Analysis Overview
SHA256
d2b16a3d9c397093996e7b27178aabc6aaddc19719907553925aee99ca980047
Threat Level: Shows suspicious behavior
The file 2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:46
Reported
2024-04-03 18:49
Platform
win7-20240220-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe"
Network
Files
memory/1620-0-0x0000000140000000-0x0000000140248000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:46
Reported
2024-04-03 18:49
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\41c1e984205991d4.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmic.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{AFF521F6-AE33-4DA9-91C8-593A92655606}\chrome_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jps.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\kinit.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 84.117.19.2.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.206.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 46.225.168.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | 21.160.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 92.170.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 34.29.71.138:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 10.181.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 34.29.71.138:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 34.143.166.163:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| NL | 34.91.32.224:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| ID | 34.128.82.12:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 34.143.166.163:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 34.41.229.245:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 34.162.170.92:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 34.174.61.199:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| NL | 35.204.181.10:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| ID | 34.128.82.12:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| NL | 34.91.32.224:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 34.29.71.138:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 34.174.206.7:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 34.94.245.237:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| ID | 34.128.82.12:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 34.67.9.172:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | 237.245.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.168.225.46:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| NL | 35.204.181.10:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
Files
memory/4824-1-0x0000000140000000-0x0000000140248000-memory.dmp
memory/4824-0-0x0000000000540000-0x00000000005A0000-memory.dmp
memory/4824-8-0x0000000000540000-0x00000000005A0000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | a7acea78df83e5b91b6b8662d46a9923 |
| SHA1 | 48af63441ae5ca29913f8f64c8f955a73fad0711 |
| SHA256 | af73bd7005edd4de84bc9419ac4d158cff9854cc39716dfe3de78204a74754d9 |
| SHA512 | 3087c9a8b14cc9de07fb0683e5cdea1df6c41f92618a7b5c9df8a99cda09b31b9af6cdf8b4f7c187ca2f4a8f405bd22b5e99bc6f53ab22b9250693ca65efab53 |
memory/4276-13-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/4276-14-0x0000000000690000-0x00000000006F0000-memory.dmp
memory/4276-20-0x0000000000690000-0x00000000006F0000-memory.dmp
memory/4276-21-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | db76a9c5b7ebe14325848fe015ca851f |
| SHA1 | a92e3648ccd95183c62e0267ec1fc8a465a9f1db |
| SHA256 | 5b5f5b34c12c3a76b40c75358895a50f150d5e2774388263b1997e50ae9d1b93 |
| SHA512 | 7e1c9c20a06f45933e532c4606e5795031bc74246f746d495bd6ade1c3ee998aaf858407f9a8fcc31e7ad4f1dbae32b18a2dfd1f1144632b5b22b337f64efd26 |
memory/2992-28-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/2992-27-0x0000000000710000-0x0000000000770000-memory.dmp
memory/2992-35-0x0000000000710000-0x0000000000770000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 5654c993c80f23c0aef14ea804b37c78 |
| SHA1 | adef81dd5671aa46e7752d61757ae70176b7bd1e |
| SHA256 | 09b34528b685b63e82cac38a011cb6e84a0e83ce0d6b6edf3d06d3e8eb4ef117 |
| SHA512 | 288253cc4af7e6ce27bed6561bff4f001766097c736bc8a7ab3622c312ab3e9925e2015297505c4d51c89bf365b5a136b514475459eff64638adc84678b5dbb0 |
memory/4824-41-0x0000000140000000-0x0000000140248000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 10802b5df43eeb8a08b01531fbbf380e |
| SHA1 | 40b84ecb83819dd066d59ac0a5b86373c5996a54 |
| SHA256 | be343d7207f541f286777a4e40c2e8972de3cdf68c92b43898f87a3e3d367176 |
| SHA512 | 043b1ef6a7fd70e004cc285b0836dc42f5d34caccdc0cc656127767af149ae6f43f1a51a7edc13d18a249b0d8ceb2b13bf22dcc5db00118a8331303276131b66 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | f7366b6d9c35da7c6c2ff8c0e5f0f59b |
| SHA1 | 36cd2af0f2159f91e9515b571c38f13e2a4ce898 |
| SHA256 | 0d9a40e00463b2775a2c5ea8be0a5192c2520c1244274271b5d5c87a3ab058d7 |
| SHA512 | b59fda78c52994fcfb8edf76a7aaeb173986e43ab38585fd50a32e07ea619153cc3a1e02a677144c8d4a57c1c0ec5a9cdddb0e0168e26432d0c43869c7561085 |
memory/3140-47-0x0000000140000000-0x0000000140135000-memory.dmp
memory/3140-46-0x0000000000C90000-0x0000000000CF0000-memory.dmp
memory/2356-45-0x0000000000510000-0x0000000000570000-memory.dmp
memory/2356-50-0x0000000140000000-0x0000000140237000-memory.dmp
memory/2356-59-0x0000000000510000-0x0000000000570000-memory.dmp
memory/3140-60-0x0000000000C90000-0x0000000000CF0000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | bbeb5e441b13c6e4954c8b625658b09c |
| SHA1 | dedbbcbb3f9ad9c99a5b88a0fcc04364fe38ec06 |
| SHA256 | 139eb1234c708e4f94a34fc309dc60fc6f41d9c1245a97367f8e4bf03fa7c23e |
| SHA512 | d48b440886892a73dc648dcaff53e15097ed176029fe2a62d92cc6f4a15883db065e56357013c24e830c31d2180888fe3ef6d9f90d3d65ac574322013e084ee2 |
memory/1172-65-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/1172-67-0x0000000140000000-0x000000014022B000-memory.dmp
memory/1172-74-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3140-76-0x0000000140000000-0x0000000140135000-memory.dmp
memory/3140-71-0x0000000000C90000-0x0000000000CF0000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 33681c2218ee1e7f599353d4a134e966 |
| SHA1 | 22678a0a5b46f7f78b82415e07dc0cdcade0a741 |
| SHA256 | 33f8747b6501902e1dbea47d9f5f2b88bccd1942bb2b8132eec8844f76c20933 |
| SHA512 | b2a344ce46404478012789769eca0d80d59cc04c34058f52f46d425881de8d4254730bb483aafad2ae6e2dbb7aa93623412c73b3b52a6e1ca938e915abac60bc |
memory/2844-80-0x0000000001A50000-0x0000000001AB0000-memory.dmp
memory/2844-79-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/2844-87-0x0000000001A50000-0x0000000001AB0000-memory.dmp
memory/2844-91-0x0000000001A50000-0x0000000001AB0000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 5a45789d41e461f56441cf9363412e5d |
| SHA1 | 6d26ad06bdc590830ee8ce9cd91b34872b66d2a8 |
| SHA256 | c854752fd55f5d2cf9467d9b75e5788d083ebf70537fc2ef6d6b1a191e2be018 |
| SHA512 | d53ef9c25967a957ac0c3d8062678965070fe6a2148e10736c55ac24c2d67ef7b6e373dedcc046e5f98362216a3f9079a0f34e0b71e36d285d7ab498bb1b143e |
memory/4276-95-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/3672-96-0x00000000007B0000-0x0000000000810000-memory.dmp
memory/2844-94-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/3672-98-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/3672-105-0x00000000007B0000-0x0000000000810000-memory.dmp
memory/2992-261-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/2356-266-0x0000000140000000-0x0000000140237000-memory.dmp
memory/1172-267-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3672-270-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 51f55861006498d7fa5273fa312bff58 |
| SHA1 | c6e43134e0223599f71218a736ca07b8636fa3ec |
| SHA256 | f64501211ba45188a3749c386daba15d32456c89126e7af6d9e497eb2cca018a |
| SHA512 | b928c241a7855b20d8a45bf71c14db8cd5ebdf97416c1ba3011b48fdf983fe9ed21fb31499ef683daa5bc7fc1da95c479a3964dfa8f41d6d369eda6b3a0c60cd |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 8870781810ddb9133474bbf844a14e06 |
| SHA1 | 23591b1b821f9ebb3faccaf0ec0d60dbae0874f2 |
| SHA256 | 2c17d6b2ccfdb5946de70bd85510051456ac571f52077921d57bf23ced5d33d8 |
| SHA512 | de15770d167a9ed0c57ba0c4039c679ea7b619b025e5290fd8b270c058b9c6aab0a0d7a5bbcecd81b503846c7dddcedba359e0516a43684aa6d88f95b0bfdc9e |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | 07ec42fb68ed76e7b0e13388b716db60 |
| SHA1 | f87a90a5e825791036c8d6b2834874fb75d21c4c |
| SHA256 | e1698a87a9f658120eee8bcfe7776dc5a8375fa4d32b6c2edf8de40870d714cc |
| SHA512 | 2c875a0aa5808e071d407521ac80200bfd5c0cfec6fc806fe7a6beee07f2801fda491cbd1db52f80c89cdcddde809a0d0d2b0c0f8a2eb4e158dfbce3e97fb0d8 |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | f41dfeab7d0a0c533e239b7e2a7ea885 |
| SHA1 | 0de2ab9a502172a20905782a4d2f76b39a618174 |
| SHA256 | 1bd442a66c23413277e5fcb47a5209f4bc23aeab1913601ae44180fce113002b |
| SHA512 | e67344c75c4815b8f5f52b906bd435ea0441ee7c89cab87d83b6511856c42d122ac6b7b684a5672f4db1afd557693192a2a6a3fd42c086822b53c0350b30bbb0 |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | 6c9eb7dca86da6fb79d90d795170c7d6 |
| SHA1 | b65d359efa7eb00a2f40b3aab0586801096a2666 |
| SHA256 | 9b811d5f188632a506e3d9be14fa654b5c5ada0bb6eb29e8361f089b7ceec5c4 |
| SHA512 | ad66c2a68d24b4ad0000d90dc82b1e7de7c80bbec8683cc4dee26efa742d04d3f3fb2e0276e4f84a306db949c07e339e299c9badd9f3363ccf4a494c2abe9fdd |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | d7097cadcaa11c923e928dcc536ab849 |
| SHA1 | f20b57ffbbaa220ce6cfa44420f0b903da60258e |
| SHA256 | 077ed31684020a887705a2ff6af0f3b074618d8b212e3aa2256f864db11e2f4e |
| SHA512 | 4a1ab772def592021c7741a6c29c157c00e6c4c085af36f09cc9a2bd35c13e41f86e18ca04a5687f9c155213f6a5a318ea818e4c9878ba03b590ab7d745a6198 |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | 1b5025700e792348a6d870e20d86cae7 |
| SHA1 | c6888d3dd1bae03712ccccab9feaf8ac25b2967d |
| SHA256 | 807209d039d4cbd8e9aa0bbbc64f9597a89b43af299490d058df9966fab07083 |
| SHA512 | 6ee0578d78539b772cd5fb360b0b680901243e3f8e50ed29794ee2efabece11065419fc99ac45905d0d839aa79a0121a10f865d524c50dfb69eb88e0397e6b3f |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | 44eb2950877e8c2b404d2933bc4ab847 |
| SHA1 | cb50525683c1d3f5d1e58f9bff35f33791a5e4b9 |
| SHA256 | 79a94af2d0b7ea6178a12af07e557498ae42c9adc986a539356f5e98e90dfe42 |
| SHA512 | b9fce05f1b11dcc977fee35b7dd8fe8a4a07dc80674c009fea83ea23766dfd361c2c11303f1010385b14fd952e1f8a00b0fb3a805ad4e30ca6bafb573445176a |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | 18c31176225061a4f11e8055ad1d898c |
| SHA1 | 8a6a363836b73cf9f05e36129cd7bcfa811bfc9e |
| SHA256 | 1578b9417904516109cb81c8d95d7eb4aef6cf81115087e7ce9bd2cbe982f8a8 |
| SHA512 | 6ef4f986d6eadfe4c271797939c2f186c74d90a474f9424365054d5acd141a04a3e01ffb661d9e3e93cc3e69ff4a71ba72f27befb113efe3c0f4a59dce169372 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | 1874923bf4a570c167962f3caf636c29 |
| SHA1 | 5f7575ce4ed8f131a759e5222b5e186112d0458f |
| SHA256 | b63839c62a61363cd89198d56e290aa3065946d847feaa139fe8ecd74f3b7441 |
| SHA512 | 818ab2dea1d2cf8c352050a425b9facd3deb0ded4d9002086946f84727091ec4eb1f5a34c8d889e905110f0a397628d2940e9fa563f7f9a1b0d4428e1c7c6230 |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | 29920b6e4e502215deb7e165d6339398 |
| SHA1 | 83dbc6563875ebbc4c14f75edf307b953648426a |
| SHA256 | 6931bd285f7833cb9db6b9b439fb253ae955205e52c6548c58aeaa6a1bcedd80 |
| SHA512 | 062d96e72d1fb53e9d9652715495cec61ddac44d7392f238a3febc5321e7a668c6a10e8f632cb639b628389262c2a204def5ab208fdc81aa0257081ecdd0e190 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | efcecb2d1307c1c34e1295c719219bfb |
| SHA1 | 62d1bff7a9cde1fe5c94bd21891d4b41cfcbec91 |
| SHA256 | 17b654033c9699964c2fe4e3b0cd27c5203c7f976731278cc228402fb3d8ea5c |
| SHA512 | 80c6564c22fc27f29954a3b602df242969387cba2a45069aac4a337303c8193bb3f0efeb323e10473ee4f326579d1dbc7885721e631bab215c09e50d12364ee9 |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | 5074521ca2f251bc6b4f4b1e8e0ffa25 |
| SHA1 | 0dfa0e97f62114706b4bd271983ddc88eb457ad1 |
| SHA256 | 709aff7c809952ff56b2117813a6dde45b5890235c4f5adbb5f1037f6cae3057 |
| SHA512 | 5905e7d78472ea272570e66c89b1589f84d198182e6757e6ba2f98a1f2bbd55a621f1aa1dd4d0fc8c6c67bc7d884a9922169cf6046cec11ca520d0fa5a2c59aa |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | cb639e0158b5c66cd9912afaa1bf5a14 |
| SHA1 | 0f85e25e60508d4717db62362591d5bb951fa7f7 |
| SHA256 | af5e1653ca05c324577be89afdd67e663e3facc92eb90d221e9bfa256b3eacfa |
| SHA512 | f8d2a66f8373cb11cf742e9dbb2e298f02c9a8089c62cdf88475c98a4eb38c01ad6de60624d54ba011830f4d47e2ca9f55be25a8bf9f42d52fda3e0f479ea849 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | bebe3b71c28cf1eaef5ff548dd2f1005 |
| SHA1 | b83f0d1ec63dd6c110e142fb8736ba84738f3cea |
| SHA256 | 487480b239aa33ba2f2fa332e9b578f0b6ab65b750f421ea081df4470e48475f |
| SHA512 | 7e87cc85b8b89d8cb69b8e9540fea54cc816fb7e9d6c913b9b0a8cc07156c64fb295e4bee07be734f08f1291e5efed80f3720cd3c3df187c62404036f9cb5e8d |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | 4ac3bff9084c5435d7a910e514db7982 |
| SHA1 | db9efc92d7b4cd29178da38d63f28c460486df90 |
| SHA256 | ab22b09cdb24d03a16667d79887c2be97bf5fb2918516309a0fde9e19c3efe8b |
| SHA512 | 6935762dd96355246db7ac41d6243f80456606f7a3dd80c488fb49ad321281ac958c973642883592afeaa8d74da5c2f197a63372f61160e1f950f2be60f6478a |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | 2bf84a307704aca6c7ddd6c3e10b2117 |
| SHA1 | 084e7c031b29b01ca3c96b50be82997a59339147 |
| SHA256 | 1eb24fda47a039131d0925726a7721807fa6cbf8ab55295b5066b61ec85bd6e1 |
| SHA512 | 180a3a3311510532bf5dc7d382ae9882092189ccf0ce5d416554fee90e472681da6f9693c5595b7e431b7f51ae3e0dde00bf80731e069c66c5b035e9395ca16f |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 47f4e5917242913adec4a0e3d4a8ba97 |
| SHA1 | 762b442f54621ec1ac8e2f740c1c39c4bf17b6de |
| SHA256 | b20d49b85aa3c720f9a01cf2715af2957c208b611081c77ad5c4b8eac31bc4ab |
| SHA512 | 4fb60e5886a40239cfdb8fa531ec95d51869048808b1a3ef36d37267bb7f1404310fe3a92b768800141b668f3ccc295651a348b51e2f3d8ad35f4b682aabefb9 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 206642d2d664a0a02a765d8ccb1eaa09 |
| SHA1 | 0d31e5a085762c1076fc7a0031368a55bde3965f |
| SHA256 | 53471fcb20834ce9e7e5a946c4c47a79655cbf076f530323942843d189a865e6 |
| SHA512 | 096bdffe0091cc42f2823220cd3c4a36097d7a9938611347c121545eeea63bcd8e9486a91ee0abcca6ed6703933e26f8b4cfe18e28662eafddad6203e551e28e |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 6cab9b3bcf6ba20f797a4c2da88e58b5 |
| SHA1 | 921377a469a049acc3413c779dda26c000ed1340 |
| SHA256 | 620c079e152d8d1a0e70eea52aebf57c131204dc8fad4099bdaa016e498bf4e0 |
| SHA512 | d9de90513e2585b67dbe2a0a7819bfbf08fc330f29c18fabf31a9e25a40e05c717e8f59886b69da4d5a7eeef4042654072aa5d7d8284f0b835d5286b706325ff |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 3d43d4148dbea3720e51deb219c5b1ee |
| SHA1 | abbaf1960cf2447c795fadde05638c15c0f519a1 |
| SHA256 | 706293e59d6368e6ece95a8dd07e0f04c520f0799798e781ec05e8e223ce938f |
| SHA512 | 1194efb1b8f060da43ea4b599f0c618a4e1c062ba9289b55d0a56c2367011ed1432cd59573f53c359907242806cffba41f287b5bf962c06d22526791e69b46a9 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | b545649411b2a5786d81ea6aba474bc3 |
| SHA1 | 79b55731aaf5b39dba82cecf077ed3e21544dd66 |
| SHA256 | e67578b2f0b0e73c98e7f252f95f16831fb1026832604134c50561975ef01707 |
| SHA512 | 39f78149d12d7e4bc17b0897d4956f19eb5f54784d496d0e431adca5da0bec68335590f67b8b4283e0345cecdda8d399accb1588b825b345e0c01a6dc1c33467 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 02fce848b2642c3a35dca20626bcd017 |
| SHA1 | ee5d3a241b59ee5707f705b78a8254fbfc22d52f |
| SHA256 | 7f88efab8fbe11941f9e23e31f259a2508d6694ab10a9929bf2e667262d6d534 |
| SHA512 | 26f2dc102af4c8ba2cded5ffc61d4838d8628b93d7fe1d39128516b1b46f34a689c500c28c56b83c7942572aef8ef7fda4ff7c1e99e9055c94c2cbaa07d83843 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 76fb479b42c20e17bcadf97bdb571c1b |
| SHA1 | ba8edf6e0f03598963beb73bfc3774ade7ca6a6b |
| SHA256 | 11890325e37460164bca185ecfe70bb96dd615fdb52d15fbc756d7b5a4021aa4 |
| SHA512 | a7bbd4c5fb7e863891b5f751dfe155bb7b3077524d774addddae5a71686f2d49648536eb253e261adbb398c6e6d403a31ef821771f14b279376cb24401eaeec4 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 9f3098ab73c7deb6ac156427962d677d |
| SHA1 | 1fc1030aea3a22c20c35094ea67b0cd669f35af1 |
| SHA256 | ea8dc268ea36bbdc2205870104ee2201be5de7db68cfa8872a4fafbc0907fbd7 |
| SHA512 | db8f8b5af420403c12752a8f05c8f0c34f721865be859cd72749901927945ed6a5105e5cffb7a27039fd269502cc1eb5b79cb781033e502c1e356a45815c76e3 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 19e4b46e80ed4a3f0b4b809263367af7 |
| SHA1 | 8259f6848213ccd1a4ca476844a19469c98e1fcc |
| SHA256 | 49e53124585368d9077b1b87ae8a7b8a965c8425109c59e9344cdbf563f60563 |
| SHA512 | f33f93a31dd66469a0e1df334706b0f74d46228e932b17b1ccd1290e4723a5c584ab2725791f26bd6c716e2bb5071c90e761c3d2e021922d16b18c33782349b9 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 3e34fd09e394a1fa334bebdca25b025a |
| SHA1 | 2b1b5845e2020c1d44e883d07196740173c533bb |
| SHA256 | 6b720865251653b66ad0f56b47b939f5558e4732304d586302ca40aed2b6e1ed |
| SHA512 | a5ec845a13556a46632ec064d46bcb46272ea4e9fdd7906f36efedc86d5f1c849cce6ac7c7081838311e9df3affc6d866abdf917c51ef3d3c4af31f7b3310332 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 854ffd420cafea931cc945fb3744ab4b |
| SHA1 | e02cdeea01d29e79929107700b14578b942eaf10 |
| SHA256 | a0f7938401acc3ecbe0446dec4ab23d4735c472536c43c41560151e023b49d9a |
| SHA512 | 53ddca6abe99a5a983e492d509c5a4a1352aaff918c989418e391fd087158f039f92bbf1ea0165ad647e61552bf1e9afa582a0547d17a682be2dac5873ab5729 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | e6f8954c8bf37d84b8ae2759d8a473fc |
| SHA1 | a3ee8553a7d10d7c7d87dd2d70d286539d5a154a |
| SHA256 | ecdb7eedd1ea30750194d0d130f95f28585e5ee72b38772da331ff15ebb6e104 |
| SHA512 | 31ce1a8e520c170da010dc0723abd42fc5e8329c6ec3c7033d6acd226470ef4f8e01ccce46b130bdc99382e88e599b3616aa5a3940cfe616ffb9dd8806825eb3 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 319caef3a4e63a964cee1b19ff118623 |
| SHA1 | 64960050c80f6c4218f84c3c9fea599e8df1ebec |
| SHA256 | 51d308e519baaa4ef1b9017674bd5e77465e33870ae3124540ea0ccfbda947e4 |
| SHA512 | 7d4d132b696090ca9f04f38873814b01e861d653dc685472030ec582c1b01e5bf2bd1092aea9cfb24ca7621b98ae543a5f018cce857a9b625134cead8a3ca2f8 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 99b6a7e1c6b860c8536ef26f1bcb28a2 |
| SHA1 | 5857c2a7b02e04d4da898883d36d14a323b18ab0 |
| SHA256 | 16b68ca145b3e12e4faaed0bcc3e657c643dde55dd01abc1e8a462c60bb9766c |
| SHA512 | e9b88d0314f37dcc40da7b4e566a6e634eb0759d73a8adc06901ec28038da567f4e25cfd9dd39becf46304f5fe2c5374922e63ec5b3069f8f7d553fdd29e41d5 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | f856a50278c66a503945884d9fdaf120 |
| SHA1 | 648a0293515cbc0b9d1e5bf3a7488f1ef90f3bed |
| SHA256 | 5ec366c446481a9df697ff22827cb8c7a5ae226f313f8616fc8b942d363e79c5 |
| SHA512 | 085412b1ea61629d2765ae3ea83ac61867e03e4b7626ae4523bcd8f525569f56123772649ab760fa18890523ae8a453fec2ace5d2b2d77328cbeca90635593f3 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | e530fc92b2e44f6216db5554938b71fc |
| SHA1 | 62e161995fef1247d063fc9c6b4aefacd899f517 |
| SHA256 | eb547ab7b6cc712494c1a67df75ee7b31248e8b98157e600f72249206ca20ff2 |
| SHA512 | d30dc240622a0e83a62f8449a1280b8788192d054aac250be2e583df0f44d4ddfccc5eab984325b097baa2e6457d7246d088a4217d9d3c115ea91c1b182a56ae |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 3aa9dd20cad401ddab7dc40bc40478eb |
| SHA1 | 7fb39bda8087967861b6b5c8ab21cb0a285936b7 |
| SHA256 | be83baef77e15c1f90222a71c6fa5a56c39d2c88304edb8610f91eb9d6d8791d |
| SHA512 | 7bbc121df2475474be82cd33e9dda5789e76a0b78b21154e4b97253df19edd9b0b8358f8321f23a55e11636dc1bd2857cca467f657971d00bda52e62ad7da80e |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 634701de051b5cf9c0f3fa9c1cb85a3d |
| SHA1 | 02fa68b388a3257a02eccf99f7051c78b7d6ce07 |
| SHA256 | 4d5303936c8c3cf3cabaff9d2e027d6f97d00ecab08cf1dffec5cd5d66d811de |
| SHA512 | 735f257c3ad11eae7fca1ef807797a11154660f9f39e141b3c610651c625cb7eba22b9ef33b2932eb55976a6495f24ba21f2f35b68eb6f56c1f0d8378af9b30b |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 3f84583e88dae169cc837786f0894a75 |
| SHA1 | db6983217116563dca26ff188d66389e57463430 |
| SHA256 | 40fb696a6b038592576dd384c061d15cfc6ac35347600a8d2c566488d0ba9f4a |
| SHA512 | 80782b6fd72a06b6b3c044949706ac6d8e8a9e83c0b03ee22fa5569a03ebe6314d60edada932431f50c13b1b4c2c254958b26da3264d5e5b463b8ba1d7eaf384 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 468c33c8f2dca7cc9718c033921525de |
| SHA1 | 43cd006ed93b057e2b22739057bb76a032ca6b44 |
| SHA256 | 14afb750f072299800e9471df2ea0b203cad2a2cc03ee64300aeccecd90f92a9 |
| SHA512 | 0da99616cb46cf13639c80d883802d178c8262ff57115d5e0bab9bab4db556a6838394788d186ff4d824e8776939c626ebc32690dce22a2c5e769d2fbcedc270 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 9f39ca087472f02ae006b607c83bc4bd |
| SHA1 | b4c9807d45b20c50ba7e12de2c42e294df792c53 |
| SHA256 | bf32acad8995a185ddbde61c886cdcdf8b745793fd8135e6eda080e4b056a91d |
| SHA512 | c65eb252171577261370a2ab017e81cb5fcdf3f65615c653d3366ed5ab62758f39864c3a452bf5c40f7ce2225b7ea1301f0a20338aca96aa29838ece43af5048 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 3bdb0722b2914385a06f305b79bc1c1a |
| SHA1 | d2e6e0d2bd047affab340511c8408bd5a80c7a83 |
| SHA256 | 2e63bbbc3ea8d4b4b3b710c5f078d20813619cb03917bfb11c47ab32ec6f0ff7 |
| SHA512 | bf8aa12ee3ec8b1f2a74133031cf75f9187a8896586ca9b22f2aa3a4f677942428826753cebebb207fcc88e204dbf9a9a1ce618cf0548f4fa842d1ff7ba1b030 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 1567951e35636b6cf6fca741fee2fb33 |
| SHA1 | 31973cef00ada0fae1656ddbf45b41ca7e0f6863 |
| SHA256 | 72402556b43bfb4392a4a874ad477aa2968b7fae3f23dae208ae6679f41d039d |
| SHA512 | 0b5b81e70a81a7767cdf3985f82b692ecb801c9c5c0a9fdc84f89e235fc053d40807ebc5d8ed46a8644868880efcb43d075d97a2a6bf4ade576c4d125d5cfcbf |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 0cf701153cd74feeff1f8b1d74616a8f |
| SHA1 | f69a83e814b06176b2db42f40830e74af3cfdd57 |
| SHA256 | 0b89fdd8b0879ae4d23aff89649f811f5399a5e7b7849e819e56d8c90753d114 |
| SHA512 | 110e8c6cd453afa5b2757dc8599821f66aca456d81c0d98d90972f3343649ee6dd40c4a74179f8c55a89b12dbcea2c7b0506fdb010b8443c41828c30047638c9 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | d3ec75017effb7551f41a494712c1046 |
| SHA1 | 601909fa3676e4ad6a99b080624bfb8dfd52b5d4 |
| SHA256 | 8d87b95ee771b2af706e78c03e40d41bb556f31c2622f186bc900ef8de56a9c7 |
| SHA512 | e441f022f9b6c612b6e7a30c8fd7be81b1643e76855a9172e3ec4716cd061c64ff4729a4062bdd558248280a7feb91849e62f3f55ecce28f853ba88019c40fa7 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | 866db800f7e04b81b336094d793339b7 |
| SHA1 | 5bb6605db1a34368421c670b6a60a9c794879967 |
| SHA256 | 37ed2f71f27bd57064f3a7bb734cc39be3db94837acca57fd12bc8a8163459a8 |
| SHA512 | 3f02661bf0bc9e19b18bfcfff507f2f8d1ab7112f26e9d4a57240bb5055086adbab898f02d547f069f2bcf561b73f31535745b38a0c44ec6870a3b92082264af |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 0af186bbac859a0383ff477a11078bf9 |
| SHA1 | 7d3d6bc266731e1b6ea7b17047e0b0a8487eb85a |
| SHA256 | 7112ccb30b7511782fa5fa726383d630765de7dec3e18c8009775b49778ea6d3 |
| SHA512 | 51f612b87e5f395bdb8bf2b4ec79a33835608d4f16c600c0679c872b6d00d051bd244fb316001e3359a092838dd71490eceddc6015f1554237669754c0a92a22 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 58442362cb8ede57ce6a0ddda1a44d61 |
| SHA1 | d3d9f3e622ef11c72e100fed11fbb4b9bd711288 |
| SHA256 | 9f2f775488c6a92a67ae7e106858e8adb2e1566ceeacb64e4ad13f7dd4968c7d |
| SHA512 | 30a9968bf1115d3e319b89dff73d110c407d33dcb3d8553bee8e01fe356d3f556cdd9d5d4feb2c4ed8c21bbbec8e7e3e4c5b697d514f5fc48fa5ddc8e801bb9f |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 5219094b36f2b9a6c88246a0267f8a38 |
| SHA1 | ae23e685a6740d85f4cf755ec57c744460c9ae8f |
| SHA256 | c18405dbe4161ce9b1178ddc45ceecb4f09c53f10a0500c66e2046dc3761f404 |
| SHA512 | 73bbf0446f8401a8e79c58555ed00fc7c3c385013f5f48231684fc4448fd1934c3eee3b19a385c8b2eb948b4dcd72c62a2d66296871c7ac363f7e6d95f7629cf |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 38900a63bb622f793ab6d661e670a54a |
| SHA1 | 79b5b3fa4e973ed6d2fd19c71208d45cf9b22f8b |
| SHA256 | 62a70c92beafd4be3bbcbcd7cdec40b4c0b55f894de3c5acd7344bf53ef8aeb3 |
| SHA512 | f4c109f0e4e172b9f8dbc55e00857e177ac1df3bf828684cd71b3bd35e9fe1e6d94f56f5b4292bdbb0a3ad50803745957c8c2056cd7fa53c75d87c7657a9b3b2 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 2023f1cb17a750dc593b1735fa9051f2 |
| SHA1 | 3f589792b111552baa2e9f046f40faae7d032b06 |
| SHA256 | d8b590db6d63fbf88dab01c366c74fcdf7c9ebf37b366f1d53a2f312c5dfbc7e |
| SHA512 | 92539445a546fc25adfbde2a1567a8bc4d17e3d87d5c323f19a2fd92d73822d77ce729576bc9e53c70951a36f35afd5d51b2f5996c2f273e97fd3af1792c7d0a |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 36c54a7eea2ba08a867abef463aa0939 |
| SHA1 | efedc8ffd2d6b45d7d163fcf203a9209df9c1b3d |
| SHA256 | 887fd32fe26c7ad6ec967af15f37f1c0b1d22b64f4d024be3e4196f5cb6df384 |
| SHA512 | 001cbc8194f14d542d8a3dacc8df3951307caae5b2457ef0bfeae329c11fbc0eb0991633aa09a164bc96438376ca3bc19d94278297b5e52bf3a12e60d7fdeb45 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 220ad72ccf254eacf00374a1e50ec62e |
| SHA1 | 9f1bfb40d39dfc5676839d3aa8790a96de7b30d4 |
| SHA256 | 5579be205149e414c6855d55bb12e5221e0496a23e3afff6213292fed2ebad18 |
| SHA512 | d488211dc3af40bdb9fe504e6409064ac7c1b60ad915d05515badf04d5478652b96328167e6b3cc542b03af4ab2a94ac5966438ad0af1616fef9086f044fc2eb |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 419511333195e59de6af35b369b794d3 |
| SHA1 | 7a113f912bed86e4aaab7a3a51b0ca316d4f73f5 |
| SHA256 | ea275ba9c018394afea541823520791fbcce0b7153b84e66ef7af44d42f121e3 |
| SHA512 | 7f592c7e8518decb1be0987ecb25a7df3e8217184f5459bae5511967e532966ac9090c8b7a8a4cb14cbb14e268a27c66e21934057fa8499129d0c9ffdb669ded |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 201b5d4f157efe66b80cc0ca12dd3907 |
| SHA1 | ae53d006e355cd1942642c55a980d0d30e5b00f8 |
| SHA256 | 70a8bd682230d3aa224f0be82c07204c35179a500078270a889885d19e52299e |
| SHA512 | 33645c915ea88efff71511b8148e88a2c7de031535028a3df9a323d8bf5141778517d2fcd1160a8c9f38795717f0ad742b192dccaccc637510e83d6678ce308e |
C:\Program Files\7-Zip\7z.exe
| MD5 | 6b0e42fcbe7c80ac95b5911f002f0b12 |
| SHA1 | b0572681bd986c3a9b70f7619d12edf3221b058a |
| SHA256 | 78d491b8530912e3912bc3776838ac17b769865976fe0cea69e49afc37a2635e |
| SHA512 | 8eb52ce8a96cb903de70b1e412a6597c0bfcd1e2816764d1c93576467a24165a8d4a7b363194009aa0018a4948c4e12050be1cbfcb1ff3e94fdab8818d1b63ae |
C:\odt\office2016setup.exe
| MD5 | 47fb3f79c31e494f1297ac6f85afcedc |
| SHA1 | 3cb3fdfc67c950436ecf701d6ea53931682210f3 |
| SHA256 | 2134d445669a1812a7817701825bcbdf9b90e0dbe9fb54f78818fbd6dfb8f762 |
| SHA512 | b99cbcde5b11742a5dc842c257f0246dfa4489bc866c5868199155a26bde6fc9990fd9fc9b482af5d396b2ece191f4c36eb4601cacfeeb6dcc77d539f8918931 |