Malware Analysis Report

2025-08-11 06:22

Sample ID 240403-mk2thacb6x
Target 2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk
SHA256 39afdf1e879a87ccd26eb6a1977391482929f6b0c0236e621ca34572345d9f28
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

39afdf1e879a87ccd26eb6a1977391482929f6b0c0236e621ca34572345d9f28

Threat Level: Shows suspicious behavior

The file 2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 10:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 10:32

Reported

2024-04-03 10:34

Platform

win7-20240221-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\alg.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\872d2b23aad3ae89.bin C:\Windows\System32\alg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2168 -s 328

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 34.143.166.163:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp

Files

memory/2168-0-0x0000000000490000-0x00000000004F0000-memory.dmp

memory/2168-1-0x0000000140000000-0x0000000140222000-memory.dmp

memory/2168-7-0x0000000000490000-0x00000000004F0000-memory.dmp

memory/2168-8-0x0000000000490000-0x00000000004F0000-memory.dmp

\Windows\System32\alg.exe

MD5 9480676965280a793e45beb6d6480cf9
SHA1 ac58af047353459e33bbb770615ed18d225abfd6
SHA256 5f8cfcb125b0c4d67a0b0dd8651a269465e2e74c3d43d9d96c7993d73fcd1ebf
SHA512 dd9b5094d97be808fa8d39c4d9f494ef8244147e7790223ded08126c995e2f54a9c60669461089e0d61f7af762cd2da822f634896c1bac47af9234b71b401761

memory/2700-14-0x0000000100000000-0x00000001000A4000-memory.dmp

memory/2700-15-0x0000000000840000-0x00000000008A0000-memory.dmp

memory/2700-22-0x0000000000840000-0x00000000008A0000-memory.dmp

memory/2168-25-0x0000000140000000-0x0000000140222000-memory.dmp

memory/2700-26-0x0000000100000000-0x00000001000A4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 10:32

Reported

2024-04-03 10:34

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\20f58d868ed1090.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{6FB5F2B8-50C9-4E27-9F75-756369A42747}\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76312\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\System32\alg.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_eef3f77a51cedff224a7e7f8f1c1170a_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 9.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.162.23.2.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 udp
N/A 34.168.225.46:80 tcp
US 8.8.8.8:53 udp
N/A 34.94.160.21:80 tcp

Files

memory/4520-0-0x00000000020B0000-0x0000000002110000-memory.dmp

memory/4520-1-0x0000000140000000-0x0000000140222000-memory.dmp

memory/4520-7-0x00000000020B0000-0x0000000002110000-memory.dmp

memory/364-12-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/364-13-0x0000000000500000-0x0000000000560000-memory.dmp

C:\Windows\System32\alg.exe

MD5 e325163098e2f750c9470a807f30b75c
SHA1 d6f353c10bf42a70b439dbbb47f0744edd76ba1b
SHA256 a4bf16ba586158f355a7b208a83ae087b52878ef28cde007ba4cb5c0b03b4d01
SHA512 6f427617a54169efbf1f6a5fa5919f20165580e58e63465d00b34f23dfa348512c879bfcff0241e804d70930c5b05aa2b0e1ab119776cc1c2c0f7fcd54116176

memory/364-19-0x0000000000500000-0x0000000000560000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 e3729dcc9821c5ef074603dbfc1e189d
SHA1 5a551c76fccafa9032ec98d50576e89fc9a135fa
SHA256 84fbfb26ec1c36569db7bd1494c786793ea8b737429d381870f35caea49d92d2
SHA512 beb981055897198aae4d9b097d9c443a0a767b5bdd527835b32c7fd6e7fd6718178a2da5ef06d0719182886fc711d32066bc77fa82e801d5cf04b7c8a88819d9

memory/1200-27-0x0000000000720000-0x0000000000780000-memory.dmp

memory/1200-28-0x0000000140000000-0x00000001400A9000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 1cb3c3d7778ad5689f4d9c7fb04817b7
SHA1 5eb2caddb128f3b57e96c9972168acd95154d085
SHA256 b579d3a84c931b8248e1fcdc5d9edebf01a33b4e597aedbb6f56bc5c02a6579a
SHA512 7d62d61fa00b70cc2675e8f4b837c403a51a2656ccf9f587b52515d1a6aa4de0d6d06a5778140458003669534fd4e3f12cf0fd3126207b656d8d38e9351ee3eb

memory/4520-32-0x0000000140000000-0x0000000140222000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 e724b58eecaa279540f703c7514342fb
SHA1 3100166658c2a300018316f118ad1dce580dd10c
SHA256 be65fc573477fa44fa9942e6aac0c12b128ea3dcdb112b0322c761278d9e02c9
SHA512 016c8aac1ae5627466c7517a587b091566adf8c6bec0e5a388f106d0ddb2798c1bd3015a2e7875b961937fe7e3dc020961b8d1642b3620934644f568fbb346ae

memory/1908-36-0x0000000140000000-0x0000000140237000-memory.dmp

memory/1908-35-0x0000000000510000-0x0000000000570000-memory.dmp

memory/1200-43-0x0000000000720000-0x0000000000780000-memory.dmp

memory/1908-48-0x0000000000510000-0x0000000000570000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 ae8894b00798b93062fab15fb25003a4
SHA1 2c2ad2bd35076a6a8708c557ba0d821241c8fc8b
SHA256 54ec539414858fa6bcb095659796ed97f216c357a06a1f0a941254dbadb54bee
SHA512 ab89636596a390eaa81bcf3e0df2992ec568ed13594ab220e7579e15a3c936d362d121c3ecf0c858adcd324966ef12cb3801f5e364bfbf9a1c2a63004f40f759

memory/4064-52-0x0000000140000000-0x000000014022B000-memory.dmp

memory/4064-53-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/4064-59-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 102073c4522ae21b514c9eeca21ae900
SHA1 e8f6f79643dbf28b43ba9740f5477e45759685fa
SHA256 f62b23d14bcce7f781c037c142db142eed2d23b483b6d78120177c98291b53b2
SHA512 93c070036a82052c5b374ead48bb6bead9ee51506dea93181823b5bab1340334156e231217d80cd5cd69c043ec47efa47d0a58b17c427e3a90ca770ae586ef42

memory/3052-63-0x0000000140000000-0x00000001400CA000-memory.dmp

memory/3052-64-0x0000000001EA0000-0x0000000001F00000-memory.dmp

memory/3052-71-0x0000000001EA0000-0x0000000001F00000-memory.dmp

memory/3052-74-0x0000000001EA0000-0x0000000001F00000-memory.dmp

memory/3052-77-0x0000000140000000-0x00000001400CA000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 21caadc86691f066cbf5c77245dff2a3
SHA1 5a7de4812be4f2f72fb1d67cdeca1a32eedaa1af
SHA256 4eb26c50d9af04be9ecb58204a00dd5d3c19b56d476db57241f036e500f6e3d3
SHA512 636c200ebc70b432454b87f2c3454854959d7d4cf2d180b10d2cef4de5597a2dbcb66ff15e7401a146087799d7c8aaae878615340027909bfa3ac075f9b763cd

memory/1516-80-0x0000000000420000-0x0000000000480000-memory.dmp

memory/1516-81-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/364-79-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/1516-87-0x0000000000420000-0x0000000000480000-memory.dmp

memory/1200-245-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/1908-249-0x0000000140000000-0x0000000140237000-memory.dmp

memory/4064-250-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1516-253-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7zG.exe

MD5 76db4ea3b49db22c6f017ff750487d7c
SHA1 5ee1ef7462cca1af2ae3ad3eec91ae654e69057b
SHA256 cee8c12757a4845e64545bc60b85f6530c5f2a6f1d6a2f21dca85d856df597c5
SHA512 6c5f6f02f96d064ccefce6457c13e3e60174398250619d231cb2057875422b274eef05ce32b50b4e9443e2b32824ec420070f61cae21dbc3f7400d574ab73580

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 766a730cfcdbcb737bad5a878015aa46
SHA1 36e5822cc06460fac239a2ae1a1ea6b312114bcb
SHA256 f5c31cffbd494e9dd835b34c7007588248425c1efc5990604c18f2e2fdb322d7
SHA512 e3c5eef0b3a276b0707be046fdd8f9e2d739d6c5cbd12e8388b7a1c1353e249efe613116d2946ae7cb82f803abf5cbeff5a1029180096a7df8221ee54c0198dc

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 046254cddbf3467f0e7af1a30d359a83
SHA1 e6e4552c855562457dda88e375f9062c439d090d
SHA256 3f5732390f7c5b42ca1637ba9d507203951e5898c39e9862ce73c41c989cf9b0
SHA512 13fecd83ace6361f9ba9b434b04c62b78323b6da6d5978a9f2133691bcb65a1c545cb87608dbb4ca35ac4d4f4189243d9e3c0539acdf7dbf6d9b272db96c38d7

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

MD5 228367a0d40baba3f3a4457d0a9c34de
SHA1 6c4158c02801f7eb04415b7a998a67d161099bd4
SHA256 5366ff1bd42dade6e5e9e19f824dc24ea380ae180707ab800ebea7b9c244934d
SHA512 710abe75dd253eaaa332dea13dd353e2c0697e3ab18f339c42cf623bc9f23fd9786ac808372b4971f86af070c5492b5e8a959cd969034b8f587b125c0c471241

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 1cc353903fb14dc2ffe86bd48aabe944
SHA1 908e9f46be09d47a9de7debbe3b95d0b60eacc67
SHA256 1ca9ed4da13de5034e455994ebe713991bb4c31ee0d049230963cf3afa2126bd
SHA512 7f5b206fcf8d445e78faa45dbdbf7f912669a45c75c16edca37eddce681633bad681901e18705fbe66f19add56bc1b69d059d957947cc831a9c115274b2cdff3

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 a67a6ce9455c35f066d0abf2428060a5
SHA1 313d4b2336ec7d1a109aa5e448adf9ecc1a2336b
SHA256 03d85ac9e06d6b99969173c0209babd1534cf3559d24407773104d52a7a3a53a
SHA512 fddc11a46ac2dd0c6333b824143fa08b78191cec50411549ccfea41ba516001ad19151d8a5d8977029a594217d4fef3dc9b92883026bc0c795073ef855a91186

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 94245c861bf0f3ea1636f8c8c605a6d1
SHA1 e731fe9b6a28e501665c362baf58a59fd85b0287
SHA256 dbef955ef73272469320a18e798ca709caecb4e281a45c7fcf5558436235f7ff
SHA512 5bdbaa59e6b0d7cb635a2424f9c85e2f6a1adaf5fe77a3ce8cdeae4558cb5a412652aa95b01a48e8b0ab7a58ff4281c0bbd7a3284de5aae2b9ff456b1ca0298d

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 a72a68231fdaf990bcded5e01e4622f1
SHA1 1640b0ac1e867a0a5d96e304a34790239984a4a1
SHA256 cc7bff44107a12fd540f2245235b16966be1c481c74a3c11b75cfa78f7a1a88c
SHA512 539a39367602285299ece4fe37ffdd2de438b19b60c9a3f1211b1f18034cc31a47984d580863cc08707c028f07f21d7c65f604fdfee2d2628df14048b3ef57fd

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 327740b3203f7b77e7744516d3c041e5
SHA1 ebcdc9aa5eb593dbdd1fb750428eb5e16ed98b22
SHA256 16161f4fe6921c32b210e02a61b46bae841024085160c453844c23754d51ea20
SHA512 df27660f7bb454696f813cc9d83541beea747f1c8c51ebc5b0999c1940282b504cd0a6159b1446a5ad57b51f30373650b573278c3951b1965ded18ec4429ae65

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 0f2e2bdf6f302ca936b051bbc91db3d7
SHA1 9d9588ca7db2a00aa7406d702a34aaf4439a739e
SHA256 2349ffed9e2e75bf3a6b299cf3cb78e37e0206bc79c44bb3871e44a410e99cc7
SHA512 89725b999d22e7e6069a6a8d920d50805205f0f19e42dc3eef9de3d24e592edba01627c1972b486a1262f39d6fb744fd484d21f911f2c52ae4a3f411cec84cb5

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 8d777f02e5339f487a38eed98ebc551f
SHA1 6cfd6c5268a21c5cce0dc4b68f45477be991b7ea
SHA256 c77aeb84f3bee9d386255ec7b1071100063c66b46bf14068e55f6760e600cc69
SHA512 05f64e7e826e2b3f2d29fc9580c0c2153325700da1b6d1fcdc74826885144e4d547fb4c02f555e7b3fa88ad48042f4c11dbf78336ed14271c9a8856c30aa276e

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 9bd280602be2e318ba2835c09f3a75e0
SHA1 b5e88301dfbce5dffe154473cbf37f4d5edd2f89
SHA256 fb5b65c29d5badbd85bd25bc7e6e1b3f6b2b596b3cb137ac3eefd31c65af60eb
SHA512 4a0ee17ed4a52c84d0fe6060618407df6596454a79af64e1c527c47beeabfb12b21ff4cb159881bd5b950ec072c8bb82ab48d34c0b7c11b317ce28a0863cedaf

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 fadfbd24301b832410e2ccf96ab5a582
SHA1 edb05ed398979d3cf1278229aa2521e28bf406c1
SHA256 5b08541376c2bccfef279f6d1e27cbe58ea606f37a5d5d047476484663a67ecf
SHA512 e6b5845e6bac34909597707efac62bbae8a2b65807b70e937a2fa0921acb93c1b50e66d4b07411a356aac42a95bef67a427fba482ae391050d6d8a77eb30b1a9

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 c626bbe7e99712a70a0d55be7f5d7e3f
SHA1 4ca2ae94ca67ddeb617743e8d7ea23e0df0ecb63
SHA256 2c953117c234689a541fb18d87c8890a11f57850aee156bc1d542452c43b91ae
SHA512 5cd98f9943f33d7b6b11543e4b40deb37075f6e80f6c8f36efb8993363b85e876cc0e66c2ba91abdc38b14527352f086263a5dcc636e5a0da7c87348bae0bf34

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 5c0850d494f6be7ab20c52d089200b64
SHA1 59c05bbf0cd8ed89fc1c1b6393df8cb81b25ba62
SHA256 b5f27537fce8704b29d9e8b64d1032cf04ad9af4be7dd81229bc54dc0e249d24
SHA512 0542a672630a1992e46a42846a3bb26dd3db63c83f2f0735bdffba682ab9164384c726a27264c71466cb65f97c7df2c51df60bd14647b88e0510fc43fe3795a1

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 5606d8c22ac2a1d559c2ef2a6a640f63
SHA1 447e969bf50478127425d477f5bc664924fb1937
SHA256 8f791f23a70a1b9681497093ed92c325ae476fcd235384a030d0eed5f5ec3986
SHA512 492f73e0ec20c01d21a411a1a6013d49962065efb5ff6f860d4b54b1b88138f4e2df606c3f78fe49efe2496bf4f6dad7791813bf99ea5abb3fa5e236717118af

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 d1580c437b340983cd95fe24fc08c095
SHA1 e8f114d5e1e1fdada1407638247a40b0f9cee9b9
SHA256 6cd9ac97b1491ba5309abecfbb330acea51bf2cf9fa282e1c53932b9339e1abb
SHA512 a639b13946f116c32b97304c00d42866a68029a988bfa91345e65ef8a64485986ea455ec5a991445a4aa682d4e50435825214bbfe4ad427320f9303cd5b1717f

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 89282066c9c213902c6c093deae2aec6
SHA1 239487ad8002a97102a49e937e15a7b860d93c9c
SHA256 aa06033f7e874b1fc6d20277ecff10c5f447948189c37749535d688f5dc71a28
SHA512 f17a0093d9b1d0bc8cf28cc477ad9d93019a6bd4e0d8b2121e354ef36235a58c887660634ac0b17f3c89dfe6b5bd9a88a14b105fa0e8c8cbb4e6a55bcfc9b77a

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 4c66c763c1c9321ccd8c935228d4b55a
SHA1 a700759ade9c026697e1cb00a5c9159f94a15993
SHA256 e5314ca9511ba9a92ea567b9e8690008af3ce480f30b8bef17401055c77492d3
SHA512 8fb1b3cb4ab1230c69b912686a162001fd59ba6d5283ea0e2787b7ec26f07e27cd338da81da940cf439ff4920e8bd5cf8b39a42fef9bcbce3df5af167c1e65ae

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 5fd94e9ffd5f31357e6d38c85c8ab3eb
SHA1 1b73002fed54e302dbd5012da604919a1283c722
SHA256 06b892785047cb41096507d6bdf0776c44d65f22d9e4a888f2547357e96ec624
SHA512 a0f24e4b86c92d780b96d9e8ab6e537f26e427a690e58347be421d26e7cd4f0cc60ee7bafcb4194e4af552776c1146e3b2f0a0f2f06a377597c3431dfc49c036

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 4b1a9459da614e5822f47d862b658f4c
SHA1 0c3b3afe46447440954be726fe0106b0b022cdb7
SHA256 19aa98b3f6d35def2664cb2e432cbb02bb25b8540d1e53fc1f051e6c29a5a3a1
SHA512 4df1b70522c408113ec4e50b51c96be22d48a8d7b9ed890e03163e35d13d5f2cf0c633d8a92a8fa8907f0f65f6c472e5a2ae4aa7401e5e1529e114a107daef25

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 634dcc4c0ff9cb8807a21cc022f01b7a
SHA1 e5be03fc79e047adc292931407605dc297624cd1
SHA256 ec9e2aa8e80fdde49d16a2f2bec3118272ab0da75ea894a91776fc7d83fbe053
SHA512 d6825e28a61304d7d31e6148e3e9b87de70e1c01e3e45c0b71d8e53366cbf5ca13852d4c27f52b836182f680da6b7d154eb2ae356e93070a1e88aa02edc0d500

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 952be3143cd87fe138d903ee0a3c7d5a
SHA1 f8bfc9da9a163d5f22679b6cb47e4c3abf192bcd
SHA256 0fb05fe5dab295d0b37177a0a925dfca89527cd262f5314c440a5d7f54d68d0a
SHA512 f7c8321c06b81a0c6eebd527bc80ab53c97498ec478767e51f8963b2062b5ee52099e34fd7289e21c4aa4d7a04aa78dc2d0c72cda373857d482f642fe27a4e7d

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 ce4a74e515ef8844da42926474d0af8e
SHA1 be1de141fc8f173c6be36c7ae768dfcb9edf94b2
SHA256 d7efd0b66929b4fc70d762372d27f3be954a2b030cbeca1e4c66409e6c4adf71
SHA512 d2cc73945962e3c17b3f86f9d2595c0ef26eb46e1e83cc981000ed502c73ed61d008c00e9e0df7aed57b37d72d94ae2a2a595ea20be867961e98286aec3cbd56

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 8d474c43d29faa63ad3d60bc0f04f898
SHA1 b6315b13ef1780cc307751f7a518ae59e2d87715
SHA256 1a02fee855fd8412e4733a1dfc700496d387fd7f11a9aba9d2fa50f7293e505a
SHA512 b39cbae58272d05af44576177be9f423a14afd4fa316c317d5ac65f1db57ac152c91f852268602a300695c453675e332eeddc8ff440415541ad96c6c27926feb

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 ee60c52254640b52e6c026313cfb437c
SHA1 756a32e118f8237613b8a2e5cf3c771a853335dc
SHA256 35dbd2a99e1be56147894d34cd5e288fd43116174239fd67a6db6540df416b7c
SHA512 80c1ab323f55507a0531b068c5911ab60d3c80f9bdddd4eb0115e2027c931f5ff9288cbffaed13e2bff8f01b1525d683f42d08beda62877311d8d7180d64266f

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 323167e88a04c8806eca10b2c0f58b6c
SHA1 b84f03cfae8eb4c4df545db650a7b5a8feb3d8f2
SHA256 546d60254231a8cb8ba7ffe94e7fb210ef48eb9a296aed435114e37bd07bd21f
SHA512 4213af06903b2a1cc93b6db93ea59537b5cab85a08d48fef3f890b9007a66311e087c4d07e62b71a31c436c227caf35a28f84c40d3bc4ac53d039c2935fb42d4

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 0c28108c86a3faa7bfc01f205c497fa0
SHA1 41787b7341c5fb1270e36dd828a3d51ab9811e89
SHA256 d485a463da68390b4c7c3e57265096962a75133f6db23a4fdc7eecf32df93abc
SHA512 4a90bd8722647546a963e3042adeafcbe9c7fbb92cc4939781fdfb8e5ef5f48d82d6090df7ddffe4ebbbc05fd73af8ed32fc23048c9f05e463a8974e718b10be

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 a796946489fe7d0e22e78097eb81cc0c
SHA1 438ce94084c7cc3b9ead22ee8a058e20ae4b0d65
SHA256 e9e185ce8b00c9f0fb304e67d8f23e83cbdb1ebf1a7b8bd9f8656edc3058f09d
SHA512 872c0a2f324b15173180b7a6b23d5f233aee29c379beb020c0d90ec08ea6e97ea064ac29d99534f5443ee883b9769e22c49f3fec3362ff0090721debe236c2a5

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 ef565e7eceb78ffe9e8330e2867d8622
SHA1 91311f8e3335fe81ee2d9d067302a64092f303e8
SHA256 dae12158b345507045e16bda010159edfc650e420000fa74cdbbebafd02ad47f
SHA512 03b3c1f11e0a3c470362dae828ae91bbaa3cefe7a960ad45c27ac3bfebb17c7ed88eb3f1e34cd84d30da1d0e19e45d1019fde648b48abefb13e17308505ad855

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 476fcea1680df55b09c4ae8beb128f5f
SHA1 796a7de3ebb0daae6dbdac2e5b1928b3b2d767af
SHA256 911d4a8d6110f8ac58850766e29bf7a826fc1a00f94e3811b7af144843b792c9
SHA512 507e1b82e96e9a2ca307c57ed3e81d2f2814ae9e83fdb04922b521a5b72e655aea189f7ff41520a24eb911d6b81a81b0778ea325805be7a286381452383b21e8

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 8851d209c22f3a4a1ca0549879a2fe68
SHA1 6fc8a088b90a8badb5e6f237a6aaecef177f8912
SHA256 b5e5bc0d4498565bcd13649883ed7926ead17946cb78d97c420fa254b8adfadb
SHA512 3ae58473c5fde6c5f5fdcc1f0203065688613f0fef1d3ea83fb9a4be06240b26018189506fa9f02c3b21626deceac2124b22920b6a3fc8e5ddea8879b687dc01

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 7964ed8d818a3723bb499d1392101315
SHA1 1d0bf4d8920a95d99c6112a152488d42f5c0f1ac
SHA256 91aea48090cb38f2900b187efbd7cad31e6c84becb22fc75539a4add58ee5698
SHA512 36655a0912f4f45ed6ad04c5992a77f1a9a85e2d81717247e7b5051dd15356ed4b24331c03619870155f6a247fc80634dbe4677cceba7fa4c6b67679ad8458ee

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 b8d24a47e6f8985276a3b6b5cfea19d3
SHA1 eb316935804c287692eaf6631c8a0b6374f0ea05
SHA256 f62936c06525c4bed0b5cba537b95610a777c44bba615482d318eb0c48c96a67
SHA512 da3c95e2694ac14f45777352460244ea3c099534dac8e38a38851face5ec434455feb61b7afb969c108cf85d422221d0094997a6a091d2d54bd0e8f1ebb56af0

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 c6a164a59c95ddd03a3ff833b3528945
SHA1 dd4c06df27c32b4e02542a5441e79edc059299d2
SHA256 7aaa500724c27f63975c07daa21c464982f44d6b637af90eb97831fb112637a1
SHA512 982fa3e1b4b5c8d28c390208cba9c36269e1643b15cdf7d5a005f0c8c2767837c62238ef5dd252a14601926bb97f9bed198fef0ae4b482b7b9dd13fc6261b5dd

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 7194a3f69933f498501f5e2192e75ac4
SHA1 07e682b94f7e59c5cedbae06999d7fc1d6f55f5e
SHA256 a797897048332612f3799eb7b2a6b94311f58c1ee0dd657020a16e7ebc8521c8
SHA512 de333a89ee0a162d6db3777bafe611d4899b793e8575443f64472d9b58a1041d4ab01b1e0ef71c65144330288d2fa18a5f08ce8081f3b2c73d31b2bea20ce684

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 ce9d6bc897af67cfe23718ade9f2b87a
SHA1 b1fa5468d3ea181c192068748ba9f3d60e3a5398
SHA256 f7203c16b5c6d1ecd7eb42de00a42e4b69fa9a6753089f925fd809ec40151dd5
SHA512 b5a7ab25de49760fa0d22d91a6f9403ea1e83f13fbf0b4ff705a9c128869d63864fa97ed6ac39819f3278862d1367d643c8a301951ee607d89be43c8308bb30c

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 fb1a720925c109dd1ae6cfca77193b1a
SHA1 7b07f1bd5d2448ac99dab42fbf4efc38b1370b8d
SHA256 f7cce41987ff60058ae9cba9cf66e411b398b5cfc3f68421d5c0d326b63f5853
SHA512 2b6e64d7bf68c92097ca7bb86bf16ff9d0f5273332e9803cf9a4254a5112b59a4d32b83646dc8e1777f6a7d7cc51a33463ee152ade9d8c6ba599e90eac67d810

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 ed29104d37878984920554b415544824
SHA1 7a6677edcdb45dd2548c92cb7179d5b570add604
SHA256 2853d5251ab3881b5888904355f828fe08145764c4a7e24b95b6660b9c476df0
SHA512 af78ec956f6e6674e4d0e1901989faabf35ab48db64d2ddcf6c96042e20650091443995fb93cdff0328447253d34aa950dcd3f448891e7552c1d609017d82f86

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 5fb9c8823f8ef551e58d621bef1727a0
SHA1 57ebdfaf91386e67b25aef69816915f57f256cfa
SHA256 e4276d6665ea880c64bbff381a9a7bff6a1dd2d9d66c8ac5ef4096a20582321c
SHA512 938c790ab6d2eb7b507933373d1eff43abfd128c7ebb78b60263730eb5fdddddd2e8fd60be11590e78e2fe91eb24692ae15238e1814dac7fbe4947d53f6b622a

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 5dfd2cbd193a7c575f14a7b97df0cb41
SHA1 12610ed33b639e9e107894c34827aadf34dc6def
SHA256 88ecd55e93aeb8699ba6903530d980935c80428b53d8ac67d92040e2a576b6e5
SHA512 359bdda9535dc4e908cdaa172284ac4d806796454abf8c0d283767737d56696dc158b29669e8aa7bcca3add60caf536c82dfda6bfd443b7800e1ea9506774c4f

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 476cd69d6e6c92cc022263a3a3b5a9b9
SHA1 21ca0506def15c30587ec2a52be7d3126ce8cbfe
SHA256 9abde1536032f622082b2e7246bbc7de322713831b20785f9851abd5fbd3ac8c
SHA512 3256bb36ec883732da059137303dc0b570f69ac26d181059f2136eef5ae4cdb713bd9121c1bba2087a596b05dabb63cd79d612168b52d5dd3e4abf328defbf1d

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 5e58f03d1e07ca05ded698d57a01de4b
SHA1 04201c9f59115f38a670c032ed1f32ac01dfb9bc
SHA256 a4b064f6a0a756214279708edc94adb52740a7523ed17a86c02537653150ba79
SHA512 0120d1d8394af6db67db2e2653791e543d7df7f2ceb975821ee56239a883c8916499f66350bd0f7a7e31246aeb5781c629fe485bf961775aeb57ab84661e8936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 c0bd9aa28756e3de76f6e23aa9f7b378
SHA1 cc12bba032707e4ceb281b04073f16a69f4fbcee
SHA256 c68514d759374d082fb04407c12e279182e8e4ed1025632aa9a39b469eec964b
SHA512 d4a0c68f555b414962d035e7123fc8d75e080a71ee1b2f81c5d3f005e10dc678c185a4b8e0162b5865b05ee0f603b2d34eb2fb6f9110d00aa3f625dcb5e93181

C:\Program Files\dotnet\dotnet.exe

MD5 b12b6e895cd89c389af74579260a46e1
SHA1 8b6b40b44d233e72a26b0af007cc5d13ba1c71ac
SHA256 b09d50addb795503ab6dcad4947f02534c5ac556549311557bc5a0a9950937c4
SHA512 0a9b459f29f92d431646e6659091c9a6cc03e5585d9f23bf5598af1842af4c45910d6893706baabe90c4d1a637113d35156d35f7cebaf402f5937e5d46839630

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 2f4a025036403946f7d48ecbd33be1af
SHA1 2bc51597f50d1ac97d61478de73be7bdc1c2029e
SHA256 7908698079b016db3d5efc94b1eafa93d030c7aa6e32693a2bcf4bc680a24905
SHA512 9fb9f29d1f90701b8b6b199e76e8b73ef4dde670286cb6816aa87614b0180be2330cd5e987f29f9fd03231aa59c03c5251e601dca508c2baeb38d05b3284b04d

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 39a5349e5531b811a45178a9cbd3d5a6
SHA1 cb96ea9dbc2e8147fc47072dc874c2b357b054b2
SHA256 3b78c2533002b7415042a7bce2cfb42b973f23894c041abfe7bbe55e6a2258f1
SHA512 243289c2d88fac491ca08b19a8b16de4f8098297d3e41ad131a72bc7e3a95886423b0d7a273f64b7988bb43d25e5559f5e76e1a83fe74ddceeaea065740ac2af

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 53e689fea70347216aa5c3584ce238b6
SHA1 40f1b18c105316880efaed333c84cb7f8c1fe980
SHA256 f200a2e80de6be9c24c296f587eaa8b7495e41cbc192242b9cd3cae6371c2ec3
SHA512 a244af380d47135862c7f1119794dd560391c20a45dcbb2a8d6658c59729c9992eb6b3f08d39f7c0dfac9f776949ab8644c9001abe53046374ee0e1bdec8b4e9

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 2b31853f6a09aea0abd745a264b3efce
SHA1 ee107339df042a1cd74b50b386cbabd4c91ba3d2
SHA256 b4382c7800e7ad244efbb0f56904d65deaec48bb0504a940081de7ee8c42f0fc
SHA512 854d0c5d52966926eb6219c96273da94fd033608aa535ef2371156ea4373261a2f372f6f2454c6f1df25fa2b15ee3af1070dbbcb4ac5b41dc0c030678e135c66

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 639ac07a7cf8933a8f92c2c2a327505a
SHA1 ed4cf194feee6d28a4da4c021e9c0ee7150e6bea
SHA256 f0c9459327332bfb2985fde37530efeaeff8e7169582d34e7ddc7441c859b55c
SHA512 9a303f86f5d3c4aa8f54503cd3c898a3ca2d953d51dfac04dd3f399ad4db6b55000a604a895583b10e4bc4eb9c2c23d81247cdb35e71f8cc712cf81e8082d1ef

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 c492ab041516381ff17bcb522f28e133
SHA1 25b60ac53ab32bd03a5f206a2de9674aee1d4a68
SHA256 06f0eb1a047dbcfe455e2895fb692f4b9fac299ce6857e443a35161b71a3c9e0
SHA512 eca8d5f173e6ce1d2794411add15b73ec7a9878d811d30b592c37b60a582b55d4687fa8e61a6073d5a41830e81b2ed964391444b15ac93589e34781dd6e0ac42

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 23f12e753959a323a9395d1d5f82df3f
SHA1 6af7fe841a21874eb20d2902c2d7f81cb3b22f58
SHA256 5b7887146cfeb7db00fdbdb49949202659d4bad43b0f2503d983b1e73ec2457b
SHA512 4f8db8a42e599a841f9f152f74e4f726d5d9fbfa2d7ca800017ee533cb979e80b95f13190a03dde1f100155673eae933096ae34f0ffa82398a50fc819f764338

C:\Program Files\7-Zip\Uninstall.exe

MD5 372f97775e8e6cd7373ad91d4f7991bd
SHA1 bc173ad82f687d1b36963f7ca39a26b8158e1a7c
SHA256 d947b758702975c9e4e651206d9afc264eb49447f6937a34daba5296504ba49a
SHA512 13dde872d62003a261df38651031947dc169ac6e7d30b41ba21a001a0ae34a6cc588a1485ba29cf077fc90a21b54f17ed7af262ab1583ba025638086dafcd712

C:\Program Files\7-Zip\7z.exe

MD5 cec64954c7843ea45131bfcd90ecdd13
SHA1 d1d2ac51c9a71710c484edf11c6266c1b727b486
SHA256 4f1a2c02799a35b0fc569b3fbb686c16a9a5b12922a0bd0ab50d7e0f34b3043c
SHA512 3901a9fa3bd049da487484ec079349a3adfccd7343ccc53d4ef3a121b67e39d83ac08e9f56429fe7e49881b51f127e9061ae4cf7ea52e130161bf0d60fc0c3b9

C:\odt\office2016setup.exe

MD5 1b7eb1f0f6ae7b3a67219d7c1046a531
SHA1 b97dd7caa7d03d57c52c888dabadb7db258084e5
SHA256 8f1ee45b7b255699cbfcdabef08b94357d46d5735b223a15e2d8dfaebf6742fb
SHA512 d3c1631dd1b1315c33b8991d3c6d715e6f8ae9240285690a8b13efaec9f5d4631348198a4cae402361e8d1a211929060a614eed23b494815dec6a7ea57a87ecb

C:\Program Files\7-Zip\7zFM.exe

MD5 046a9446e27ab5858e0f47d6ede9a041
SHA1 60592c9f711f6aa777535901be012156721915cb
SHA256 908fe2c5f9beadafc98d2c445ee48cd6713594165c591833806fb9b48115a843
SHA512 3c182221aec9418a00761b94cdf2e9342b1aef76a3b0794d5f50306696b82e3b5e72e585e8eb8a686f1ff1f83d3977250d3c119a705a441da58a1ed307d4fa39