Analysis Overview
SHA256
6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b
Threat Level: Known bad
The file 6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b was found to be: Known bad.
Malicious Activity Summary
Kinsing
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 15:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 15:33
Reported
2024-01-25 15:36
Platform
win7-20231215-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe
"C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe"
Network
Files
memory/2228-0-0x0000000140000000-0x000000014060D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 15:33
Reported
2024-01-25 15:36
Platform
win10v2004-20231215-en
Max time kernel
85s
Max time network
123s
Command Line
Signatures
Kinsing
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| N/A | N/A | C:\Windows\System32\msdtc.exe | N/A |
| N/A | N/A | C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_109750\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Windows\System32\alg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3564 wrote to memory of 4124 | N/A | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe |
| PID 3564 wrote to memory of 4124 | N/A | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe | C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe
"C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe"
C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe
C:\Users\Admin\AppData\Local\Temp\6d711bd12d13e9e4316f034771b151505f4abf5524834ded1b735b04a09a379b.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=105.0.4970.48 --initial-client-data=0x2c0,0x2c8,0x2cc,0x2b4,0x2d0,0x140531030,0x140531040,0x140531050
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 34.41.229.245:80 | pywolwnvd.biz | tcp |
| US | 34.41.229.245:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.177.190.20.in-addr.arpa | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 16.234.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 208.244.73.0:80 | tcp | |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 208.244.73.0:80 | tcp | |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
Files
memory/3564-0-0x0000000000510000-0x0000000000570000-memory.dmp
memory/3564-3-0x0000000140000000-0x000000014060D000-memory.dmp
memory/3564-8-0x0000000000510000-0x0000000000570000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 948ac5ddb07aa20e3fac332c76d458be |
| SHA1 | db9abff34f3566648284c4d68766c2ae97d59683 |
| SHA256 | 50fd4598ac36b73a2a64126a8e920ead2fb76d03d11b436008ea36d7debdcdc6 |
| SHA512 | d2df1dfd24420f0e350040f4b3d572cbb74b934cc649729cb4f8d09a10629899633f6667b6b8a73060011f574cb7b50fce10c36270f5347453dee2825f29e73d |
memory/564-13-0x0000000000730000-0x0000000000790000-memory.dmp
memory/4124-14-0x0000000001FC0000-0x0000000002020000-memory.dmp
memory/4124-17-0x0000000140000000-0x000000014060D000-memory.dmp
memory/564-19-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/564-26-0x0000000000730000-0x0000000000790000-memory.dmp
memory/4124-31-0x0000000001FC0000-0x0000000002020000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\debug.log
| MD5 | 24c17f901589c2b10a9f098bf5326bb8 |
| SHA1 | fcb2917bc7362cecfaa69a2d2ef63217c7073d45 |
| SHA256 | 9a194f90949053ef782bb37cd4ac80ccc3ede2fac2d65135886b6a885643956d |
| SHA512 | 925527a6be833b5221a11f76fb4a6b81063f910a18c828da3b05f545196cf7034f31d508b8ca92db8409153839388eb24a650e55abe6bdeeb9e40426ae1fb9f8 |
memory/3564-37-0x0000000000510000-0x0000000000570000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 1c0805d1048f54ac3f53b62fbed68043 |
| SHA1 | 032d1dfa1d8e5d6b18c4634f06478f8f4e44ace7 |
| SHA256 | 7e3082311cdd5c7ef52420c3112cefbb9c391e8f7b2d448112f9aac4baff2446 |
| SHA512 | 94f3893aa17b5ac90fa2efb09948c0d6ab914578614b31fe419507c61271be6d241a6ed184a637236bee4fe53134002f906ccac4e8632d47a88ab84e84d55aac |
C:\Users\Admin\AppData\Roaming\d28420751222d1c.bin
| MD5 | d8227c0e931d1c90527c3ffe22e26caf |
| SHA1 | 694d06648d36f2fc0d721563431180cedb9d810b |
| SHA256 | 2b18bd04a1f077d93338cc3e127f5e6d611f9ec9275de320961e639f3c760e35 |
| SHA512 | 40c8902f822ac3318b7139d132b07777f126c60f2689a66e2e86975f3b87b22e50de1cc23a31cccedff3e309c36b1c69adb190f5c7110b45777681730c823a97 |
memory/3564-42-0x0000000140000000-0x000000014060D000-memory.dmp
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | 9b05f4d95a3b0b32276374264e3c5d9a |
| SHA1 | 39bf3359d21923fe11dbf3f0b941cc8ddca88f74 |
| SHA256 | 750a3d5a06a5adf59a3dcdebcb3905c6bd8185b37486568a113dcbff211f61f3 |
| SHA512 | 5e2da395d108eb265cb57550bd20634c9df9abdd255689b6662a69b9a008a18caa5c05e37562a171eb9e0ab64972fab2874ecaa706b8ed39d8db51f1424bedf6 |
memory/2216-47-0x0000000140000000-0x0000000140237000-memory.dmp
memory/2216-46-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/2216-54-0x0000000000440000-0x00000000004A0000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 78f3499effe8e9365091334efd279cd2 |
| SHA1 | d1c1fb479a67241d6e443cf8b77d5f894012acfa |
| SHA256 | 72faa128dcc91bfa7015b04410763e4f2b8a7346582c633f9aff6708e2b5adcf |
| SHA512 | 2d525a5ea0c2af3dc1f7a560ea7e9dc3f618042e3173801f0aa1a7ec273290ce1b3cb6b041de3c771dd8b85b2854fd72faca57a3c178b629048d491dc19bd8e8 |
memory/368-59-0x0000000140000000-0x000000014022B000-memory.dmp
memory/368-58-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/368-66-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 5c657da6f327e7790056262b962684b3 |
| SHA1 | 696b3cafee64878b39829bbeb4aee8df63dfdede |
| SHA256 | d3f3bd7b30320bfbbabec2403be9d4ec1960078e192cc1d179a6ead30025af4c |
| SHA512 | 74a0cca619bea9ae3021f8aed14317bf9c427ee3f0234e2f5c0dcfbf19e4ebe45519c460e5bbeb4ee457d641ede9bbe591685d65126c947160f755aecea9450f |
memory/2284-70-0x0000000001A70000-0x0000000001AD0000-memory.dmp
memory/2284-71-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/2284-77-0x0000000001A70000-0x0000000001AD0000-memory.dmp
memory/2284-81-0x0000000001A70000-0x0000000001AD0000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | b2ecc73608b4f0e86de5e4ed07477abb |
| SHA1 | b68e008c1a1777fb2458a7756cd8672ecd4f7dc8 |
| SHA256 | 2447abbf276fe813443baf30bdbefcb3669851193be98e667032a1aff2658d9e |
| SHA512 | 2a6f1294bf31c5dc48922d483481a4b59aae9ede189ef9d52c668d5e98eec38e05ec484da14d02eac99b59468c4a182f2ea9c6f6dbd477e99965d9c148d17d1a |
memory/1420-86-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/1420-85-0x0000000000700000-0x0000000000760000-memory.dmp
memory/2284-83-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/1420-92-0x0000000000700000-0x0000000000760000-memory.dmp
memory/564-95-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/4124-94-0x0000000140000000-0x000000014060D000-memory.dmp
memory/2216-251-0x0000000140000000-0x0000000140237000-memory.dmp
memory/368-256-0x0000000140000000-0x000000014022B000-memory.dmp
memory/1420-259-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 9f0669b78cf57fc6579487fcb9fd5a00 |
| SHA1 | 21b45a6acc431ee85911eb1691dd172a5e504c42 |
| SHA256 | f608a03099f4fe56743c0b7facc541853595815dcbcd71c948aad9d5d5b167ee |
| SHA512 | 03066fa8b7d4b558e9b3787c06a2eaa0978b73ef9d5eaf3b014c28203aaf33f4a172820cf71e4675db30f57225bc773aee8c93a68505464d6ed6fbd509553c5b |
memory/3960-263-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/3960-264-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/3960-271-0x00000000004C0000-0x0000000000520000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 02c0694196d4ffb8302c9615ec083641 |
| SHA1 | b16774c39b3f28e593232bda637c8aacec90552a |
| SHA256 | 3158ee79d9c5a6316b322881c5bb16fb42a75070610e8a38c1daab113f0d5643 |
| SHA512 | 728652c1e99abdab944115bd4588b6dcc134dbe701fb11ae3cbd253b29bfc7f61ad58c2335a9b8edb9943f6ce088a775b246750471193a5584aca10661b43f3d |
memory/1596-275-0x0000000140000000-0x0000000140135000-memory.dmp
memory/1596-283-0x0000000000EB0000-0x0000000000F10000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 29b45f361ff3a7a231a11812b7e62a31 |
| SHA1 | 31e7df541ee1743b59148075b79b855302b6b4a5 |
| SHA256 | 1b5297ecbcf9f7981ac65e7796324cd2385c25f551b4d6633977ca9751d928a2 |
| SHA512 | 99009b70a226b0ff1d20bee813c0ef41f8ce0f38678f08f6f3348f90a0a2ff6c9d3415cbaebb968b670e90c80c9a51d5673dbefcff477211f6d2ee0756cc676e |
C:\Windows\System32\msdtc.exe
| MD5 | 08403a2e63f489039ccdbff5670ff8f9 |
| SHA1 | 58fcf9e981c9f030bebabfc30ed0d399429212b9 |
| SHA256 | 9183d15053a1b23e774b31d50d051a99dbd3a0b70e434e656e8935e9214cc662 |
| SHA512 | 67e7ad1cea920761a4fe75c27482e737d5a2f7d4be2f3788777d9600b7c6963439087ee795aa151127f0c8cb71bbcc468ebef209d1937b8f8835e40c99e9d173 |
memory/1596-293-0x0000000140000000-0x0000000140135000-memory.dmp
memory/964-291-0x0000000140000000-0x00000001400B9000-memory.dmp
memory/1596-295-0x0000000000EB0000-0x0000000000F10000-memory.dmp
memory/964-300-0x0000000000CD0000-0x0000000000D30000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | 773ad402824e5547fe3772cbe1d7e479 |
| SHA1 | c0327421dcf7249556ed40df7e68d6158852476f |
| SHA256 | e7727795d4ecd7f1d90b6edd6f7db6b526f117d7b5e797320d8960361bb5e17d |
| SHA512 | d535044edf1b70005ba1dc3ec76302017211e6e63032d2c8ca1311ef14df34aa082deba037d226db309f410babcd740035915dd33235be972a66e76356cd727e |
memory/820-305-0x0000000140000000-0x00000001400AB000-memory.dmp
memory/820-318-0x0000000000C00000-0x0000000000C60000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | dbad2721add310dbd9d93800db26d9eb |
| SHA1 | 2eca6c4240796c4b1ac1137a57044a988111030a |
| SHA256 | f8744313ecdeb71844a923ecaf459ea5ec27f23183dce56c9a49ff77c93e043f |
| SHA512 | 845917c8fd604ad6b84fa5f3811b1e1a2855cc3be970b35378b8e6c296dc77e507baacbc96b00b548ff860ff4d7e3ce4c527cca97b5469885269e04cc8b63dd0 |
memory/4852-320-0x0000000000400000-0x0000000000497000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | 9590ebe797b6b1874b6b0eafe2c2dab9 |
| SHA1 | 5888d5409f3064a39a665dc7163220150373affb |
| SHA256 | a1379e0188aceb8f6683a9cbfa3222d5f61327ea7a9466d25fc1b1cdccfd478d |
| SHA512 | 1b0ffe146d0102b7ab2484baacfcc328c79f3011f8c71d5dc6c599b15db554062bd3c67685ab4205fb76fae1fa785cc95af3ac65edfac03e63fb47feefddf179 |
memory/2896-323-0x0000000140000000-0x0000000140095000-memory.dmp
memory/3960-332-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/2896-333-0x00000000006C0000-0x0000000000720000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | e9055cbeff251e59e867d32383a2d300 |
| SHA1 | 584edb3f21dc8b0d7ff73101bccc3422bb9f5557 |
| SHA256 | 1887e8117ab8a3ee1a4aa850dccda1509b4f9977a2b775a13d69565a45cd6b79 |
| SHA512 | 1ce32b9b2ae20e63eb6ebd58344ad7ad28df21a63b88fcaf8f1e167cc2af424cf24f8294f28263eb630c9282f8fed2ae9e908dd08fa46f06f0abc9a9b2e747f1 |
memory/392-336-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/392-345-0x0000000000730000-0x0000000000790000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | ca1203a476868ced233804ec9be3b8ec |
| SHA1 | e2ed7c517300b2e55f44801de5932657363414ec |
| SHA256 | 305736199fa23d4f2b933064b8b135b90b764b80d36348e32d9a56cacfccb3b6 |
| SHA512 | 9a3425bc414fb6da0f94cc2f8734ef7ee432f94b8619433624b534189d41ca6b20028c96e931683a1a7da7d57257ee2f7131effb4d97c57b7347678eb97281ce |
memory/2492-350-0x0000000140000000-0x0000000140096000-memory.dmp
memory/964-357-0x0000000140000000-0x00000001400B9000-memory.dmp
memory/2492-359-0x00000000006C0000-0x0000000000720000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 72bef7e90436efc575aea24ca3ebb7bf |
| SHA1 | 36e859d402197eb6e966648403bdca0eb9eeb0d1 |
| SHA256 | 57d07412e24eb15ad6949046455d87ef947bae9552ca64fafc551cc0a1e42839 |
| SHA512 | 0fefe4c74296646ba31c7cd4e2a8ba912cb8874e7cc4df2dff19cd85b0dc3c299dce204a5b9ec147b28614566ea9eb2d9cc10229a42498b56251ad54f63b1e6a |
memory/964-362-0x0000000000CD0000-0x0000000000D30000-memory.dmp
memory/4392-363-0x0000000140000000-0x0000000140169000-memory.dmp
memory/820-370-0x0000000140000000-0x00000001400AB000-memory.dmp
memory/4392-373-0x0000000000540000-0x00000000005A0000-memory.dmp
memory/4064-377-0x0000000140000000-0x0000000140102000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 8b9dd164cad372c537bd9eed60915442 |
| SHA1 | c3ec53b0c1d502c9dba5b15ba1942c35a6ffbeec |
| SHA256 | 4cbf52e3d798911b4d11bc5de42385b90a87ba9899a9f9b0e4335112bdce2b19 |
| SHA512 | 7c348951d17a75e7898e89bafa776737bf4342830e9831c8405eb887c22eb441fc1bc9d6eb92209228ac8408177a5ed164c0e948a067fb4d8bd81b3432c8b490 |
memory/4852-385-0x0000000000400000-0x0000000000497000-memory.dmp
memory/4064-387-0x0000000000910000-0x0000000000970000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | a7d7543ac18a86753acfe3c0f4b0612c |
| SHA1 | d641ef35ada7403f581b85925ccd1e36ed058c7d |
| SHA256 | 246340fd61d098391648863a69c50dbe027c1f33be38f45dd20cad8411d49be4 |
| SHA512 | eee3e7e3adc65b07f73717b1d3bda90d5276faf5e6aefd0c4e131d297756e074d33c19f76fdfac214003849988855483e50511a03d5f669ce4a9cd80a257cc54 |
memory/2896-390-0x0000000140000000-0x0000000140095000-memory.dmp
memory/4556-393-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/4556-399-0x0000000000840000-0x00000000008A0000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | d6fe3699833b2aecd7b9d23a2ee88a8e |
| SHA1 | 96324980419fc4fab858883740325141ef409262 |
| SHA256 | 5c233e0646ad67635459ae869137c288c6de63c628d73ac1568ba9953405c7d2 |
| SHA512 | 5876ec609942b1a861705053b5bc733da440ed4fff1fc27352b08c73a45ef33a3ba041b28b2d7d42533e0a1d3bf78cf00b1c5f30ae1d74188dcbf71fdde97dff |
memory/392-403-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/2144-404-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/2144-412-0x0000000000750000-0x00000000007B0000-memory.dmp
memory/2144-416-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/2492-420-0x0000000140000000-0x0000000140096000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 4b272afdd3700069d4d5c9ed2411532b |
| SHA1 | 44f67d6d7a576742b7d778f1cfd305b880f5b91f |
| SHA256 | 690721ba45737aac6f21adf98e5e00ad66519cc4266cb12d1a53a3196f3a5e9d |
| SHA512 | 2335c7ffa6ab4d0b60598243d2c50c83fe0b094da1eb30025447ca3ebac4686259d8691a1d3c8ae32920aa35f5c0ebe07e4f70e08ebfc0276c5fe88847299222 |
memory/1784-421-0x0000000140000000-0x0000000140147000-memory.dmp
memory/2144-418-0x0000000000750000-0x00000000007B0000-memory.dmp
memory/1784-430-0x0000000000BB0000-0x0000000000C10000-memory.dmp
memory/4392-433-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 577bad4103a535c889e8551aa2f82650 |
| SHA1 | 229ede6cc7d435e24e3cddae3cc94de82fee924e |
| SHA256 | f4277e2f9afb6af015fb055a3fdbd9346302bb554b66e15f250b04018999283b |
| SHA512 | 3621e02df9e03eb017d390ac3f7999f3c505d5ddbec20c9668c6e935f138f7a26871bbef7718aac8f3dbb39784ee36ce1d904ddb5d734e7be2ac74e134d3f82b |
memory/3324-434-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/3324-442-0x0000000000780000-0x00000000007E0000-memory.dmp
memory/4064-446-0x0000000140000000-0x0000000140102000-memory.dmp
memory/2524-448-0x0000000140000000-0x0000000140216000-memory.dmp
memory/2524-456-0x0000000000780000-0x00000000007E0000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | ed58bee9be0a63ea469b464843c11965 |
| SHA1 | 0c3b6bc0ea2eee61f1f486eeeb4113eab2c79f78 |
| SHA256 | e3d1e94fc1650cd6324ed9b47f8c68becc8b2e8d4aa466f7e660bff66ec5084e |
| SHA512 | e8d9e97830effdf775af267d635bd8dd0fd2025e04573a6da3d6b42beaa35bc09ec42153a56424f53a42d7df5104d8a0da404f0b7490178454c5903055e9364c |
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 6fadc2c19c04ae577f3360df023de6e5 |
| SHA1 | 0f9e34471f714ee1d201547fee6f41bdd25cb64e |
| SHA256 | e1bb646d2e76a69e53401a087d0f619d3e69df597dee906ee6e32c55af8c6a42 |
| SHA512 | 0557b351359efd22eabbc664309aa69be7415961bcb5b59768871c0d5d4f191c5d740c962a7cbb5c5ac66d425ac1dbe860be091e0c17d96eac6c9129b50f44dc |
memory/4472-460-0x0000000140000000-0x00000001400C6000-memory.dmp
memory/4556-459-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/4472-469-0x0000000000540000-0x00000000005A0000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 28466c81c51482910b553ee180932f9b |
| SHA1 | 729181741c1a7a53a7aa4fbecb407b26f738a693 |
| SHA256 | 52820280b7f580deb03e742a3b06f7ea00ef21331dcbbd102c318d28e228916c |
| SHA512 | b6d73ac0f03ddd83b3361ba4cb6150670affdafecd3ec9dda85f53fbf2f279b636530e185bd3524d08a7c4a21f175f3a308401a555eb910557157aaab8aca3d7 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 7072b8d666a1a48225469e2a55444248 |
| SHA1 | 03292c4cf5bf49081028df4be8fba285838822c1 |
| SHA256 | 04ac2407f684df5781b37e3afbd5aa5b2da22b01f8b42f775b0517e7d0c5bf20 |
| SHA512 | e82e1e8070a04e8f7e6dce4ab8ed95d662de7b190bad83b837a193314366f633871af433163890d7dc63421ebd0fc56c5550f7aa2da6be99da852689fd26c2ac |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | bdf92465c2ea518243ca68703043a873 |
| SHA1 | 65168983bfb78dac486e7a0876a6bc26bf1bd677 |
| SHA256 | 4b915e866c04c5083818d35d93550e402f9a88eb5fbbfe1bc4a90c70d68be32b |
| SHA512 | 3dc537d7aeb1db1b71df92fec44e847139dcd7afb43f067d9fec15a7e55763ea81ec7051c21a253685999275b8789dce83a09186bf13c49861dc148f511c7fb9 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 97c483530bb733de27bbd48cf8ee066f |
| SHA1 | 080b47ff273e6fde4ff17d507e58a3f003fe86cb |
| SHA256 | 41b78bfc9f0b59fdf016898f5af49d16855a77161077a66803aac67bd9f2fc56 |
| SHA512 | 83531af57313cd8de4f5ef9f90d9f3da2fd04bb37bb3bc377decb5d0a988e6db4fa2ee967c50984833fd782b96eea7c70e007c9d475729d9f7683d165d3cb630 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | a6682e3f8581933d6acaf111d6e79ade |
| SHA1 | 2ae87e56e841756bfa797c4ab35daeebc6be7d9c |
| SHA256 | b833a597221a949d310f3448ea580477c50ad9c478938a347cb9e9893482ff19 |
| SHA512 | c46b0fffa9b9ec615e095c1e9b4026f066aaa647b3dc4e4df257a864e0c0a62acea8c83b1c5a8d5bdad1bfc0d91b675d3c9e5714dc0b80c7f7ef47f911aa167e |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 38fd8d9491309daaebf8bddcb8d7c9e0 |
| SHA1 | e34c62380df940f0009b03c148cb191caafdd923 |
| SHA256 | 9b0fa930e04b0ef5505037cfd91cf2472e95d6b1307c023696656aa0685a0682 |
| SHA512 | 89710bd6ecc4c01cfbc6cb2062abc03a70def529aac8e58fbb3e9d05ea8b28c0d3a71e145ecc15e8a3b5bc010452bfa9f5fac3bd8845d9e016310c50d0b6177d |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 3951ab12197bc9ec5163c015acca2aa3 |
| SHA1 | 94d740f67291017e22681283a452747b1c5a7170 |
| SHA256 | 822b4e335295515e6794c78b2143cae6475d544995739cd765321200c168358b |
| SHA512 | 99b1f583e1d075125c4f928c42460f58e09198d68b790ada227322cadd6000b0bdb5bfec0a4f39fb22b80d0d056bca0239e6ab7d01951f5e8e1fcfcc54440ea8 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | b92840a7e0c1d7597e5dc2426f3ab411 |
| SHA1 | d6b799d0ca39839e950ddb964bd1a387f7afb876 |
| SHA256 | 492680f6cacf454852a69ec30e0b6c688955d491664d9618da97847136bf8d02 |
| SHA512 | 8ebe26a6fbc770ce6a31be293dac91789b56e1f698d0010c5cd2c047a8f65d5e23fa255f68f4954c897724d6d812c4df0702885f80b5f2864f7a1b8c042ce435 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 6ec91a8b8aee3b55052bf26758b2eae1 |
| SHA1 | 4b976f58a664dbc3ad0eac98acbc2af6286c8dd5 |
| SHA256 | c78cbbb7c94e852d8e03e38fa51aee267583c587f8754e686f2c7a82d9fa8f95 |
| SHA512 | 3f562496f8540897a2432e824b2ee346e55c3efc0e069f70b470d76220833e1a5ba7714d3fd53b60c5879d9e914ed281230d21da9694b976dc00908bbbab1235 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 2f11d7f8bce2294ba5bcce2300f34560 |
| SHA1 | 6ef775bc359a3559eb0cf908052b05cdcdd066a7 |
| SHA256 | c63882900269b2142c243718f8db58d498e5df7a99759a560ad0b136dd90c889 |
| SHA512 | 47a7adadef9718633186ea2d870714ac27e2a0d0fb0f0a0e380218a66394450fea27f3aa6a8bd65477cece40af61b3afe17a78dd1c6aa1a9474eb6ef44eaa6ca |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 263a9b93a07e254f0e3e2ef1c0db687c |
| SHA1 | aadf1605c0da2c0bee6982d87e11d0d3eb48399e |
| SHA256 | 4ca3435a4ec5ef4a636fe81c0e99340566ff6916ebd5a8b4edbc438734711671 |
| SHA512 | a1352aff83784da156a8d4a8ce547f38ae242b51501f09f0272712943c331fca040fb246e6e50124aa28567ddf1f8810245b258a748e26a7386d30f05966dae8 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 8cac4b615004e9722eb51942afa6be96 |
| SHA1 | b06a59b8edb58035ccb268834e9164bc924da1a6 |
| SHA256 | 145f56a65d5d236fb5cdcc7ef54a2b1775aa63ffbb1a6698fafa13ccab7298e8 |
| SHA512 | 1dca330591c293ea022ba5cb28cee5e88794d0a172632e72192ba0857d0ce2a4fdd5e0265ecda748894ef77f2b23f4391981470ba7957d7e1b516e1906388499 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 25bea895e3209dcfcf0e3baee76930b3 |
| SHA1 | 375d4efafbd8766db8cb4fcea35e03bf06628fc0 |
| SHA256 | eec5a6e00b0ac6281f6d3fe8284e01d4ad7eaede163a4c16b0ac9d0065f95f43 |
| SHA512 | e2d608a28022f05223c5127f2827f37d4864af2de8acd331552648550621703daa229bd7bb66c858b3082fed7822b3f6c647c58dd68e545e5ac4a4c0f3a27aac |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 37569462e90def9e364acb56ecd72a94 |
| SHA1 | 2ea88439925b987b161bde2d4e8de05bc667f713 |
| SHA256 | 4316b5883e17117001ba37cbb39b3383ec0617f4576f2330be117df776a84625 |
| SHA512 | 11f0e5365909def9802064ad042adf2c354f3b901665e87663ed8148e9a957554746670ead7f8d49e4c7533b3b62ede43f981e2fa4d4c6364aea2e1572c375e2 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | c2f034e2096c3bdd4a9a6db8c0147dcb |
| SHA1 | 91896805fb20ec23116937ba940580642cdb1b2a |
| SHA256 | 07851e3552c5734db03e42b9db5efb83187dcc78b92e7f7ea953f4bd796a9156 |
| SHA512 | 73fa21a72ff6bacac09cce561932f89188f85cf2a65ff07d571b86af2b49c7efde10dd017af23ca3d667b0625bebd114eb9664c75ba7b3bfb1e03d4f884a2528 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 465d610a51def8ca6db990024f0d9b39 |
| SHA1 | f4db2594f9ee57201a6e8e6271baf3ca2eb39061 |
| SHA256 | 36213d21e7bc557552b669bd753144946f3e0d2d71c46e3c2ec9ca69240eb5ce |
| SHA512 | 6004df5e5a492031590a4babb6420e1ae293be24f28fd7d6ba8b1bf307805ca43456274a0275d7c9a5d88eafaaf698ae7a5f7f8ec464234af849aa81b4f74222 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 81628dbf7266933493fbd9de1eebeede |
| SHA1 | 40c140a7b07c0f24740fac7345a003d89415bcf7 |
| SHA256 | 4a678fb81796a8d3b98ed0014c5fc69d43c139eeae3910b4951f0b11cbf6bd3d |
| SHA512 | 8dc1a564ea0495d11392b06c48b65842111f53a45c94f0b8191108551c70a88dce43d7800f590b9472d06ff78e484661d64f793b6de9bf2a810d194cfa49fbde |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 6287195b1f0b14e3ddc91dcf3db99bfe |
| SHA1 | ce4bcf0783058d1d6694aaf9d99e7f2d9e1e8fd9 |
| SHA256 | 0649e0fd865d48087d0d72c34084dcc213c4c521301fc036bf7c5ea9d41d8d3c |
| SHA512 | 3aea5bb2b001346cc8b88a54c3bf6ca648edef20c694f55c75cf225ef08b39d364f2440181ca43e907c7365bc93bfd4acb08ea2ec2ba5c15e25b5982a9cd7148 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | b5c5114669bdf67f284525384dbd9b9e |
| SHA1 | 53a31794cfc849621de6de236ad7ef7ac2687cb7 |
| SHA256 | d6fe7a5666472be1dfa875f7e06df94f02e2179b3e6a8d07ac7d408e9a65b2eb |
| SHA512 | 4ca5b76e28314640f72b44b35af7a58e8ad50c93a03717b610278bf1cc05d501cafa25826b1f42cf171c43034552381bb5ecb84af9c1d8b4486139319c7a4d59 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 83055668a4fb557eab93e28d6885f560 |
| SHA1 | d9e1d0cb4c0f75597072b7b6e0f9d7e0ad8e1be8 |
| SHA256 | df67935c000da35f5734fa7e3f1b0506c358b712eaa67edab01ee823783a0465 |
| SHA512 | bcd4828cdb71cab224bdc6c43466ccca4587459a0c05d64575b0176c6926eeff346deeb75ccc8daa913ae64abb42cab9a0ef3642a843eb0b414968a9770773c1 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | d4aaf4df3cb0db2aa1a576b5d67fe81f |
| SHA1 | 22dfbf2353ea4667a5e4da66afc9ce4341af76fe |
| SHA256 | 31fb451ec07a9dd03fb9f2bc09717d5325bec5694fe78d2b967c31811cc28b08 |
| SHA512 | 1342e55d87ac77b8955cc4acb04c3a689dac780143f2227b44f55a90cdf5cc1dd0dcca6ca0858c809037201232096a72b5cfb7e8f604550156ea8ad340c12a9b |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | b3b8aa29ef87b21149d66f70e913181d |
| SHA1 | f7c342620ca9e5aef1df22ff272963c3b526e853 |
| SHA256 | cf189f2c62fd93fb2ee0cbfbaba90958409f9ce20c65516f41218bb945b1fba5 |
| SHA512 | 5b8d42fb800dd08f2e461a15136a6b29a5f6f4968cea85b1147fd6868d484f88d5002985f00cfc6e3e6a0bc97ff174773f7b5df4c834e1b349eb6ea599fd6d4b |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | c4684cd13f601ab447acf8d7dbbfd656 |
| SHA1 | 0b233522749513765101e9f0baec1be2d1e1cf4b |
| SHA256 | e92c064005a8da6f5daf5acf3fba640b855c2ed688049b902ae4244e71e596c6 |
| SHA512 | fe4fd48c52a75705ee475782d9ab28dac0aad9fbbd2a4e7e59dc4c2f81214ff505aa36c21a5a26ca4f39a0d63f13be18f063e892247f46d6aebdaaebd0105af7 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 66775f965539707c6b76b4c50e75dc86 |
| SHA1 | 363fe859e9a2c4efdc5264ea5fa679e02803de47 |
| SHA256 | 32f4b538631ff0ae1e1a074de23c62cafbf8d338f195404f5627ba4d85ebd813 |
| SHA512 | 5aa133e30c27167f1b44021c1f8aa04cbd2ada155bea02963dbfc93ddc8639b66158cac7a15968277cdde70dddbcb724bb7a669093a0b02520ebc7251eed433f |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | 637e21537236ad3582fed66e25107370 |
| SHA1 | 7423ed108612782e0ce9d51dbb3cb47169dff335 |
| SHA256 | 9946da5a5e6ee018273073d4839f1c06f892436a9f54a0fd7a942d5213e108c9 |
| SHA512 | 00821910ee44f32f521a0da0f9cb2e61bb5cbfe904e462f404cb2367e07037dc7538245cdf4ee7afe70e578276571dc8d674ff6542161edc15b68c91d36c34f0 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | 994c86b61dee998981cee4c4d60685ad |
| SHA1 | d4290a430e9afde534ffb5945f3b9254af30e6b0 |
| SHA256 | 4782364b08096f9a22b323943540da9296fe1d4b4c6fc6aa22ce177c19bad1d9 |
| SHA512 | 759fb2fe3ab306a91972c2ddc900f31f927265fd1198088ed78c7bd14d683c5faa0b75cc6b5f83b6088390c23b3b2fb2c8bbcaf6f08edf0a07e564eb340269a1 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 92519f056245634da7f41ab63ae387a4 |
| SHA1 | af968bffeb7979a4f457d62e4ecc1971f8a2172e |
| SHA256 | 93b883dc5d5ddf049153e502d276c91d15b447a8f47fe63bad0f614623bdf7da |
| SHA512 | f6113005956496673549ceb6962b37c9f388364398e7cc27d5a16b6db34ec5533098a78244b39dbb6f197da449e5a839edad6c12f8d21dec067dbe7e3026bb11 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 9c5632589659593b0871cf0a05dff053 |
| SHA1 | 6cb127caab32b1082507d1b707ef1ffbff75993d |
| SHA256 | c0d9583fef4ce8cb7f382e837adc68de040504aeb1604f2c2d04cb2e3d0e91f8 |
| SHA512 | ba593afb52824a991e022b01eecec7dbb38a4cb9c2dcb4ad8f9fe0760c9dd39b7c9e3650bf18508ad7cbb7e77fd8872230a04a1784e86ec9e15a2a06a2ef81f0 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 2ea851beacb298f19c10086027a5796b |
| SHA1 | f24042e298b5130cfedf2d76ba61d8feb628b820 |
| SHA256 | d0ebe654c0a1696e78c96a5e0756792e574972999830303c8a90b4846f87aa29 |
| SHA512 | fb78584c005f10180dd1160406ef34fb7cd782ad59577731dc292bf6c4654eb9b24eee60098ddac1789c798a79f033752464dae5bcb1f2fe78b1ad0d3f8b6a31 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | f38613bedf87474fb22cd630c6367c2e |
| SHA1 | 078ac11a8e98a31190163db0e00e39868b62abd8 |
| SHA256 | 8f61dd48477eae6062df4ba69340dd8a8d1fcec1b667afb06df858f3898c2ad1 |
| SHA512 | acb76086c08d73c66403357fefc3c345aa218a87272d433bd16ecc78af9c908326da8b32bf859d11c113bbfc33ece1d8516e633d82263ee04cb4d04cb40d26de |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | e769306772e908eca2896ba5ab0dd095 |
| SHA1 | 1eb2cb1bce27e6c03011a2ce88e48038c278c623 |
| SHA256 | 3ad07f8e9715dc94ff794fa8ab3f336cdc992dfab0914528010ccdaed2cbe894 |
| SHA512 | 888a77ed74f9e573b9ec4b32e437f22ed86f633836af6b9b6bf20fe480c1f98e998705f66d6ecfe17b9ea743193d3e3c3d8aa677f2be9f8900112152307e734c |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | e389e6f2f492bfbf43c895ced848f5d2 |
| SHA1 | 6ab7a689ed9e460382cd160323cf385c7ed8db2c |
| SHA256 | 2f4eced77b66927d6733680739fc1b463f6d280fc262f3dbed2b6c85d7f3c4bd |
| SHA512 | 058b94b89382c2707f0532dfcb0ba2a7d8798586de52675bc2f70ec45f3d2ee6fe0fe4cea0815e6fc105cd434a9f2f59e4ac031872fa795f80017aae34c96b2f |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 0c0f130fea237c98e7de1775f92f6c5d |
| SHA1 | 14638e13660380ff16407631200aa2cf1a0ff9a3 |
| SHA256 | d0743afaf1c5d745881ddb56f9018c6ef31b1d02183e129920e0da2af14401a8 |
| SHA512 | 03257242f82dbe0b1d391c8ea26f3bb2d8c3fd7e0609e6dd7ee556f2a6446e63b8295589c295f1ee32bffac8bc6128897c0fcd18ddad42f2a41a1fde960b0a5b |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 8d4f0a29559bccfd5c4c6eeb8f287ffd |
| SHA1 | 13e025e6d590f0760883ec551c480297b9eed2d9 |
| SHA256 | 156a6849946948fe9600017b92c6c1a6dcfbe48c21a6763d135fba7f822ea93f |
| SHA512 | b8c5bd631d312089cf3d4ea01577fbc8005a23da28aa67c2d7a8d46ca864ac35cd746d9f27b980c985712ae5cbe21c1053b928ba4b0f2cb1ddffa5619c7808ca |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 04d97afcdab4c2be0ec9345b2834f4b2 |
| SHA1 | 9010a2f74dad8cdcbe267cd1f45a6377319033db |
| SHA256 | 50da7cd5c400ef8805a0af7707ca26b1f6d996f2995a806a8473853d12eac801 |
| SHA512 | c79a8c5a10d12532e9f49649df103299f2047a2f8a873ccf1c17e39a35c9420a4960ad6732fdeec266efae334ab3f68a9532c911113797d457d187e806aeb79a |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | a80344f6d09859c7a0a919a456cbaa89 |
| SHA1 | 9b5486bf68e3964fba00706a5174cb5fd6b5454c |
| SHA256 | b4b41d3e6032187c2e78a4e102a4c887a0522c5a198a732ae41e796af9f11314 |
| SHA512 | e7c9c3211dcc258846ad897815917c859d2ac8b8ffa20482ae883be6cf1f9cddc9e81e8dee7a20c5e717d7f60e30bede65172bf2aec457b99197094d2b1c2136 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 01c9db819480040e7266a6d9b7083e6d |
| SHA1 | 85913aed9220c1248188b8f1e0eddb4421df1be3 |
| SHA256 | d365fa786d599ae170cd6d23bc09037660d57fdb4253c1687fab51e79a82167f |
| SHA512 | 5e159eb8c1d5e25522ff1e905c487c991457f9b353a33913634f41eb0b0963b9205baf932bc6b7d74285670c10a55803e513f715833f1c72fcab6a44ae463942 |
C:\odt\office2016setup.exe
| MD5 | d830764ed008512234d757787bd2e887 |
| SHA1 | e210bda06c26d955a805c222273b5a0ef9ca388a |
| SHA256 | f6914f9d881ce49fafc7009986434590b91b206e778ed9a96ca35e90e6066257 |
| SHA512 | 573c08aece106aca757ecfac66c4fa3c2fd3e04e71798524e11392b436adebc29adde81dac76a76c191e3a761ca88fccd659af2b90c01b8d5bd1218266b77954 |