Malware Analysis Report

2025-08-11 06:22

Sample ID 240403-mje84scb4z
Target 2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk
SHA256 1e62eb0919dd9f98dde874657a820312e5f6d522fdf942328c39070273f16af5
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1e62eb0919dd9f98dde874657a820312e5f6d522fdf942328c39070273f16af5

Threat Level: Shows suspicious behavior

The file 2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 10:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 10:29

Reported

2024-04-03 10:31

Platform

win7-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\alg.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\1d810657aad3ae89.bin C:\Windows\System32\alg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2172 -s 328

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 34.143.166.163:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 uaafd.biz udp
NL 35.204.181.10:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
ID 34.128.82.12:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
NL 34.91.32.224:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 34.29.71.138:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 34.174.206.7:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 34.94.245.237:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
ID 34.128.82.12:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 34.67.9.172:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.168.225.46:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp

Files

memory/2172-0-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/2172-1-0x0000000001BF0000-0x0000000001C50000-memory.dmp

memory/2172-7-0x0000000001BF0000-0x0000000001C50000-memory.dmp

memory/2172-8-0x0000000001BF0000-0x0000000001C50000-memory.dmp

\Windows\System32\alg.exe

MD5 8616ae5540f5d1a74b1d64364a21efb4
SHA1 ab3c5d6989e69a432d68454fc6cc1b129e06fe05
SHA256 178665e57ebe9fb603b326547b928a79fcf62762e9065247343a0b343f47d400
SHA512 183518df6d6badc5c32f04dd2db89532508a53e7f6651c3e8757d187e963ea00e678b62ea1e10b4cfd9a6252b2ebf540a7a899195ef58ec42307dde12fb241b6

memory/2536-14-0x0000000100000000-0x0000000100184000-memory.dmp

memory/2536-15-0x0000000000860000-0x00000000008C0000-memory.dmp

memory/2536-21-0x0000000000860000-0x00000000008C0000-memory.dmp

memory/2536-22-0x0000000000860000-0x00000000008C0000-memory.dmp

memory/2172-25-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/2536-26-0x0000000100000000-0x0000000100184000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 10:29

Reported

2024-04-03 10:32

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\9fe5c75bb3e2edcd.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_ea4d1d81f1dda4f8b62d38affc1fab85_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 218.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 24.66.18.2.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 34.174.78.212:80 deoci.biz tcp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 142.250.179.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 yhqqc.biz udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 34.143.166.163:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 uaafd.biz udp
NL 35.204.181.10:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
ID 34.128.82.12:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
NL 34.91.32.224:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 34.29.71.138:80 rrqafepng.biz tcp

Files

memory/1396-1-0x0000000002000000-0x0000000002060000-memory.dmp

memory/1396-0-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/1396-8-0x0000000002000000-0x0000000002060000-memory.dmp

C:\Windows\System32\alg.exe

MD5 7f445647e6a6038e31bee45f5d447d45
SHA1 f8d6044fb617250c13f1cf5b960d01297cae69f5
SHA256 cf8b12ff8c5c3361397d7708c46c984e35fc88e1181470f7c6b66596ab5c844f
SHA512 a224cbc1e9fcf0191cfd42a60032903f9d45c001f7b875fb4a4ea07e3d68fd251f591bd817c2a58078873cedc351f3c38f5ac362e40557ae7b8f81ed631f7335

memory/2964-14-0x00000000006D0000-0x0000000000730000-memory.dmp

memory/2964-13-0x0000000140000000-0x000000014018A000-memory.dmp

memory/2964-21-0x00000000006D0000-0x0000000000730000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 94857c0ae7dde5719199231ce79696eb
SHA1 8f45e8d04206b11657cc4cc61253d5a2980594c2
SHA256 577dcc30930d9f9567aff15eefd76cd7dbd9a9492ebea3993db4d36422f0934a
SHA512 557f17d9e9f6ee21abb7a72f73009c49481f9504793dace1801f5923138c656ebdeb6c4c8d4bec9abad1a20ea5eb923cb3bc1d469580094c37c15264a1a4e59e

memory/4984-27-0x0000000000540000-0x00000000005A0000-memory.dmp

memory/4984-28-0x0000000140000000-0x0000000140189000-memory.dmp

memory/4984-35-0x0000000000540000-0x00000000005A0000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 587cc4bd6c508d80692fd781a365ce93
SHA1 0c8a5cd0c72fdbc6906aeb246fb24c3bba4db6de
SHA256 c31d48e3b600e6beb311b2999a67779f9672160cd06872e7fd5cb2f39e05c023
SHA512 f1f5e4f0215c2395c41f45ac7221c8abbf1961f9d4e205904fd6cc18b8631239d200cfbed0af6d55fa8d2469691d22032cd875db451ee6f72eb11bc0fe2e03cf

memory/3924-39-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3924-40-0x0000000000EC0000-0x0000000000F20000-memory.dmp

memory/3924-46-0x0000000000EC0000-0x0000000000F20000-memory.dmp

memory/3924-47-0x0000000000EC0000-0x0000000000F20000-memory.dmp

memory/3924-49-0x0000000000EC0000-0x0000000000F20000-memory.dmp

memory/3924-51-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 08ff01294589f6766daefb845d897b60
SHA1 e18c1e70ab0f723d5224da5695af401f121bafc0
SHA256 1348314ca6e2cf37475d23872129aceeeed9c719dd839a2079a48a4f437bb5e2
SHA512 c74335e6e37a0470fa6d3122f40517e2a1a68d4fc5683b04f70ef6867482f152ec682324d1aef6b1cd18495c07671aa31322072b4bd37235a2c07d4fa156aa20

memory/2464-54-0x0000000140000000-0x0000000140237000-memory.dmp

memory/2464-55-0x0000000000510000-0x0000000000570000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 d2bc406ade2fed1547ff55fdfe01b93c
SHA1 72fb1304fc75c5335c075448e3b6e0fe83b06c76
SHA256 57bebdff977225332cde73238023c5b0f2f6cc6c72e64dda51a8029d0a9024b4
SHA512 9e5d8a88b0001fea93811750a655ceafc38f2ff9cbd5f15c753a92c9babec7b5ca7c0550e011d28908a9c427faa65ab675c1f730bb0d46ee30cc96881152c795

memory/1396-64-0x0000000140000000-0x00000001401DF000-memory.dmp

memory/2464-65-0x0000000000510000-0x0000000000570000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

MD5 d510cfeb3ad73a74546a1a1e224161fa
SHA1 3fbf080511bb23fe4bc73bfdc77452d6210c4b4e
SHA256 98ef6e3c9c5a36598b1e4fea9603681fac8da64f8eb5073092016c06fa6497e9
SHA512 003ffc188e832c3afa6dca0df909b6262dc239f4b2a0d6f627eaf6c7b61febe7c5e30b3b98f54cc03b10d3850e1ba9fea571c61a48be19759d05f96eb3a15e2c

memory/3644-70-0x00000000009D0000-0x0000000000A30000-memory.dmp

memory/3644-71-0x0000000140000000-0x0000000140245000-memory.dmp

memory/3644-78-0x00000000009D0000-0x0000000000A30000-memory.dmp

memory/3644-77-0x00000000009D0000-0x0000000000A30000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 2d4283799b79e94e0912ee7fb4395b0a
SHA1 8ad6bc7b7797d95eda6a7ba40a78d56ff3f9870d
SHA256 bfd3ec9d4eeb6fc8d276da179055305d87a01cbb0046d12af5d3cd7f10e06d5c
SHA512 9744fdc3e10358829426747b97a44f897e6dcbfb6bb630da226698c8109b74a9ec68099a91c2804f29a9bdc46b753bf1559f710ba045973f5f40d1ccefa1d2f5

memory/3856-83-0x0000000002270000-0x00000000022D0000-memory.dmp

memory/2964-82-0x0000000140000000-0x000000014018A000-memory.dmp

memory/3856-85-0x0000000140000000-0x00000001401AA000-memory.dmp

memory/3856-90-0x0000000002270000-0x00000000022D0000-memory.dmp

memory/3856-93-0x0000000002270000-0x00000000022D0000-memory.dmp

memory/3856-96-0x0000000140000000-0x00000001401AA000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 0c8d28ecf1b7d979635aafbfd56e2def
SHA1 1c292bf3185382ed6c6e4588df066c1a59a40035
SHA256 ac6803ea6d60d1db1f9df8b9bdade20b983679c1419e0f569fba933e00fca6f7
SHA512 9ecc0cec31751fedb6fdc147b35b7e9b92812130a98c99c0d13236f78233f109a5b20d71cb1999f55cbcace5dca65be6d95fbf4efa30b6508560f2d551bf6873

memory/744-99-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/4984-98-0x0000000140000000-0x0000000140189000-memory.dmp

memory/744-101-0x0000000140000000-0x00000001401AF000-memory.dmp

memory/744-107-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/2464-184-0x0000000140000000-0x0000000140237000-memory.dmp

memory/3644-228-0x0000000140000000-0x0000000140245000-memory.dmp

memory/744-264-0x0000000140000000-0x00000001401AF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 941b1dc2c87fd1c2a69e07673bc8f54b
SHA1 b5f9c8075f92d931f0a7f131891327c9fc649cdb
SHA256 bbf1acd54c0a435d9f0320ae2e16c9168ebd28ff7766666d822248add75b9180
SHA512 96a6f1402b8123c1c2f696a8d54e9de2a31ff5b8a5e115c546942c889d9d52defbbaf1304e4ad6cfb61a7238306584ccac16bc24e140ebda3062dba160b0a605

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 76ca63d52f1823dc2584a82cba7609e8
SHA1 591480284736e187df8d9ca4372974ee80f4e57c
SHA256 21a0ecc33baa2315f78ea7ee256efe05d9ba72ee8cba485ab1075addb10a898a
SHA512 79f47c5d6de504c4972f61ed6074f057d878e565af05b052a51bc64863ab97e15429c7db92fe51e4faceb241a79becf89e6c02405ec758d8d982060bb1faba0f

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 79c6d5c48dd4d4216c8166492ea4b5ce
SHA1 0f5cfd1b7a022994593205013a40570c3a26c694
SHA256 2729a4ec0181d4230dd8c6a1bef5875b782a8bbaa38bd5672c4dd192dbb90163
SHA512 9dfa49ca208b1ad52f3208dbca81320a2ea6d9517c9258869d543a9690e8ce121929e56f3a08bb63b54d09008efd2759ef62571accc13e97dd32afe1732e3c5f

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 ff447b9ba50a0d8e92b88ab3320e6069
SHA1 296611197e17ea3f614ffcfa84e8bae10953513b
SHA256 b2931f67bb49d88d16f1583d9c9ff09dca785bed9b1732315c0ff9b6679d5fc5
SHA512 3d45735be9cbd2df16c185a6244353aaf1d462802b35df3b15161ad05c5f09827de9a5633ded6f3cd6a912ca5ef3b07aa6a9ce25fc9acd3d014cfb6b8e735ab2

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 3722949747740add112e08a1bcdb4f68
SHA1 e2e0707a7c8955f4754dd702481cfe8045496844
SHA256 cd51618655b5336b190e429a5aeeadcc3f3e2f616ece9a9404b901d1b3acda15
SHA512 7ed81e700ace721d5e386c56605b4697aa996cdfd93f382fea87c9de4aa08282f3b12b6e8be749f206fe69f4f04f57e977f3bd2900898dc6f927dccbfb4225da

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 9bf5be06ef6a5516ceeace64fcda4d7d
SHA1 fb3222332eb7533d70411e3795115d0b5dd459dc
SHA256 15a6459a4507dc65513c3de0d6de81fc37c528cdacfcee0a374721611872aae3
SHA512 e188b6ae20c92d289a3d584aec07f71cb8486511580716b911ff0c2723a94ecc92fdfb63c772330f7b8d45d812e42f6adebb079c3b600e01fd696efac7ccbbb6

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 91377f45014dd6018a5918a41e3cb9fd
SHA1 230a192fcefd3a48d3a64a594d359cc668888dc6
SHA256 0bceebf818e987e21b41d3579a736d9652fb8a531c114a9af5e1d2e27005ca2a
SHA512 37a20f54ec020ef02d48a6b1ff41f9299e73ef12f040aa072f7ee667a53867891664e23f7f88cb82858cffd5ddd326ba9aeec94981e624de45b82800b4f5b6cb

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 c6d1c0b84f0269eeb16c98f63135e006
SHA1 07f03e8ddc21a973f825eaf2366614ac324e8b23
SHA256 bbc8c1e67d9a09ba72f44262c7846895accbaae7e03c3fc75d86ccbfc4554c12
SHA512 6115b7c568e5276d794deb8824057618881747899a5516c27bdcaf61861f00309edb6af6195829f31cf21a7092883db8ce2a9f8e70ca335039574843a9690928

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 de89dcba4b42edace1b657c0234e329c
SHA1 4a09c45a2476526ef5aac31ff3b878ffa93da1e5
SHA256 d7691255fdf3e9f2081c6fb09b3cd2f131a0e004b0c8a0f48f46f551cf3aa508
SHA512 c08fc37b118d07575f3971fb2fdb8d16b06d27ca220a9192fbfb0a4c6098c362513a00970f9ae3bf904336da372aa7625c3397497b74a5766617ccc286db3a0d

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 ed259d8474d24e58568b06910bc34db9
SHA1 c6dc9ab6a5bb958ba53ae62df97467e1a8cdafcd
SHA256 5b4855a56c45283225d498c8bb792c082dd61492d8aaebbf74f5c013f3127630
SHA512 b9494587c7716ece501b28e96d916b58eefefdcffd55ba8ebb3b919b760c3924396fa2b57f37f82b4a739bb2efd99da007c45f118e4c06fb2fb69e45627789eb

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 68327922199fc906987222fa6d549c7f
SHA1 236c97fcfd98bc3e3d34b6288be06a8ff38d2cc0
SHA256 a7eb927e709abf3764077ff3b69e8ee19311e4628c25011ead393d87bc224e2d
SHA512 da8f49f8fe6533210b93b8489b9d93f152e4baa8c2e89981ce910b6cc5b03279d9b4c04c18d778d655ce9b016789aacdd2bb247cd599be494820ebb27a8a685e

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 2dc849fa8d5a6db0448d8b26fd4c5d48
SHA1 ca1fb07b2ca16c4b5875b7fba0a2c9a17f42b026
SHA256 f366144f2b6399adcb89e80efb72799397229eb87428bc561958ebbfe6bba0ad
SHA512 0cfb53e743d13e28bfc9d85b482c51c5de52cc19fa262e6aea87bd33aa913085895b0a123d1b4c45327ad01f2900917f9becc20fd93d5c4497c752abbd188e56

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 e37e15e4415e8a99e647195c3e35a2e4
SHA1 fbfd6766353988b902c924e2caa3a123cdd68e68
SHA256 b7cec64832b340f43bd51c66c6db376424b51017120820f5968dcbfabcbeb181
SHA512 b3bfe4af095dd6ffbec2b781420d8a609b05d507b56ad1ae600b2573b72cf5f9aa5b9567f54feb85929ee5295ac2d1dc561487bbc788f10e06b27af15509051a

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 a74a3fe886c44be9ee7f24288c51ce16
SHA1 d6758f137e843ea60c2d1dd7928039aacb5b227a
SHA256 cb3948f9d71262c56e5f5cfc2e3d57aa69fb7e9de313e7f5d09b910ec1111622
SHA512 3298e44f2d0abe820a426dc560e1b564540d6db82de34428d9041438d49275ec426d1ef2e55df91f01094ed102703318679b34e8635e953804575073c949f0e0

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 6a2b369c29b7cdca66652d1725511022
SHA1 f401e189660d51b82bbb0502de92a700d702f6d0
SHA256 a865d5bde25c0e6ab5cec83da8eb4bf29fd86721c48d3f38ca081297b2a7cffc
SHA512 56a5f9d7b2fea8d49df4211236f45bc3c352d09a863ddd607fbb922a273a23d544f4cf10f45d405a5a4e5c2293c1004c3c47a188136d361469fb473d65407321

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 ae9d947b8842d0ec6db54d018ade6be2
SHA1 bd4b665428594b11c8383090226ad5359a20ec0f
SHA256 c3537654ebda4c9b1bcb881ad6f43af3b82733bddecba5545f2fe10b7b95a1ea
SHA512 7f29912eb4b9323b621e9e4671b6e8aeca1282373bdea775e29f739a0cab86158e8345e48cebce41de82686ff5eec61aeff63ca85ebb93a270f5677beff76d10

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 9cf4eeca9d948650042c9310de793eb1
SHA1 dc3b048de7bcd80317f74d1892dced5b4f84d54d
SHA256 372aaa4658dca06bf0b8a089a748634d0933a89d6907db1f9973caeda21526cb
SHA512 23a82791f9c63ea4ca7f196f18d5a2d732310dadb1a435e3926334aad1323d9078ba2e715d89707ac96f9f0a271a0fdd8efd2d7788acb75a68f907e9274bf193

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 3d09825bec876d3efd2c2c5391354e71
SHA1 875447bc4c9e8e2f74124cf393b96c49bc0b1b07
SHA256 14a6e227854acabed5396089f7e95cd6da8edf7dd4ab6de2c2aec2038c4c950d
SHA512 d840ed973646ece7be2c4db44d67d3598f1fca77f8bd8378bf86462661237f2329920e1519baa58497cd8d4aa1f8f595897851aeccbcc248ffe46c245742997b

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 89113adf06ee24c63ac2bab5fb441d3c
SHA1 57a6238b403e690d154a5a7b3533ae4f5457c72e
SHA256 f1a4a72c8fabcb1b73e1aec2e8558cf0b1bed9fc33b4bf5bba54d15ce21765b3
SHA512 df7c1b83cb8cf508000b67f2d8b3b5d3e86ce41821fb597c95cac3b75e622cdb759234034709b0e21dcdc4bd7f266174e9fe7379b133f03787584e48e5785eef

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 fd9aa8432a7926cfb9f356ed16588b04
SHA1 b0388bef9766e5120e99bd92df8bede158f7ea6e
SHA256 44354a15141fc2b00946cd024d80a77b5b45bb3e2236f0b431e7a25e79efd919
SHA512 a124ec30e87da9c6ec4531b17e5c3146b850b473974b7175e7c2f5757243877ce7293daa8b53af3907cc1682ba63ad11b9f69d8c0a14244a5d43f0682a920de1

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 e5ede68feeea61eca228b1be4fd0d97d
SHA1 49e781b6d9d2e2c22504814c39062a9fb225f98d
SHA256 f9605f07c865c6fd36c697093d9c49d41ba73a16cc7852977a97854fd39f7b6c
SHA512 33264f765752e3444998ab32078a32cbd5898a842c5170d5daf26e8e9dfecf82c9d2e621acb83a2898aa5180fb35f5e3647fa439b67bacbe3a1c262282c98708

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 72e53517c3cf65d6e13141c55273ca05
SHA1 7a935eeb588a7581d568ade799535ce37d495251
SHA256 1b210b99014dbea39840dd380b377bc56e27b3c83573734d7a607afeea26d65c
SHA512 ea89ba94bbdae44a834dfebb05104bf881cd196cdbcdec285cc9639bea9af46ef5c846492d23c2b5cc3fabc3c0993e9971ed38e20649e0b53d7529e810f69b8c

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 328b8d820e233df259ad5e81c70e9c9d
SHA1 1e9ef575300f42cb5c27ec75351f06fe404bdbc4
SHA256 5765b4ed3df84c39cf70b3f2628adac5777a1e710eb99471e4b39e0ec6bcece0
SHA512 eb4efd8dc45b59ddd0ba4688f9b98155a34a5d6b4229e8272334a72b3715ef5fbb86c7ca462d57f553c3d39e63e5dd47dc4bdc6e717dca621174ec05278f3be9

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 cb0200090c13abfa0f277c387c05ed76
SHA1 d043b2f427c030f07822bc6ecded9b4a59a1365b
SHA256 7375d67333ca117e34b2a3797fdcbef2e501986d02e22d5a938ee2c3b96b3459
SHA512 10b11094521fdcbf6fb8bc1f92b3f1d4748d25320fbfa5b3ceed9ea47919a844bfb672ea1e49e3ac8071d70822f315de2b8ff6252d7e51f8977ff6a8ddd792fc

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 8c800e24ed4f4cddf093004048865fe1
SHA1 e36e87002d056791d13d467b62136bbe33e1dd7d
SHA256 9c3fd1e4ff713a4dd530f1c5dc7da1deeae3eeb2e4db2f5f5e68eed8eba60363
SHA512 05f5ffcdd8f63c264466bde773ac407505ac7d7804b81f056d6a2b7f9f79fe2f1d5c2edd57d77852a4acaa5613e169584074bfbb14916f11cd6d61418420c9b1

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 2a42258cbc583b5d4072a436dd7143b8
SHA1 998abd82d4e152d46bd9a16eb3be03b3e29d92ab
SHA256 b9a402b29cefc006e69da7b5d647f1479452f67f99df7d3380dc58acfd729686
SHA512 de569501bc013848e03feb196b04b53b40f664be06ae58d993f95a688aa6cacb0896cf52f2538dd4ec03115306ed7294f056b811781aa166cb7249f9c27f087e

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 4b6fb33c493c6b293fcde1e2b04f3c32
SHA1 3e36af39db552c266d854e9a08ba7c1ee27ddc30
SHA256 ef2d713ccd2ea273a7f022f1750b89de45a6b465c14bd7d3bc24fc880a05dfc6
SHA512 49174b6fdd52dc13893541021e1efa48806b5b92a6819fe275bc4a6154bd2519a36d60fbeee2314eaa4a553368667f1a0ad22b091736d748c2d1f85df0f31fd7

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 77df2b14b879d822f5ba5ad3dff95b00
SHA1 c179de9a0738d7a267f407f012ef84e76425f44b
SHA256 0aa42c34629fc201fbac7c1de600220730a052f48c8ac10c48f37b3329631f48
SHA512 2e64a95a8dce06fb30a3b5ed503141ee2d97635adef9126efb253d3b0c44d7851272ca9630ca1fa8039e09c57e837f1ed557f5b648a8f8095931a0a220ac8f82

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 770918c05910785b891d54209ecd0519
SHA1 38b9fcc75bc8fede1a5028b6b8c12e8275c71771
SHA256 418ef918e877cf883158ffa0f0a1f3ef186dd50f4553fa8b19310c5cb6ca3469
SHA512 e2f126dc85662d986d679f1e6834512ccb6d287a6d8e3c4af1e1a7367b30af373c1b79e2db71a6f043549ec59988c860f30135ce4b3124cefdc09248bedfd53d

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 a15b46f75ebec781b08bb40ddddaf421
SHA1 ba43681a221546d0f01be07c859b9dd57efbb86c
SHA256 ad60e09f10021763ca318b539aca5ba0dfd40d50629ed1947454056ed496c31d
SHA512 e9d65ddf4d1b37a614ee5cb6764bffc9b93d0233e7aa3e0d03a80acd1bf3a89e2530977fe3b28735734a90dfb55641186b309634097b54a198b0b76ab534167a

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 fb66a82c722b05342b121c9fa2b0bc54
SHA1 d4fc1c56bb25b97ce231ce840ab25014df2d08ee
SHA256 9cbc540833d6d229b2a1edde5dc766b20715a3940f6c684475014c2ba3a7fa8f
SHA512 06892c564587de61d3bb23183db09fbed9d37ba97fe4cf77608a81d24e39bfc1a5a3d18eecc34577b8514365af0bda89cfb6aa9cd327a2159e5a475dc79690ae

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 ed8a75ff8ffaaa8d59bfb81d81b129c8
SHA1 06a5a12d569dddf9959a6f8fa0105e0248d642db
SHA256 a8d52bb884f02e800b9818a4a2251a5fecf75ec96a0c5657c04bba0716231d90
SHA512 346a781d25df8077ea253b25176c0f63533c03c52f1314c08730100266fedcbf195a00283d352a78308a5cbf0a1a20bcb23b7fff73e2e4056f077f5025ca0eb4

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 76d712324394d5c229184ef1a6b4abb4
SHA1 fd43184ba91a2915bfef7bdda931108e0d34c1f3
SHA256 7aa2240812fb681d6907b6fe7186efdb649a6b3aef5573d3ea6dd3aed01c1027
SHA512 79b90e851ed8e48e6329791c3849e507a8c1ade46e8173de9bc6767c2b5958d2def070639f0d49d18fcefc5b9e9ef210b81a3325c6dcb4d0070493dea8851d63

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 9d2dae3309b7b24898b8ac53504b9c26
SHA1 004d783bd74eb8c4d34c4e2606edf9b5d118a298
SHA256 af289dc8b43afb5827a7513b6da770aa1eb4ee89d145822aaa3b2b4db74a12f0
SHA512 87f0f140e25111e50acc76d2a8f67dade5f722d9cc31631bab4ce62f051f7c8efeecdfa057c3e26b4137445302ba59d631cb1c9f37a798f4e139b08fa9ff1101

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 1ce13d1d27942182ded9a2cb5f73cc35
SHA1 9581f8afbcfe4216a5b304d966e01ac03452ae55
SHA256 a5594d1c94920394e498dcdafc3c5de4253dafccdbc374bb02f703a9a4f37511
SHA512 dd09d37ad559ac2c113b2f2647cf649f79e1b247299474d458ed81e8771cd1bd122547bf8a9bf75f66f8ae7b41213cfbfd022b702f641b467f4e0b3291404263

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 d6d305c0bda4e45077a37283df48c711
SHA1 2364d93cab246aaee0a9508ab0ca7ea68daf7ea4
SHA256 ecae340cc917c7fcf1e74b01b5b110bdb96f50f79a549ae341cf5d810cc6315f
SHA512 fc1f48e2d66e2b0a3ab6318d9af8e00b0c7816ad9e94cdbb991b256e955f4876024044305c5fd145b875b2f703f8706d4ed6a0ea0d0b47f3d8c1ed492652804f

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 6e52b9520eff74d4a230c07baff7b992
SHA1 46f16d4b21868803a983b28ee8d393af28b1821d
SHA256 c6c335cc3a1b0939f93eb04caac9dcc42d32db9dce2f0e3a685347f3d971f6a2
SHA512 558b02538dfd04ce4e471b628b6dca382180621c8effa8c7e641970a213e960b2667d651551aae4ef8b44658a7532cfa837c999027c17062358dd2a9f22f34b5

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 6eb120a894955597b172de4a9effea15
SHA1 af2100fa57a8f379a1291008fe9505b7ceefd7cc
SHA256 e4b24f75c5c05a7fcd0ca0a240f82a6d2f1b249aa291ff5ec99550c12fb79eb8
SHA512 525b66f218c71e664822687371258b98835e196d20f78be5c528e16aee773f03dff2438c535b8290d5362132529778fe0a442dd91fb1873d67332cafd5c86695

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 30256f6abe617063bac7ff575007105d
SHA1 2526f66fa06eb600097c664a0cf1c34b24a09710
SHA256 548814e874dbe739b43342a5962254a25524b170343729295e5b9c3239c3d121
SHA512 0133c49c74aa26766a5d90fbdca7771ab4a1f23835cd0e4ba03dc7c044679a746268f54f0900a2a7efc87cb8f6d841d0be002b7fabad2555508d2c1891db81f0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 677467cc16305b3ac16e33ff47128704
SHA1 f8f44056e3a3bc0ff8c307d588d5f5a949b67d79
SHA256 fda15dd02c297fe7ece3fb0134fdf59477e37bb8acdc2cddf639c6512da1aefc
SHA512 1031dcfb96f3aa60f463c32bd2d29206b0bc34ed2607fa21614e4ee3b07c01bff8a950114430872c1af1dff05c652b7fc0864ae0c2467df519e810a09c04bf68

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 aa3a8d2c349bf2982695753ed8690b59
SHA1 7e2f53c1cb883fc0e884473207c9146d6d9fab9f
SHA256 0f737b0c7d0bc176e194333aca527cae0fabbb1a17d07a76ca6d911e689739c7
SHA512 e8d528c4ff1b1671016767cee9aa1defa5fb6ef62fb9e0ea043b15a5e6d4ae400f5facc8847b31c2c3140dabd78f91da8de013f0d21cad3b965d06a93d9a21fc

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 37765fa0385deea9729c4c65b3780677
SHA1 03e5dfe7cd9660bab5b9ea52c931505fc4cee3b6
SHA256 f31a50abca552f04ed6f3463ed7e61851059b73a59814ce1201a211b8897db0c
SHA512 ef5288eedd2b101350030ff381fb57e727c770524d8ca8e2c5672b262588fb617522daf126994ef895b720a0642aef7f472f79778f07e3f0ba705ca1893d6243

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 5ddec304848ec6caa12a4328938766e8
SHA1 a1d625449def62bd704847f7a4c181e5a2af9323
SHA256 966cc237c52f0cb541401c77465d9f71c42b43771811369e53afd4572ddf1084
SHA512 5b364f5d4a1cca29f54c53ffd70893eb0a78ba8b5e680ad8c7c81d696d5510bab4a0b38aef50a12b2215054d709c3209cc5d0dc1e5a1038e2e4a93de74c75e82

C:\Program Files\dotnet\dotnet.exe

MD5 3b664489af26068a8d83e3f6234c9edb
SHA1 583348bfd1afe892ca57d914cfb8622be3e4792c
SHA256 04648b8db675f4fcb9d9f98b43db51ed7ef46acfb8283252d3ea0e302a5c16e0
SHA512 9112d0e283517916fa85685c1549498744b5bbbc46ff6544b51c483b4e94b94616bf684476508344c209df3e2e4073f239a0deee5c4512c19f018e8ecc62f0ad

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 a08b423d2f4b29f4a502dc18fe235e80
SHA1 28384987809c619cc22fe12191fed66631a0149a
SHA256 a1bfea0a6beb900301fb98542d69740054f6334edc9fd413dfd2146d5f816283
SHA512 048fcccb8ea802a806a2f92b33509d5c7178f8475cd2b9c4432a9d48cc6db142a8eec3d99050f35f7d58a09f9ab600cf735fa779b00bffbf8ac65dc7141ee126

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 629cba9f6b134b796880997d0ba6853b
SHA1 ebc00a99c4d119b22253a5fac04c834f1b96cdd6
SHA256 f1c11a16606edbb44b8547be01c9a5526c917af53eb3b15932c2b3f93fd31326
SHA512 58a285456175a76383aace3ea78b6d0e783138e4365ceb58a6393ffd39f696357dc0819a94103d4f3326a7b3fb308d8c1b9dd020fd9c5295ddd84770a896b7ad

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 6e062987c911bd4d388f6b4fc64a4bde
SHA1 834a202d3b6d01e4713d5764f41b988e4d833ec4
SHA256 5ddbeb03cae8845f00fe49a72a3cd3faf29578b8b0604a8a52709afa6d2cd2ae
SHA512 d29c70f206ffc13523207109fdecb7300502d5f796aa46f12d117287495d47cc8f8e5a20aa5f7503ed74fa335dbe074256f8fd131f5c40196b8e4952ec2c2efd

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 c9365d45e5865c5044096a1532e210e6
SHA1 0c59089db9f70ddf740c6106e2c0a74385b3c147
SHA256 4535e26340d0f2efb3068fe09b74e16750b808c4a32516dcbfd5db6e410cd2c0
SHA512 dba9d7d7797695c6c88464c4b11e8594270188dd2873065925c7335282d659841f893e309685493cf787d0201d76f21885859d46cd90b0af53d1d7817591583c

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 491265b8d3839ed26a8584bd8272b19a
SHA1 f16ceafab734f78ababc4787b068b74cb4cc1c6d
SHA256 425ff4a6b5aa9460a620688ae7844fbc07aaeb1dddeb98d00031da63dd205e83
SHA512 042e050a95be2725c1a95aee8086097eaecf959679e63dd4cbe77b21b922183a80928b1fb66b0f29a8aa60e6cb9a0d6270fe00ad90fec3315bf7c56856e94c4d

C:\Program Files\7-Zip\Uninstall.exe

MD5 f9a220917c8fbb0b94265c07ce9ae65a
SHA1 b9cbd552bae77398345d43ffe6996fc4da8b9f70
SHA256 5f7ccf6a9eab2f62361e89bec6ebfdfd63eba79245ed0c3e4e6b4f550fcaaaec
SHA512 702879f4f29b7147cf461ac493853114790e2a692659c96fe49f169449e06c0edac4ebdaa9df1c4629f180a8839161dcfbe4cae3accc0c9bef8b98905d30d6e3

C:\Program Files\7-Zip\7zG.exe

MD5 3d184f59a1bdd4dcc7728c2170b02255
SHA1 a4cea51e43c139f175654003db2631694c7f4110
SHA256 7f65bb3b8b2a7a48cc5564f0eb652dc3bdab4b75a0a8ec3291752fa9fda3aa03
SHA512 674aca01736405baa99ad7b7bcff5d497f1bc350c2d6c2d998f6fedb55e0a078b5856ab182de2f3488be3ad23e7c351044056900cb0462b9146a5f3763e1dc1e

C:\Program Files\7-Zip\7zFM.exe

MD5 14b896e7a46fad5b7e6b44c24d3d6e03
SHA1 42ad9d41c434142d2400b4e0a3f64c8b1d204ba6
SHA256 21e0165a800f57e30c07135b423d7b0fa4637e75e451c08de0769da097b13102
SHA512 c1859d39ecfac6640f72428ade9231dfd8b790820bfebc81e7751bef3dd1c2bdcebe641067f78eb547baa57bdc04e38143bad2b6ed1fe72203f0d730a85b7dbe

C:\Program Files\7-Zip\7z.exe

MD5 7e50e25a3aae8f96d5ba1824130d06af
SHA1 b1da4cc2889b334a383ddc590859602c306185cd
SHA256 f75ab09452a35e9bf3330b0eed28c35fc2f84f47e436fe3f3619936c908c3bb6
SHA512 7beabe4e2ab52dc04b2b0bef86fca804a8bf23bd7a4fbe5562b4e83b850a8337270dee1e421a31d206af7504d57ea8e63c9a91997de86630619a09804f08ebfe

C:\odt\office2016setup.exe

MD5 34b59a6cd52ab5f9316d1308608a9f08
SHA1 09b14b34ee93338486ace24f58d9e4de28e171bc
SHA256 29f0ed57d27d3c60a3731eae43c2500b3d663a2df717865fcce999ed248fd576
SHA512 2ffc84f643787207dde59c634981e6c850ae38e04f906266d125ce7775f8f91a42c6d77cfb8ca74232374570948bc283242fe23dfb93a98b5c82e225b90c6ef6