea138d33c74071a5a7e2 |
| SHA512 | 66cf3a9c84aefab0f8fdd655b03be12668f77c8bf03aec6e963dedc045405ec13137a717256dfcf1556864f55c05ce4b0af9b8f1f23fd48f2fbde57bc6d94ad7 |
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
| MD5 | a169af61c8be7231759186b598937609 |
| SHA1 | 6608fe141f161e0845d1ad7ab4922acb253b3bc9 |
| SHA256 | bb86b85852f6bab688727bb09d48f167994d36f6b290f0464cfd8d69ece658c4 |
| SHA512 | acfdf6be265925b60c104f218314938ee9cf1b22b78295bf73b2fb169b007dc0065f944adbd5e5428c33f93f867cc800ca57ac29041234d3c04dc47e393b10f9 |
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe
| MD5 | 67ad7ec9c15bfb42a6899fffddc61066 |
| SHA1 | a7d4816619caa1e7db767aedb5fa02b31b488f62 |
| SHA256 | f66adbaa25905b36c3cd9e7813b6792cf8f70e51e39c0314f3040487da4f6f99 |
| SHA512 | afb9ee85a14550962f7dccc5f295b4fa8cd0ebd0eb70daf9f4e8255c59bd659140018d0d03aa188868ab25dcb7577419943b78a088f9ab2ac6c3863ba6109b6b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
| MD5 | 50336c3510040cf1c5509a37ff2b4df0 |
| SHA1 | 714787114af61aa3e2ef54e393a458b4409cca7f |
| SHA256 | d3244606508e08c3345d529920a5077e3c58e8c8ffccfb8362ffcd6f19a418ae |
| SHA512 | 2a3f0c2571301e9f0f4fa3e9252a5635baaa3f7589fbf1edc22551d075280314f5501aa0f7da6c46508887851d608fd77be78bf0f0d1828da180cda84f4b9c4e |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 4068fe40cddcee1b584c60a153135111 |
| SHA1 | 2dc8e95ceed028a1b37e95504e771f74524426d6 |
| SHA256 | 13add2ed3e3183682c7ec9673695bf005d10425585d5c46c56201db2e7f26220 |
| SHA512 | 548a983d245c109e82502d2ecdf949be57ad49ce34ea2a37e3fed1817182a70e36b37fb30ce3842db1b68c7ecbdc1dc5341745b3a2db4541506e4c6a3a14a8ce |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 6b07d892f85669874a44ece5eab4651f |
| SHA1 | 11cbec25025e649f3e0868f65dd5b8145d168144 |
| SHA256 | 4cacb908b290ff57937080d3754123e213ba21e114f1188e022ec2a2cb32c1ff |
| SHA512 | 08a12e9a1e007d4bf851b89e1e4602aa2708edf5356b6f8c3837cf351ed8ce726f87562ca210f582411cd3c0e9a58e8302a789b89ef489b3d8ae9fd2dfcfe47a |
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
| MD5 | ed1574df84e0a5d4988d93a49f032733 |
| SHA1 | dd496b1e16077714020c480bc1bb8e02ab743204 |
| SHA256 | 8e08cc4d6f1870c16aa2670437dc870eb414da16b9c67872d5c5cf192b8d694e |
| SHA512 | 8e2c8000552fc5cf320bf34a9e8d1459410cce905b73a7f82549f97ed70f4d742e7aaabd2f5e8990f72d9b23f2eb93dc0aaab2a8cc83f060d6f104b37f7d0a64 |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
| MD5 | 1da03aced8439925392fbefde2c1274c |
| SHA1 | e97c626d940840b38217a9f98c6beb3f56b5d08a |
| SHA256 | b37e3983bea9036ff5ced7ab2f8e1db0ec11034a6233ef46f5383eab4bec368c |
| SHA512 | e5215d83a513f1cc0233aae3935accc17f70841ba6a7d84331b0ec448dc2390d08c5c93cd44c04b9a79087a12d27cfbacb5a0f1ecef4039437e4a85560b99fe3 |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | c442d09867aad2b320b0258419015159 |
| SHA1 | 50bb4e39e87ceb88e9b9992ae343610a07aaedca |
| SHA256 | 6be5afc0519bcc0da85678ff841909ca299f1e18ba9901e868ac10c03b0ffdf3 |
| SHA512 | 5fc474c66f8e7c851be32913809a6cbec44dfac73000111d5063dcddf5f77b090ca1430a38f71b75ce2b52babbbb402a20092ed23a9697f90bb1f3dbf848ed31 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe
| MD5 | e66ab30458f38b5f695b6bf3989e67cd |
| SHA1 | b45f404183c0b5314324e3c34914780ebc6fc9af |
| SHA256 | 75c693bbac08a2c020a095cbf67c680e93f172c3e99988ba2194bb5c03921d41 |
| SHA512 | 73671d5dfe0d9f4627f30cb816d0d40485e2842f7928864783b1f5661c11b39f31a9f69d39289b24d757bfc057ade10c8c2dc91f80736d1a9fceb5ae4815e834 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe
| MD5 | f16f89a05b9ce10996593358810dc308 |
| SHA1 | fa37dcbbe5d0183518dbaedaf4901bdfc22483ea |
| SHA256 | d3b22bc2851548fcd5af05ddd6d40b0e77401bee618320bc735d6acde39c29ea |
| SHA512 | fe9952743f94f942fd41e5328d6fd7ef9279590eebc204822e508a4d9bb47c1982c22c4cd3abcf8fce189c7d4cb715b5b47bbcb71b277276246b1b13bc14594b |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe
| MD5 | dd7786c81f856c91c5daefd7690e0b0c |
| SHA1 | 25dfc5075633933562d9ce86ffb629ace1c56235 |
| SHA256 | 4e67d5158500c3d763ada2cca97f6cae4b2c1a9a9fde6174e194ad2310a59a4e |
| SHA512 | 17e6be5f7ad6f46d505716d03faeac58516e596a9385219f3a5c41abb923fa7bac8f3ab34225170e6e65d30f83fdc9cf14a4e4d77e6f0c56070fcc1b67d5a3d7 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe
| MD5 | cf7ad386361ae755479a29b61ff1fb16 |
| SHA1 | 8e088158e3647d94ed04a388d43da123b6dd10ca |
| SHA256 | 587f8538d649644243a7d40aa0bfbfd46a84b09dc28a7d0010e0d8efa8d82871 |
| SHA512 | fdf7efae0c027e231c505fce654f664cedf7d8c8dbddee06ed4bc145d310257a4857b266abedf9900c5ab2efcec840e4cb8fd2e176f90409de3805ed3ac2a2f2 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe
| MD5 | 6ce4a519d6f827293ee4631ae7de27c1 |
| SHA1 | 80570e0340a7781603c9975fe0e96ab6aa40968d |
| SHA256 | 2472d13c1cd5ede23afd855d38bba9e84637ec734cd80152ef3b61c425f404db |
| SHA512 | 7ef3aadb33e3f6d35f29d9cacdc334667ba942cae78c1d6d7e6a9506578477120aab65427ce904feefd3c843892350966b5c747df930584bc2dd34757c36416c |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe
| MD5 | 30812407c75a27385f05f8a293c3cebc |
| SHA1 | 93e54ee222d40ef529a04bc41f071d6ba719ccf5 |
| SHA256 | f925cc40a5a6e0b294710999586b5d3802d51ba4d5a20e217299a9b83044bae0 |
| SHA512 | e8eb22f5b3b89bd0b645e6243d06051927edf66a959ff1ddbc162e8b0336917fdc3275eea980ff8dadcedfaa2541b88f8e6748e5b1b01874acca7d342fd60b4f |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
| MD5 | e4c09fd6b3aa96c9207c9cea0bb09262 |
| SHA1 | 3d8570677a64d1c46cbc7555c1b0697e2c291ce1 |
| SHA256 | a494a2f670c8a618f777c743fb9eed9ae18007e59962203f20f4227c534c4aff |
| SHA512 | 0df2b3aa56cf32488ba57a8490542f1b484d88f4cce0ff62a971cb9edc9b6cf0588bd4023e67734f03ac62d0fccade7fe5b7cd2874f1e4e5538530a0f29ae4e8 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
| MD5 | e14960ebc0f3f7fc27e8bf43f365b286 |
| SHA1 | 4f832a273b96a4fb163d883bcb111f6e70bc8ebb |
| SHA256 | 15ad9edc321dc9afbb6ca0acbe3eeae4a70fc01116abd0b32726c82208abcde0 |
| SHA512 | 2fe76cbc40a8ed97a073b2dce499a833ccf4e76534b7fd9003981c731885ecc2bc81a41dacc2ccd1b2d23869542847cb763e325703bb75b242b886e8e4e182dd |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 9ea89169456be9a0850a81e4c9e5bad3 |
| SHA1 | b6f7e2ab64225a8e52b02bee0dae0a9763170e4e |
| SHA256 | b074d71e3afb1149370cd7391d0c2ab38a11cae7999c2791b8fe08c332b30720 |
| SHA512 | 9a9e8291710e3cde1ac4c09e533c55a771b7470551ee44d959868c8fae17a5886b4d72055eed2573e65f51af48e18700eb2af3e23968336924fd39613177e110 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
| MD5 | 6f3e89894217d080654bb5a76eee1107 |
| SHA1 | 5d1f87c9bbaf26b497f4a99662f9584c6c0883b4 |
| SHA256 | 3c8ef0fa3caf163b04914b9a0233d927670d28d6379b287e1bb4acd9ce6f13f2 |
| SHA512 | 4b512ee1bbf26bfc4acad1e87bcf14db1db7b8906ed13d68c9294f14e97d112f3ecd8086312edff08dc365b2e7fe0e9992353aac202fea353f4647a2cf02b121 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
| MD5 | 0628da6f6efd0bc517253ee84c7975fe |
| SHA1 | b27654f22656881c15bccb089ac55f9a98abbab8 |
| SHA256 | c6f869a4932963d0c59abce59f7438e1dbe795bce25d87af1ae94bb7bad8a20c |
| SHA512 | 5f770c1d5ced2e12e51c1e338aad35f48baf8c9b1ba1f99b19c54644cbe66495cf7d4cdc8541de8e60aa1727078fa8756fce0a5f0806bea64ad42a4cf969558f |