Malware Analysis Report

2025-08-11 06:22

Sample ID 240403-mhp2xsce88
Target 2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk
SHA256 5af66372e4eb5fcc9ab55c166891b2a586543124f05fc7e8c2360e9c20e0ef5b
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5af66372e4eb5fcc9ab55c166891b2a586543124f05fc7e8c2360e9c20e0ef5b

Threat Level: Shows suspicious behavior

The file 2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 10:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 10:28

Reported

2024-04-03 10:30

Platform

win7-20240220-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\alg.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\38ca12683d2ec148.bin C:\Windows\System32\alg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2208 -s 332

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 udp
US 34.29.71.138:80 tcp

Files

memory/2208-1-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/2208-0-0x0000000001BF0000-0x0000000001C50000-memory.dmp

memory/2208-7-0x0000000001BF0000-0x0000000001C50000-memory.dmp

memory/2208-8-0x0000000001BF0000-0x0000000001C50000-memory.dmp

\Windows\System32\alg.exe

MD5 d73f2695d636998b275eb544e2a444e2
SHA1 6083552e7e3f995b4319e643dbd8c0135fef8d27
SHA256 969ebda24ceac9f10ef342f2d8ab62d7e6d1b2a7c822aef6a3e8424727ce5d06
SHA512 4b87d93cee441ae723a6c9515e9b011db83ee1547df6a41e3117b151307def9647dc8863c837afb60133fd76743f9b5b00011437f40fef3cbb84bf575c15017b

memory/2960-14-0x0000000100000000-0x0000000100184000-memory.dmp

memory/2960-15-0x0000000000840000-0x00000000008A0000-memory.dmp

memory/2960-21-0x0000000000840000-0x00000000008A0000-memory.dmp

memory/2208-24-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/2960-25-0x0000000100000000-0x0000000100184000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 10:28

Reported

2024-04-03 10:30

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\525ee87205991d4.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_e43635f48f64f6d6a1b6c80b63c36ec3_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 34.143.166.163:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 uaafd.biz udp
NL 35.204.181.10:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
ID 34.128.82.12:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
NL 34.91.32.224:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 34.29.71.138:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 34.174.206.7:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 34.94.245.237:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
ID 34.128.82.12:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 34.67.9.172:80 reczwga.biz tcp
US 8.8.8.8:53 237.245.94.34.in-addr.arpa udp
US 8.8.8.8:53 bghjpy.biz udp
US 34.168.225.46:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 8.8.8.8:53 ocsvqjg.biz udp
NL 35.204.181.10:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 8.8.8.8:53 udp

Files

memory/4468-0-0x0000000000920000-0x0000000000980000-memory.dmp

memory/4468-2-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/4468-7-0x0000000000920000-0x0000000000980000-memory.dmp

C:\Windows\System32\alg.exe

MD5 8344a9751ab886f3a482c5037198d2df
SHA1 9b51be7bb6c0d4a50b018ae09216fdf1ced915a9
SHA256 779d067cd8395551c2d0128957401ca047fd2d58cf2130459ecca9931199a54e
SHA512 b5c1f3e5361031e6a30f98558d53b5cfee67c2ccf72059a30ca0878cb315e3e8279998155c0d774cf281241107235ad4571520dba22cc11a0f054e42662adf77

memory/3600-13-0x0000000140000000-0x000000014018A000-memory.dmp

memory/3600-12-0x0000000000500000-0x0000000000560000-memory.dmp

memory/3600-20-0x0000000000500000-0x0000000000560000-memory.dmp

memory/3524-29-0x0000000000680000-0x00000000006E0000-memory.dmp

memory/4468-31-0x0000000140000000-0x00000001401DF000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 9a7680b00d19b514756994d3f7f9b013
SHA1 fa09c793ea0093bc7c25cf0987936f17aeacbf19
SHA256 c9aad4d70ee2ddc8e3440b612c0bd75f3a1fb02868a6c357d89b03896cb05fca
SHA512 cafb92b81afea62a75331d382bd0c0b38d686c12691dfcc923649ff14864f2ea7bfaf0155ca5e46a7f4940b3c0436dafe135438694aa04632c30aab08270227f

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 797032be9c67bc2266a28a4f061e6182
SHA1 66780538a7f84dd8e876fc0f7450ace206c64423
SHA256 75a13a5085aa38d23563daaef112587cfddb6b5791a0c7fb8f581e6271618ccc
SHA512 6b78e81e6ffebbb760fffb90dd40c3a7c5feb310f3a0a47e24da753f8053c66ca10c95fba00a5d728e678668af14966b3f0016eb4b081ff30894b1b05ad067d2

memory/3524-32-0x0000000140000000-0x0000000140189000-memory.dmp

memory/2784-36-0x0000000140000000-0x0000000140237000-memory.dmp

memory/2784-38-0x00000000007E0000-0x0000000000840000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 094567f826f669ce652b951a0f051809
SHA1 a42225bfc79abffa1b3151f1b21c67bc3dbee68d
SHA256 424b1e515f4d1fe5e20f9179f5ff7bdec1e6adb79b8f4a093613fca350124c26
SHA512 dce9b37bcd5f4a61ac0e454cc7e779c89d43dfe031ba56d07403c98909677144e945dc2d473f9d9be845b3450ddcc6ccc92bd237beaa136d2225f8ff0aecc539

memory/3524-45-0x0000000000680000-0x00000000006E0000-memory.dmp

memory/2784-50-0x00000000007E0000-0x0000000000840000-memory.dmp

memory/2784-49-0x00000000007E0000-0x0000000000840000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 7e66b1a9044658844379e3798b9c8b83
SHA1 3f702d43415a566ef5d0156e66b41686e053d452
SHA256 5d733ebef7485fe3fe334a5611c79291707650320295a8a381b344f10c4e557b
SHA512 e7c61e109f4ec2414ea788774ebc86041c648eac7b2ed2504b3a92203b9bb0ac0b23b8c36f35c6d6ba0583183d9412905bd8d8b6b41cced673f1f71a11850e7a

memory/728-54-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/728-55-0x0000000140000000-0x000000014022B000-memory.dmp

memory/728-61-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 fae3747b8a4a1f866d7fd2e204fbb7cf
SHA1 b1ad1078afededfafb1901e2967417d72a6b93a3
SHA256 a63f6414c2da197a06f1f6f75d0d582eebcc1ee6075b649cdf56b4f6b713cf72
SHA512 48632b84eab20d078ce83f8eb8e451b91fe9a9d3d6a529a284da854032d2fc0a6a4d2e53d3ea4a2e5328012421d6296533b1507e165a8c0232dc4cf0c8696ca7

memory/2780-66-0x0000000140000000-0x00000001401AA000-memory.dmp

memory/2780-65-0x0000000001690000-0x00000000016F0000-memory.dmp

memory/2780-72-0x0000000001690000-0x00000000016F0000-memory.dmp

memory/2780-75-0x0000000001690000-0x00000000016F0000-memory.dmp

memory/2780-79-0x0000000140000000-0x00000001401AA000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 a33b6cb25b86eca7df2de9a763f0b164
SHA1 58d01d0c284088b29f7ad5dd54ef8dc6516ba219
SHA256 a384505e5b991d535f22b83f360d78d2cd44957588d69a0ce3cfd477b5f32bdc
SHA512 b9260a26401f736fa558db3b94df701b22e29fadb357b76b696fdcebd7da7b31c2ce227d356d3a3ab0d9512fcb18712cb11c6189b3e6871cf0b4fd2ee416d9c9

memory/3600-82-0x0000000140000000-0x000000014018A000-memory.dmp

memory/1320-84-0x0000000140000000-0x00000001401AF000-memory.dmp

memory/1320-88-0x00000000007E0000-0x0000000000840000-memory.dmp

memory/3524-243-0x0000000140000000-0x0000000140189000-memory.dmp

memory/2784-250-0x0000000140000000-0x0000000140237000-memory.dmp

memory/728-251-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1320-254-0x0000000140000000-0x00000001401AF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 c19147959521b46de0fd0e70d1ae91a2
SHA1 914adcc78273b98ab17a7c10a1957d761023e2d0
SHA256 904aa491dff4a01f8c4b607bd9075fd2218427381bfdf6d78104bef7cb6a7ab0
SHA512 96ef7b3c0e5f860bcda6d12c5d5880a9912e2b8b928be6d47f94dfd2a6b6b9908dea463b1b2133410ce8f0876a1c771fd25201eaca9fc92544a94a4c3a616a69

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 31d25005b03ee8a00f9da2d31d7eebe9
SHA1 1062291fe0d905695dd40b1522aac25cae493019
SHA256 c88976273fc948c203763af88b72381406f10332db0bdb4f7f1f88d5d5cd93f8
SHA512 d0dec3f088519d3898fb16c0f025b3c2d05886342015941a312da9a41dccd89dc04c909dfcc0e4e28c42990c5dfeb0c85b3e1f43d53b5de14b36f35786ac9643

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

MD5 e38b01f599aaaef3995b0fe469067fe6
SHA1 5716f2904d84aec09a2a9caaaae94f8a35bfa401
SHA256 47c0e6dca110e14844eedfe4dc9e6a3ffae687af2280c5c12a56f46a43206b6e
SHA512 7b6089329b473152c796dc48968676b4adbd856d95a25acfe2f2739b471da1294d035584599a8b1e7baf0d925d36c9e8c18a0d0cd2f2db299a28490c1548ebfe

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 2bce920da2aef2f499525ec33641cff7
SHA1 55e808233dff2eec6f69c65e409afbe59e106b42
SHA256 55a361046d1cc7e6cb1a22625556186c44d71cc4394539a083fac74d4f7e468c
SHA512 ff34a40f0e1a3277578d7bfc2f6b54eca3b071162502ebc0ced500f19d18da576c04bb9d4159034850909ef77a671f4e19b3d53ecd905c399ccf097f715fc90b

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 c5210513fc5b7fd80465529174d2dadf
SHA1 3231684bc510a6f518d112742c501619a1da7df5
SHA256 5314831b3ea04c5953058c8d2f19dd0074d3af7e951cc085144e14a6402dc190
SHA512 ade46837968358ec8e2cc170e6efd98c2f6c4d768c16a2cd5a1ef74609af6dd271f5a57f5f690437b47b3d40e28470cd944be3e43c367d70849baebe8657971c

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 026899d42d91cbdc1900c9b96c36c499
SHA1 848aca4a7ce778b4032da05aa68486ddf4ae2d9a
SHA256 8d8f610f600fe62900ae0cf177cd15af74471fa0376000a01793cf4959f8f5fd
SHA512 db3787815d76c84f2be0dce3f02e2e71a4ea55b884c751376b46944ff137a13a5f69233d802a4eb8a0847ba6a44c7a7f9d9b21997a47460582c76114c99ce873

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 1f9649a2cb1544b36ddb6b8abedf4f4c
SHA1 3cc1bfd8f95ec6157a326d51c32e1a3dbab80c0d
SHA256 6c1934558f32c097bb5e01aa808802036c1d04d32769d8b9a0d88b79d5a490df
SHA512 d4a6a5ec8aa82257b2755343fa2fd5484320393596e7891c1a9274e663621b76dd20b75edb7b7ab3e07c791914760b63f40a50eb3cd4bfc1590ca0497d5df98e

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 be1587aab2ed2c92d8d3aa6804993fb0
SHA1 8ad4eb85d6029dfc974548d92c5d2c1695ffc70d
SHA256 db267fc76434c7c82b09fd7ebf46a39d0859e307750f119eab234b6f2979ef0b
SHA512 ee2525ad16ea4687e68899e591cf3985702b8c4050f3e1cb4ae0a0cf61cb8f8f6c8af70a11465b614c13801ebdf94883bec6bb646c97a09011b096fa98e2f543

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 06f04dab0640f2c3c02e5e741d4851ef
SHA1 e3aa38bcaa6650240e195cc5738510543433b1f4
SHA256 4c650c4060346964df8e755406f2514c2e0660dda34f453f6b42e355ee6f6507
SHA512 155029c2387e101f6b6ba8972fbd782adfe9d76b5c9a63db74a686597ca8f592b78bde5218bbf1bcded1ee9e79c688abf12529944266f7267a963a9b5cabed57

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 61d0c030463d41d3a05ab7612145e252
SHA1 6f575fa047650fa65667a102e4f23a095a055123
SHA256 3a01228dbde5906a7e0310f369a16ef391cd0c5a242c6ead1951b283c8d66912
SHA512 3b6a3ab2b98816710d8671e85dfef416dc7612eb29fd9814c6fdb2bb8fe82dedf6442e7e7ada1ee7a7a70db3d40288def07786fa43335e3f6710c62212008864

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 f0a7ea402e6dace8a5e85819006a54e9
SHA1 8b47d67f66c6cad9a2fcf4b7238ddc3d6dd51494
SHA256 29c9f905a2fe4195f410c5244a17c590301f266e009d23848a99a8f32055d7e4
SHA512 fc2060769da3e3f85bdaf744df04a79555c13b80be49e2ae07fc8ad6c5b4c9c87fe5f629ec0e0dd07e480f27b8ef9dac866025a97960807914d57eb912d387ed

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 ffddec58eaff970668c07394c958372b
SHA1 3df807b41c6f6df178a09accdd25b69e8d34fee1
SHA256 40fe0c37108b78b0d233559cd2ce489325cc3232cff2ec9df1f5f958d41a7d53
SHA512 62ab3f0794293bfd4bb3e20686dbd325d0593665c492ca836511c9af27b8cde4b3f0fb402d0ddc93f57f1b582ba2257131a73c61cc4317194a65a6d7cf15cc7a

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 e0ce20d4a2a36c984d638f0bef826803
SHA1 92cda3a289a3c752a7a02245eb930253d30eab8b
SHA256 53ebcbfadabb3364f245a9563335b45c2e6268a28147cf48f28c96e389d20033
SHA512 646ff6bbc821452d1cff107975ef1bb1049159b231732e8846e6d70b292e1267e7adf3b6fed2117d78d5427e4b8b3a31f7410674e62c9421b2def71fd20a8ce9

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 4c979d3ca20991556431b061cedbc492
SHA1 8391e0a9b02451f3a2643d5e8585c1f6d215d94f
SHA256 9b90fd40daec782a4d162603f7892d4a72048b754e90a74bd76a639cf5da2cfa
SHA512 052139c4eeeae1ac32d7495e4cc332798212ef0c6b1a4653f38507d3d3019cc6cd3893120cdeac84ed2287531daae185033fa600585ade80ef61bf16c5f442d8

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 af253bac52e9b4e711ba14768f43512d
SHA1 27302a4b33791660d01bedaff254820b50b2d0a7
SHA256 8aa2d10bc84c7c6b6ee4b95561ae96297ff5e081e2f26744cd024406d8ef5478
SHA512 6888d14909a641f081e00544fa50f32081d78989dde495a87d507b97cf0f886b3ea536d101b145cf0acaa14335ed3af6858f4f6d949592594c790d6dcab441f6

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 d935edf22eb99eb4a185ef15aed86bad
SHA1 ba7418d46ddad11465df424e566e30a6745ae52c
SHA256 1abce312f16c5da37077b4923f6fe2169ccf09890fea89f18e140fc2b63c35e6
SHA512 5c1574e8dd3f611ac03d11c17f169d10deee0ea89b2cccaa452e19c46876e872c2e68b58f8e2302c18240ac16fe791ec86e14daf1bb1b8be6a2eb79c1961655c

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 fe1de09babfb6683862c0d413c709f3b
SHA1 43259691394ca93b56126aa7097bffd2351d7f1d
SHA256 fb73eb78c639bd6e1e33ac773b4b49031b5e443ab0ca1cc5a0a819465135c773
SHA512 dc9c50918159318866f8e78073576ec13eefc5299b5f2b89189d14ccd93076e1a2847ef254560a52598b08182042fbbf26f3c137a8a3d62399fb2a5ae3099a64

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 168ff848bcea27d74e6db549f4c3babc
SHA1 564924e0c3e204acaf805a19341688c204175ff1
SHA256 1e7df76998ddd7881d42221825d7d444529142c9256a7530cf0bb20d3c63f9be
SHA512 3bb89c408f304ca955f9d9047189e6b11d0dae417a1767facf4d08fa797266aab4ecdd210ffeb34762e0594cc69174905fa22eb4786f46d1ac68767d815afb33

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 993f51846c231b003fa90f1ec23c3a2f
SHA1 983cfba0d54b533b83d60c8cdeb95c6cc573e52f
SHA256 f8e93b23fe735c43d1cce1df5bc513bb0ba8514b0a4dc57fb0797ad5fe379f14
SHA512 9b43158e6d5e33e53222af72d0c30ea0139a395e8653cba435614027aba3ec65f1fda1d6181652b3d3f3973639011bf256edbd8e8c301c2eb5fcb4401792384f

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 d958e3d1dce36955a4ec78f25b504c50
SHA1 4d8b9e0cd01b6e2bf47c034c09496e0a1e1d95ec
SHA256 98efbc2b5f8199bb05526394bd739a0ddd4bd9901076b21e9581e3b55dcc2fc1
SHA512 856ecbff688925218a69c82c6425842af96202087b1541f101e444f50321f32e1dcafb6397841aaf2f84a528cc0cb4b480ff28d7001396a3ef92029738b53366

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 69a07297094ce8c1e48e18465fcb7840
SHA1 79c7edcae9bc0470e36e4c66e47605b928615033
SHA256 cf75e29c93d72ab81c785773a47b4c9bba32c81862814a4e48c32842fd022f9b
SHA512 10d916b7742ee51e49f584b90d031fa3caaf9a923e48454476e50682f8341523933212ee9ca5ca4f0859e0be93805971a0557688421abee745b1ef3da7c141cb

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 1347f89dd38099056f037c7406f480f0
SHA1 688687fc69d20e386b5098f579686cc046864df9
SHA256 2cc1708fee047b041331cfb8f8b9e79560d5b073eb5d1e075e265f83ceb9519c
SHA512 4253d706938525c02d33ccff9b5b4a10bc035d808a978ee3bf2c5b2935f12be8b18e3668e9a525d55f49b432f5192491621f5e038c69d83278944850ac62510c

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 f6808ddea2f8787e2ebb562635864216
SHA1 f0097e7cb98ca2f7a70067f49ce5a7cbab462e97
SHA256 def29430cf861f762c9c84487606d8222facac65e2aa7c4cc9b3b14e6c9b7e38
SHA512 5f424cf110f9265278445f37065ea77e00c831df9c85d2c21ff1d18f749bba96585075d053c280e56692153ab51cf725000691e3e0402e23034470e1ba6af5cc

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 7d0204971574695cec948f4eeec3bac3
SHA1 70f76b3a5f0dbbff79ff9394153cfcefe0e6f98b
SHA256 dfd45778288f1be0c775a4b58f214a9e0508d56a31116910d2b60838c6fba749
SHA512 dcaec91532bef3dea6f390b2c5b1035123c353400492457c94c63fedc3010115bc9746f39388343523920feb3a30a5af7ccc59add8260524165e4b5a30dc4b8e

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 f1963db35d0cdbf17b184a069c19fde1
SHA1 891bfae25dd80ea804b75e0b078db56713dbdcf2
SHA256 e265f1ecf92fec095f90c07f061507e6a5881b94576ed906c50930dd6962c610
SHA512 8265559a65931da72fa530d9e24ced7e8c6477f9927805dae31dc9862242dd1355fde4eb4ee83993da6be850ffe780fdcd23fc9a23aebef0cb60c6ed53b6746a

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 4329c0c3ef73fed848cb2ceefa837238
SHA1 36e774fe1ba98f79c61831796be3337d660c66d2
SHA256 f07ee95288db22d5c3d85f734a704cacdf9d4577db56dae15a2a394ece224175
SHA512 34c4ab4616a6e49b15f5f8c2369bfa7393ceb639c2d0c69096015c55e75ffb3fba2a6d2a94a7209287d93222f40dccbf60eec266c9ce5add28defb67a1853c96

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 601a3dad9dd0e33527ca29ac99f42b58
SHA1 72eeaa7698e8a82135dea4bb17a1347a747caffc
SHA256 7799b66908c62741ce502cbab4e1349d3421e4817c14fc522e47efbd3b455da2
SHA512 9747127c9ebdec8439b3427af2017c89783a242b199d7a0b4e28227af2fc0d311db8e17674008a187144560b5fd13b3f84f28f78c86b9b74ac5dc87b1fc28d93

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 3380b56ec02eee847cbe92d9ec25ed1d
SHA1 b5a31732a5231bbee08eb160b292421010e22eed
SHA256 488fc9862e86839257ebc7caf5918d7c3954029f361c6e6f8b79402e774cef16
SHA512 77d0c71aa527ad059b7fbd72b140700275dbec1999a5ac45a2afbae0aeb5072b85003a6f8758a810f700a21cd5ffc846c4d901afacbca4c771c33d0cb0f45b02

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 9145bbae36ff44f605adb6e9f6ed2c68
SHA1 0fe9561d4476c606a50fc6d837d4c0fb0ac45d1e
SHA256 99a925f8aa3647386f1938f4415eb0cbd067953ff78541bc0c9d27e767019d8a
SHA512 068c7d9a0a753cf88b8e3a53a8d82caec9b5a4db2508dcaef665d1b6fea86fca34911d975af552aa711b2b57bbb57ae00927159979d589c727f09bd6ef3b58aa

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 9eb91d288c666235c72b3b45a171b433
SHA1 4bc364f47dd9c758d5d4099e8c61ccfc485c381f
SHA256 46afad7506a88de5c2229fc98bb3e44ea0d833a596c410d592bffe8970deed1e
SHA512 7a279c2ca90772329aa2b12627f46bf33527b222e705e18ad1501dcdbe5a04e4fc9c1c78fa9aa7e03739dcdea6c6770c4cd475adde81937e2d01c1bc9c5f23ba

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 3f7e1bfad1485825be2bbfd43cb8fb59
SHA1 bd4d32f973579744baf352c7866010f8091cfb3e
SHA256 9f1bc3e46675fc47152e795d4e2cf155eeedcc71cacff92be124c7657ace564c
SHA512 9ce466adc105779b5d71e43322f06934d6c602e53c22cddd8dcf4a041069f22c80ef013c6de1fe8ce4c6889fc902acbf81650c88b46ce6d43e87f9e21521afb5

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 9d0ca84318a53c884bfc442be147c75b
SHA1 294e5ceb2dc9f85d0c800f7fa4666f4c966f7583
SHA256 f751d2694e358b4f27d39acad5a48330c13c8b3bc34c851c7fab8d29f1655578
SHA512 b73207dfa2e33b9182613ea0a70f6808fc6a22527a88f074defe4c19ed0bd2c65221abfc6067afdd2aa11d72290a55a6bc36e3100a23db258c573dd231a231b1

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 3d0b7a1d2e7baed9cb56be22e1bf0510
SHA1 2bcccae1e6ab9d0cce678b79d60687013437d778
SHA256 365e0077f225a55354d55a6395dee4a4f30f8dd6323502bb0c59b5b232a6dc28
SHA512 71060f3490cbb3a1c07733835d69e9caa4dba4b4fb3cc27218153cdb1f58f08ac931389a6fbd4eb217b60a2baf47325d73a8d346fd54c32ee843cd2185b56733

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 87c3ae2981064e7759224926d3d6cf6d
SHA1 1857bdf036051956ce38e71f3bee3b9274c4a910
SHA256 682ce556d9710e503a2305df5745cbefa01de515a15b2ae39566b1046a5f2a5b
SHA512 25e121f70887d4bf5fb2d9719c567fd7dc614182d1979fc74bd4d8dcd8b6be64f092e61d2a5d6462e5eb6d95210319200e19b1874f2a40a510e540ca1d2f7bdb

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 5141751707d624c5594b3d53af2e8b09
SHA1 510c93f91dcdda76be49ea0768eb71326dc4a8f5
SHA256 8edc09af58becd384c4ed0a7dfac51ed32cb8e5dfbb1a9450eb347344fe9b725
SHA512 39ec80f80e4dcd2243bd747f294bd5678d9b3cc2ff7ee8532f45d1f48b51a4780a9654c35836ef474aeab8c8109b5239c3c3613d6c9021cff6ec03eb0f6ae4ae

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 83d68f22dc3c518dba73867254088190
SHA1 eb799a37225574463e732e8ba439dac73759890e
SHA256 17017a71f1d1c43ab75e527de1e46739788a061bc6df7f99735ea270c7129a2c
SHA512 f4588ee608b095bec125427a18eb9a247a96340f6679ce400d27de8689e8529d45701cb7a20fe3cc919f752c24871cde5662132586d2d1312ae29bdf4651df1a

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 0166d21f4dc86b5349001680b0013c7a
SHA1 26c50e9e71393b6d2ed69982a1d8bf72f8a4f6af
SHA256 1f8b22036ca2c410e8a5ab398770439baa3c3933826a63ea53a46163fd785ea4
SHA512 5028d69efebad0b6e718a39d209901fa10285a4bfc3654e1590478e14ea3a392552f6f7fef69dcf10d25612f078ba13ab0aeb65108f07083b3c14125bb90454e

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 3eba18b1332bf5c27cc30230ae70c5ed
SHA1 94c4d694850aab21c0c2f8ed6c0692d9fd63b243
SHA256 9a55e5b0d39fd4425195bd4eb3835b49e71c19f887bced57028650e3b9cefeec
SHA512 2a6e864b0c36ba662716abf24305b24e729294492a2a5f44a959872d952138fdf2c34ec44f0388e83d63e7546929c6bf1d85651b24dedd0222a68d2a59be3604

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 e909b9aa2e6b49aacb1a9c1aa8969c00
SHA1 410da2b11aa135be873725b5740d471e7dcda070
SHA256 5d40a3ea23b4871314b12af2a0678b0eab7ce13b7370ed1ad9787775522a2d23
SHA512 432491e47899618aab9ea98483765046a36eee2908336034004b46cf9155e8cf08db663a8882b158fe050fe6b1549c0b2ac03a39f192aaf45c6be89d5f13da4b

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 aa3df5a242e2e17f0dfa1fc45ca99079
SHA1 fb5f082373a78e13c829aae6b9642d78d32a0a68
SHA256 df02625341d8f944652a72bbcd676d97dee4af6e6721fc70fdf44ef084ff3ba0
SHA512 6c00d7602acd770b33e7bfd0ceb4a2caeb580f0a6eab59548f35d96aeb8bf5c6f5f0499822700d60f463bad7a1f5011ba52524c5ecef809b58414a1d69ac0ef4

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 218583852593b5211169a1360e11cd42
SHA1 7d94ae026a1c5f9b0b3af3e2123f36c456b31a9d
SHA256 ebe69fbb8bd6bdac715408f05fbdc55c957bb2e0bf8696528a283665529272ee
SHA512 ac58c3e8423a4d9152547b6030098aa3ef00561d1acfcfad5af4eff91232316f3f543b4440c5043e0a2558d99eb60a7f397c1cc9db6cd84eb9adb5a61708d25d

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 0c41b82160544f583d490c7d9d130a09
SHA1 32af23a4e540f24513b1a5b750337d82a4669d6f
SHA256 82a77c6439cf6e7a30ff82ff03b1e73fe59ea51d6f89271c522a8424ad105321
SHA512 55be4cbbdab7cc5eb5f4868b7717195f216f727be6b30d125e54c1a80e618af1de22c070f211a9e20ed52f77a34ce0d46b78e8c719e2b74081609c489345a958

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 6fd592021924db41bca3eaa643d19ed8
SHA1 68e45409bf460b1aa2cdb6b165c9a575be7dac24
SHA256 4ffce4f88c72b8f4598e9b5c46a5ff91b9dacb9f0014c03c2a8ddc5c4325246d
SHA512 1fea4000814026471fc0d45597b7869299009b343c9a33474116805849f8b3864563b98a0cd8caec88454ecbe498d411964f2ed7ac2839e45711278497bd1bce

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 8ed9afb50767103aadabadea2b36c45f
SHA1 437437146f20ea37a3b05becd771e23bc0ed4b6f
SHA256 8e3eb774be00f64b40d3080a3c21ce7f1a3d0dcb4a442deeec9dd791b6074530
SHA512 ed42132208658593dbe28c2b157fb76fd8cda52833f1a1d747ae5285f54d47e08f3ec97e38d1628320805ab238d8a203ca99a6ad914e44a70cc50a1cf834f6f9

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 26bc9256807c5128543ec646995ee735
SHA1 affa7565c8a40101d2e33a106678832b67081fcb
SHA256 52f5f54a8b03a0081bd86fee787d45a3efbcad05444b9fba1a4dbe30272912e1
SHA512 b4b5a66d474eb825d8d4aa19eb3a016faafb0cf37c1d4c8ff4995971816c5d80f32c60f962b65a04aff8aaff93bb30590d2a354f0b4e387338c3ebb30b27445a

C:\Program Files\dotnet\dotnet.exe

MD5 b3539f9a87c80173f4f9e763e7ae115d
SHA1 8e9d26076b08bcefd2f101f1c74de5663e1df5a2
SHA256 f15ebe3d104b410bde12de9b6f9a2530ebb3e44a2c9cd24178e42dbaf37e5833
SHA512 4be302dd524a237db00a593ad419133b2d1be7be365464b5b14dd762b64b4065163a5924a280a19a4db79b5eea6425e26bf386952cf909cac7b24cc7828ceeab

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 a9981b8888515551bcfddae30539b20e
SHA1 25fc6ad3b5cfe701056b550b9a02c6dc119cb30f
SHA256 80734484bb6c56f491fdf01b9cef6d033eab199fd8833738b1e69347490726f7
SHA512 aa66227eaea59d27ee60b08f4bcdd87ac2b0c5f9e295d85f07cf348563828992a5afe6f0a4a021894a5272945f9e74458b882379049a9658cb5f291c9f373432

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 ed42cd54c5ea523c618d8f15a3ae3e3c
SHA1 d1485a5867fc35095e89820c499c82fc23987c36
SHA256 1cf701032e5af90b8caf5f09d00f67aef9566a29e94a0d3efda884369725b750
SHA512 0a0b1aa755a0b5167579509ea9c14d86cfb509fb80f10fa8fcc709f190d4638569a3583b0d12f11f5a60ca788d9355c0eb46082c0a4a3fa768dfe3f65ac83379

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 9c9de0dd1ca019351f68f9c5614e4e7e
SHA1 b18640d4936e787c206ba15fedb85cb2576a90e3
SHA256 43734a1ca61c4c3549b0e79628338582dabad1eb6b346aab8e587ea0a4720337
SHA512 1e3243be77917bb12bf2dee931ec3df11dd0b15bde68e12dc5f3617929f5845b508cb9d8c2659de5e310a2a002fc54b7b60c7d96136f0c1d7a6f85ee8159997b

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 c30cb4248956a539cdf6371233c4c20b
SHA1 a0ce556fad5085a4f42606924591639c0df6c1d9
SHA256 e5aef7d2f1f94e225763fc16df13f153589ca904f18185e4f64633a25a79b5bc
SHA512 daf05c0b8b0b240e8818b6a6332c18724936f758c261866a95680fb1f08212aec9487dfce23a429808f7eaf2faa7aa57f71349882201fedfb11e427bde6ba59a

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 3645fda660ebb497d20c11009fb9e38a
SHA1 193811abfc8155371456524067f92c1cdb152436
SHA256 e4071499ee4f5763a057ff4ee818ae83b58678c812e472128a35f2c313006981
SHA512 6d4d1f154ef960936178e0fa1800ad9456f766d235b879bf19ad296dc399f71c3de12c9db11b68760afce4e634bacc0b73bf45aee5123db6947b5d334f1ce524

C:\Program Files\7-Zip\Uninstall.exe

MD5 a4c9cad9d80d9dd1756b96340b472eb0
SHA1 a7cc3c24d18aaafe102a39859d79622c57b89b25
SHA256 0341fb396803d7b510a6450cd70c0e5de2fcf8b1284c8b728a4d3a6bc945eddc
SHA512 817313b0b6e19185f1fd2db804d794a4202030398cafd3d202bf4bd6d494b97ba091466d20e54b35c0167d8486cdb3f357b0ca6d13d0184671e4a58b9ceff4a1

C:\Program Files\7-Zip\7zG.exe

MD5 42ed70a8d03241b20b22897715e89a4b
SHA1 f48fb1d49573a9933aa60d084c8033ee3d30b3de
SHA256 983fc80c7e2f828fa4745c1b2d93160c43b90fc5fd8d5579bf32ba3641fe1dc8
SHA512 cf8934c27ba62215231755d0fb68f4756553e573bdec7a5d8ca467ddf171a19d05c8f2c58e6929269a0ff280600018cb84e27bf1ebc90ea17780beea7ccc7ee3

C:\Program Files\7-Zip\7zFM.exe

MD5 7e428699a6e3572f287a5de326161f18
SHA1 9f20d97cb29f6a61490fcb9be7ce0c5fa3d6f775
SHA256 ee5913da92bc2f440cf7a82afb8cbe211934f9642e2722527810b2d6661ec2d8
SHA512 291f8430d50fe4896a6baf863d37ee99cbfee90ffeb94ff61c784e95a8c819658af0b63c71a0e3e1dbe2c3e3ebf1211d7ebbfda43d3baeb9d21d6b89f2ca2ffc

C:\Program Files\7-Zip\7z.exe

MD5 d36dec3a6e1eb8c1ee4347020cc63baf
SHA1 68147bf584c93856c48f4e1f058a73c6f0bd1874
SHA256 b0462301e3f2b50af91639e9135f7b51564cd54e25764118c96fac14f4912432
SHA512 1b5773c45af38d8ada19c8d5a12bd40b8b2ce31cd82b38298154f384f65915a2fa1c47a061a5cbb748fc5f9d3e2986046b367f791f1aad8b8be72116084ffbb1

C:\odt\office2016setup.exe

MD5 31dea5ec073fe5fb387f02865927bda2
SHA1 28ef613e9572ea3582666cd349cdd6610ca8cf24
SHA256 501ae37b46adc2007f882cda379d1106cf4d33f9f296e9bdad13dde8006d8bda
SHA512 b704b91042edc128c320faa7b4df6d3ae1f9c157e4546a4a5f95314abb3997be7b61dc1336bc66d2430765247493ba03a1ac955cecb335bd36c66a705dc60180