Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-xexmpshg63
Target 2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk
SHA256 d2b16a3d9c397093996e7b27178aabc6aaddc19719907553925aee99ca980047
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d2b16a3d9c397093996e7b27178aabc6aaddc19719907553925aee99ca980047

Threat Level: Shows suspicious behavior

The file 2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:46

Reported

2024-04-03 18:49

Platform

win7-20240220-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe"

Network

N/A

Files

memory/1620-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:46

Reported

2024-04-03 18:49

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\41c1e984205991d4.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{AFF521F6-AE33-4DA9-91C8-593A92655606}\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\System32\alg.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-03_0ede74f61d6ae0c13f77b8669835fa87_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 34.143.166.163:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 uaafd.biz udp
NL 35.204.181.10:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
ID 34.128.82.12:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
NL 34.91.32.224:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 34.29.71.138:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 34.174.206.7:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 34.94.245.237:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
ID 34.128.82.12:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 34.67.9.172:80 reczwga.biz tcp
US 8.8.8.8:53 237.245.94.34.in-addr.arpa udp
US 8.8.8.8:53 bghjpy.biz udp
US 34.168.225.46:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 8.8.8.8:53 ocsvqjg.biz udp
NL 35.204.181.10:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp

Files

memory/4824-1-0x0000000140000000-0x0000000140248000-memory.dmp

memory/4824-0-0x0000000000540000-0x00000000005A0000-memory.dmp

memory/4824-8-0x0000000000540000-0x00000000005A0000-memory.dmp

C:\Windows\System32\alg.exe

MD5 a7acea78df83e5b91b6b8662d46a9923
SHA1 48af63441ae5ca29913f8f64c8f955a73fad0711
SHA256 af73bd7005edd4de84bc9419ac4d158cff9854cc39716dfe3de78204a74754d9
SHA512 3087c9a8b14cc9de07fb0683e5cdea1df6c41f92618a7b5c9df8a99cda09b31b9af6cdf8b4f7c187ca2f4a8f405bd22b5e99bc6f53ab22b9250693ca65efab53

memory/4276-13-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/4276-14-0x0000000000690000-0x00000000006F0000-memory.dmp

memory/4276-20-0x0000000000690000-0x00000000006F0000-memory.dmp

memory/4276-21-0x0000000000690000-0x00000000006F0000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 db76a9c5b7ebe14325848fe015ca851f
SHA1 a92e3648ccd95183c62e0267ec1fc8a465a9f1db
SHA256 5b5f5b34c12c3a76b40c75358895a50f150d5e2774388263b1997e50ae9d1b93
SHA512 7e1c9c20a06f45933e532c4606e5795031bc74246f746d495bd6ade1c3ee998aaf858407f9a8fcc31e7ad4f1dbae32b18a2dfd1f1144632b5b22b337f64efd26

memory/2992-28-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/2992-27-0x0000000000710000-0x0000000000770000-memory.dmp

memory/2992-35-0x0000000000710000-0x0000000000770000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 5654c993c80f23c0aef14ea804b37c78
SHA1 adef81dd5671aa46e7752d61757ae70176b7bd1e
SHA256 09b34528b685b63e82cac38a011cb6e84a0e83ce0d6b6edf3d06d3e8eb4ef117
SHA512 288253cc4af7e6ce27bed6561bff4f001766097c736bc8a7ab3622c312ab3e9925e2015297505c4d51c89bf365b5a136b514475459eff64638adc84678b5dbb0

memory/4824-41-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 10802b5df43eeb8a08b01531fbbf380e
SHA1 40b84ecb83819dd066d59ac0a5b86373c5996a54
SHA256 be343d7207f541f286777a4e40c2e8972de3cdf68c92b43898f87a3e3d367176
SHA512 043b1ef6a7fd70e004cc285b0836dc42f5d34caccdc0cc656127767af149ae6f43f1a51a7edc13d18a249b0d8ceb2b13bf22dcc5db00118a8331303276131b66

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 f7366b6d9c35da7c6c2ff8c0e5f0f59b
SHA1 36cd2af0f2159f91e9515b571c38f13e2a4ce898
SHA256 0d9a40e00463b2775a2c5ea8be0a5192c2520c1244274271b5d5c87a3ab058d7
SHA512 b59fda78c52994fcfb8edf76a7aaeb173986e43ab38585fd50a32e07ea619153cc3a1e02a677144c8d4a57c1c0ec5a9cdddb0e0168e26432d0c43869c7561085

memory/3140-47-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3140-46-0x0000000000C90000-0x0000000000CF0000-memory.dmp

memory/2356-45-0x0000000000510000-0x0000000000570000-memory.dmp

memory/2356-50-0x0000000140000000-0x0000000140237000-memory.dmp

memory/2356-59-0x0000000000510000-0x0000000000570000-memory.dmp

memory/3140-60-0x0000000000C90000-0x0000000000CF0000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 bbeb5e441b13c6e4954c8b625658b09c
SHA1 dedbbcbb3f9ad9c99a5b88a0fcc04364fe38ec06
SHA256 139eb1234c708e4f94a34fc309dc60fc6f41d9c1245a97367f8e4bf03fa7c23e
SHA512 d48b440886892a73dc648dcaff53e15097ed176029fe2a62d92cc6f4a15883db065e56357013c24e830c31d2180888fe3ef6d9f90d3d65ac574322013e084ee2

memory/1172-65-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1172-67-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1172-74-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/3140-76-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3140-71-0x0000000000C90000-0x0000000000CF0000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 33681c2218ee1e7f599353d4a134e966
SHA1 22678a0a5b46f7f78b82415e07dc0cdcade0a741
SHA256 33f8747b6501902e1dbea47d9f5f2b88bccd1942bb2b8132eec8844f76c20933
SHA512 b2a344ce46404478012789769eca0d80d59cc04c34058f52f46d425881de8d4254730bb483aafad2ae6e2dbb7aa93623412c73b3b52a6e1ca938e915abac60bc

memory/2844-80-0x0000000001A50000-0x0000000001AB0000-memory.dmp

memory/2844-79-0x0000000140000000-0x00000001400CA000-memory.dmp

memory/2844-87-0x0000000001A50000-0x0000000001AB0000-memory.dmp

memory/2844-91-0x0000000001A50000-0x0000000001AB0000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 5a45789d41e461f56441cf9363412e5d
SHA1 6d26ad06bdc590830ee8ce9cd91b34872b66d2a8
SHA256 c854752fd55f5d2cf9467d9b75e5788d083ebf70537fc2ef6d6b1a191e2be018
SHA512 d53ef9c25967a957ac0c3d8062678965070fe6a2148e10736c55ac24c2d67ef7b6e373dedcc046e5f98362216a3f9079a0f34e0b71e36d285d7ab498bb1b143e

memory/4276-95-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/3672-96-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/2844-94-0x0000000140000000-0x00000001400CA000-memory.dmp

memory/3672-98-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/3672-105-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/2992-261-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/2356-266-0x0000000140000000-0x0000000140237000-memory.dmp

memory/1172-267-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3672-270-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 51f55861006498d7fa5273fa312bff58
SHA1 c6e43134e0223599f71218a736ca07b8636fa3ec
SHA256 f64501211ba45188a3749c386daba15d32456c89126e7af6d9e497eb2cca018a
SHA512 b928c241a7855b20d8a45bf71c14db8cd5ebdf97416c1ba3011b48fdf983fe9ed21fb31499ef683daa5bc7fc1da95c479a3964dfa8f41d6d369eda6b3a0c60cd

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 8870781810ddb9133474bbf844a14e06
SHA1 23591b1b821f9ebb3faccaf0ec0d60dbae0874f2
SHA256 2c17d6b2ccfdb5946de70bd85510051456ac571f52077921d57bf23ced5d33d8
SHA512 de15770d167a9ed0c57ba0c4039c679ea7b619b025e5290fd8b270c058b9c6aab0a0d7a5bbcecd81b503846c7dddcedba359e0516a43684aa6d88f95b0bfdc9e

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 07ec42fb68ed76e7b0e13388b716db60
SHA1 f87a90a5e825791036c8d6b2834874fb75d21c4c
SHA256 e1698a87a9f658120eee8bcfe7776dc5a8375fa4d32b6c2edf8de40870d714cc
SHA512 2c875a0aa5808e071d407521ac80200bfd5c0cfec6fc806fe7a6beee07f2801fda491cbd1db52f80c89cdcddde809a0d0d2b0c0f8a2eb4e158dfbce3e97fb0d8

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 f41dfeab7d0a0c533e239b7e2a7ea885
SHA1 0de2ab9a502172a20905782a4d2f76b39a618174
SHA256 1bd442a66c23413277e5fcb47a5209f4bc23aeab1913601ae44180fce113002b
SHA512 e67344c75c4815b8f5f52b906bd435ea0441ee7c89cab87d83b6511856c42d122ac6b7b684a5672f4db1afd557693192a2a6a3fd42c086822b53c0350b30bbb0

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 6c9eb7dca86da6fb79d90d795170c7d6
SHA1 b65d359efa7eb00a2f40b3aab0586801096a2666
SHA256 9b811d5f188632a506e3d9be14fa654b5c5ada0bb6eb29e8361f089b7ceec5c4
SHA512 ad66c2a68d24b4ad0000d90dc82b1e7de7c80bbec8683cc4dee26efa742d04d3f3fb2e0276e4f84a306db949c07e339e299c9badd9f3363ccf4a494c2abe9fdd

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 d7097cadcaa11c923e928dcc536ab849
SHA1 f20b57ffbbaa220ce6cfa44420f0b903da60258e
SHA256 077ed31684020a887705a2ff6af0f3b074618d8b212e3aa2256f864db11e2f4e
SHA512 4a1ab772def592021c7741a6c29c157c00e6c4c085af36f09cc9a2bd35c13e41f86e18ca04a5687f9c155213f6a5a318ea818e4c9878ba03b590ab7d745a6198

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 1b5025700e792348a6d870e20d86cae7
SHA1 c6888d3dd1bae03712ccccab9feaf8ac25b2967d
SHA256 807209d039d4cbd8e9aa0bbbc64f9597a89b43af299490d058df9966fab07083
SHA512 6ee0578d78539b772cd5fb360b0b680901243e3f8e50ed29794ee2efabece11065419fc99ac45905d0d839aa79a0121a10f865d524c50dfb69eb88e0397e6b3f

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 44eb2950877e8c2b404d2933bc4ab847
SHA1 cb50525683c1d3f5d1e58f9bff35f33791a5e4b9
SHA256 79a94af2d0b7ea6178a12af07e557498ae42c9adc986a539356f5e98e90dfe42
SHA512 b9fce05f1b11dcc977fee35b7dd8fe8a4a07dc80674c009fea83ea23766dfd361c2c11303f1010385b14fd952e1f8a00b0fb3a805ad4e30ca6bafb573445176a

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 18c31176225061a4f11e8055ad1d898c
SHA1 8a6a363836b73cf9f05e36129cd7bcfa811bfc9e
SHA256 1578b9417904516109cb81c8d95d7eb4aef6cf81115087e7ce9bd2cbe982f8a8
SHA512 6ef4f986d6eadfe4c271797939c2f186c74d90a474f9424365054d5acd141a04a3e01ffb661d9e3e93cc3e69ff4a71ba72f27befb113efe3c0f4a59dce169372

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 1874923bf4a570c167962f3caf636c29
SHA1 5f7575ce4ed8f131a759e5222b5e186112d0458f
SHA256 b63839c62a61363cd89198d56e290aa3065946d847feaa139fe8ecd74f3b7441
SHA512 818ab2dea1d2cf8c352050a425b9facd3deb0ded4d9002086946f84727091ec4eb1f5a34c8d889e905110f0a397628d2940e9fa563f7f9a1b0d4428e1c7c6230

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 29920b6e4e502215deb7e165d6339398
SHA1 83dbc6563875ebbc4c14f75edf307b953648426a
SHA256 6931bd285f7833cb9db6b9b439fb253ae955205e52c6548c58aeaa6a1bcedd80
SHA512 062d96e72d1fb53e9d9652715495cec61ddac44d7392f238a3febc5321e7a668c6a10e8f632cb639b628389262c2a204def5ab208fdc81aa0257081ecdd0e190

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 efcecb2d1307c1c34e1295c719219bfb
SHA1 62d1bff7a9cde1fe5c94bd21891d4b41cfcbec91
SHA256 17b654033c9699964c2fe4e3b0cd27c5203c7f976731278cc228402fb3d8ea5c
SHA512 80c6564c22fc27f29954a3b602df242969387cba2a45069aac4a337303c8193bb3f0efeb323e10473ee4f326579d1dbc7885721e631bab215c09e50d12364ee9

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 5074521ca2f251bc6b4f4b1e8e0ffa25
SHA1 0dfa0e97f62114706b4bd271983ddc88eb457ad1
SHA256 709aff7c809952ff56b2117813a6dde45b5890235c4f5adbb5f1037f6cae3057
SHA512 5905e7d78472ea272570e66c89b1589f84d198182e6757e6ba2f98a1f2bbd55a621f1aa1dd4d0fc8c6c67bc7d884a9922169cf6046cec11ca520d0fa5a2c59aa

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 cb639e0158b5c66cd9912afaa1bf5a14
SHA1 0f85e25e60508d4717db62362591d5bb951fa7f7
SHA256 af5e1653ca05c324577be89afdd67e663e3facc92eb90d221e9bfa256b3eacfa
SHA512 f8d2a66f8373cb11cf742e9dbb2e298f02c9a8089c62cdf88475c98a4eb38c01ad6de60624d54ba011830f4d47e2ca9f55be25a8bf9f42d52fda3e0f479ea849

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 bebe3b71c28cf1eaef5ff548dd2f1005
SHA1 b83f0d1ec63dd6c110e142fb8736ba84738f3cea
SHA256 487480b239aa33ba2f2fa332e9b578f0b6ab65b750f421ea081df4470e48475f
SHA512 7e87cc85b8b89d8cb69b8e9540fea54cc816fb7e9d6c913b9b0a8cc07156c64fb295e4bee07be734f08f1291e5efed80f3720cd3c3df187c62404036f9cb5e8d

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 4ac3bff9084c5435d7a910e514db7982
SHA1 db9efc92d7b4cd29178da38d63f28c460486df90
SHA256 ab22b09cdb24d03a16667d79887c2be97bf5fb2918516309a0fde9e19c3efe8b
SHA512 6935762dd96355246db7ac41d6243f80456606f7a3dd80c488fb49ad321281ac958c973642883592afeaa8d74da5c2f197a63372f61160e1f950f2be60f6478a

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 2bf84a307704aca6c7ddd6c3e10b2117
SHA1 084e7c031b29b01ca3c96b50be82997a59339147
SHA256 1eb24fda47a039131d0925726a7721807fa6cbf8ab55295b5066b61ec85bd6e1
SHA512 180a3a3311510532bf5dc7d382ae9882092189ccf0ce5d416554fee90e472681da6f9693c5595b7e431b7f51ae3e0dde00bf80731e069c66c5b035e9395ca16f

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 47f4e5917242913adec4a0e3d4a8ba97
SHA1 762b442f54621ec1ac8e2f740c1c39c4bf17b6de
SHA256 b20d49b85aa3c720f9a01cf2715af2957c208b611081c77ad5c4b8eac31bc4ab
SHA512 4fb60e5886a40239cfdb8fa531ec95d51869048808b1a3ef36d37267bb7f1404310fe3a92b768800141b668f3ccc295651a348b51e2f3d8ad35f4b682aabefb9

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 206642d2d664a0a02a765d8ccb1eaa09
SHA1 0d31e5a085762c1076fc7a0031368a55bde3965f
SHA256 53471fcb20834ce9e7e5a946c4c47a79655cbf076f530323942843d189a865e6
SHA512 096bdffe0091cc42f2823220cd3c4a36097d7a9938611347c121545eeea63bcd8e9486a91ee0abcca6ed6703933e26f8b4cfe18e28662eafddad6203e551e28e

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 6cab9b3bcf6ba20f797a4c2da88e58b5
SHA1 921377a469a049acc3413c779dda26c000ed1340
SHA256 620c079e152d8d1a0e70eea52aebf57c131204dc8fad4099bdaa016e498bf4e0
SHA512 d9de90513e2585b67dbe2a0a7819bfbf08fc330f29c18fabf31a9e25a40e05c717e8f59886b69da4d5a7eeef4042654072aa5d7d8284f0b835d5286b706325ff

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 3d43d4148dbea3720e51deb219c5b1ee
SHA1 abbaf1960cf2447c795fadde05638c15c0f519a1
SHA256 706293e59d6368e6ece95a8dd07e0f04c520f0799798e781ec05e8e223ce938f
SHA512 1194efb1b8f060da43ea4b599f0c618a4e1c062ba9289b55d0a56c2367011ed1432cd59573f53c359907242806cffba41f287b5bf962c06d22526791e69b46a9

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 b545649411b2a5786d81ea6aba474bc3
SHA1 79b55731aaf5b39dba82cecf077ed3e21544dd66
SHA256 e67578b2f0b0e73c98e7f252f95f16831fb1026832604134c50561975ef01707
SHA512 39f78149d12d7e4bc17b0897d4956f19eb5f54784d496d0e431adca5da0bec68335590f67b8b4283e0345cecdda8d399accb1588b825b345e0c01a6dc1c33467

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 02fce848b2642c3a35dca20626bcd017
SHA1 ee5d3a241b59ee5707f705b78a8254fbfc22d52f
SHA256 7f88efab8fbe11941f9e23e31f259a2508d6694ab10a9929bf2e667262d6d534
SHA512 26f2dc102af4c8ba2cded5ffc61d4838d8628b93d7fe1d39128516b1b46f34a689c500c28c56b83c7942572aef8ef7fda4ff7c1e99e9055c94c2cbaa07d83843

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 76fb479b42c20e17bcadf97bdb571c1b
SHA1 ba8edf6e0f03598963beb73bfc3774ade7ca6a6b
SHA256 11890325e37460164bca185ecfe70bb96dd615fdb52d15fbc756d7b5a4021aa4
SHA512 a7bbd4c5fb7e863891b5f751dfe155bb7b3077524d774addddae5a71686f2d49648536eb253e261adbb398c6e6d403a31ef821771f14b279376cb24401eaeec4

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 9f3098ab73c7deb6ac156427962d677d
SHA1 1fc1030aea3a22c20c35094ea67b0cd669f35af1
SHA256 ea8dc268ea36bbdc2205870104ee2201be5de7db68cfa8872a4fafbc0907fbd7
SHA512 db8f8b5af420403c12752a8f05c8f0c34f721865be859cd72749901927945ed6a5105e5cffb7a27039fd269502cc1eb5b79cb781033e502c1e356a45815c76e3

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 19e4b46e80ed4a3f0b4b809263367af7
SHA1 8259f6848213ccd1a4ca476844a19469c98e1fcc
SHA256 49e53124585368d9077b1b87ae8a7b8a965c8425109c59e9344cdbf563f60563
SHA512 f33f93a31dd66469a0e1df334706b0f74d46228e932b17b1ccd1290e4723a5c584ab2725791f26bd6c716e2bb5071c90e761c3d2e021922d16b18c33782349b9

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 3e34fd09e394a1fa334bebdca25b025a
SHA1 2b1b5845e2020c1d44e883d07196740173c533bb
SHA256 6b720865251653b66ad0f56b47b939f5558e4732304d586302ca40aed2b6e1ed
SHA512 a5ec845a13556a46632ec064d46bcb46272ea4e9fdd7906f36efedc86d5f1c849cce6ac7c7081838311e9df3affc6d866abdf917c51ef3d3c4af31f7b3310332

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 854ffd420cafea931cc945fb3744ab4b
SHA1 e02cdeea01d29e79929107700b14578b942eaf10
SHA256 a0f7938401acc3ecbe0446dec4ab23d4735c472536c43c41560151e023b49d9a
SHA512 53ddca6abe99a5a983e492d509c5a4a1352aaff918c989418e391fd087158f039f92bbf1ea0165ad647e61552bf1e9afa582a0547d17a682be2dac5873ab5729

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 e6f8954c8bf37d84b8ae2759d8a473fc
SHA1 a3ee8553a7d10d7c7d87dd2d70d286539d5a154a
SHA256 ecdb7eedd1ea30750194d0d130f95f28585e5ee72b38772da331ff15ebb6e104
SHA512 31ce1a8e520c170da010dc0723abd42fc5e8329c6ec3c7033d6acd226470ef4f8e01ccce46b130bdc99382e88e599b3616aa5a3940cfe616ffb9dd8806825eb3

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 319caef3a4e63a964cee1b19ff118623
SHA1 64960050c80f6c4218f84c3c9fea599e8df1ebec
SHA256 51d308e519baaa4ef1b9017674bd5e77465e33870ae3124540ea0ccfbda947e4
SHA512 7d4d132b696090ca9f04f38873814b01e861d653dc685472030ec582c1b01e5bf2bd1092aea9cfb24ca7621b98ae543a5f018cce857a9b625134cead8a3ca2f8

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 99b6a7e1c6b860c8536ef26f1bcb28a2
SHA1 5857c2a7b02e04d4da898883d36d14a323b18ab0
SHA256 16b68ca145b3e12e4faaed0bcc3e657c643dde55dd01abc1e8a462c60bb9766c
SHA512 e9b88d0314f37dcc40da7b4e566a6e634eb0759d73a8adc06901ec28038da567f4e25cfd9dd39becf46304f5fe2c5374922e63ec5b3069f8f7d553fdd29e41d5

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 f856a50278c66a503945884d9fdaf120
SHA1 648a0293515cbc0b9d1e5bf3a7488f1ef90f3bed
SHA256 5ec366c446481a9df697ff22827cb8c7a5ae226f313f8616fc8b942d363e79c5
SHA512 085412b1ea61629d2765ae3ea83ac61867e03e4b7626ae4523bcd8f525569f56123772649ab760fa18890523ae8a453fec2ace5d2b2d77328cbeca90635593f3

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 e530fc92b2e44f6216db5554938b71fc
SHA1 62e161995fef1247d063fc9c6b4aefacd899f517
SHA256 eb547ab7b6cc712494c1a67df75ee7b31248e8b98157e600f72249206ca20ff2
SHA512 d30dc240622a0e83a62f8449a1280b8788192d054aac250be2e583df0f44d4ddfccc5eab984325b097baa2e6457d7246d088a4217d9d3c115ea91c1b182a56ae

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 3aa9dd20cad401ddab7dc40bc40478eb
SHA1 7fb39bda8087967861b6b5c8ab21cb0a285936b7
SHA256 be83baef77e15c1f90222a71c6fa5a56c39d2c88304edb8610f91eb9d6d8791d
SHA512 7bbc121df2475474be82cd33e9dda5789e76a0b78b21154e4b97253df19edd9b0b8358f8321f23a55e11636dc1bd2857cca467f657971d00bda52e62ad7da80e

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 634701de051b5cf9c0f3fa9c1cb85a3d
SHA1 02fa68b388a3257a02eccf99f7051c78b7d6ce07
SHA256 4d5303936c8c3cf3cabaff9d2e027d6f97d00ecab08cf1dffec5cd5d66d811de
SHA512 735f257c3ad11eae7fca1ef807797a11154660f9f39e141b3c610651c625cb7eba22b9ef33b2932eb55976a6495f24ba21f2f35b68eb6f56c1f0d8378af9b30b

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 3f84583e88dae169cc837786f0894a75
SHA1 db6983217116563dca26ff188d66389e57463430
SHA256 40fb696a6b038592576dd384c061d15cfc6ac35347600a8d2c566488d0ba9f4a
SHA512 80782b6fd72a06b6b3c044949706ac6d8e8a9e83c0b03ee22fa5569a03ebe6314d60edada932431f50c13b1b4c2c254958b26da3264d5e5b463b8ba1d7eaf384

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 468c33c8f2dca7cc9718c033921525de
SHA1 43cd006ed93b057e2b22739057bb76a032ca6b44
SHA256 14afb750f072299800e9471df2ea0b203cad2a2cc03ee64300aeccecd90f92a9
SHA512 0da99616cb46cf13639c80d883802d178c8262ff57115d5e0bab9bab4db556a6838394788d186ff4d824e8776939c626ebc32690dce22a2c5e769d2fbcedc270

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 9f39ca087472f02ae006b607c83bc4bd
SHA1 b4c9807d45b20c50ba7e12de2c42e294df792c53
SHA256 bf32acad8995a185ddbde61c886cdcdf8b745793fd8135e6eda080e4b056a91d
SHA512 c65eb252171577261370a2ab017e81cb5fcdf3f65615c653d3366ed5ab62758f39864c3a452bf5c40f7ce2225b7ea1301f0a20338aca96aa29838ece43af5048

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 3bdb0722b2914385a06f305b79bc1c1a
SHA1 d2e6e0d2bd047affab340511c8408bd5a80c7a83
SHA256 2e63bbbc3ea8d4b4b3b710c5f078d20813619cb03917bfb11c47ab32ec6f0ff7
SHA512 bf8aa12ee3ec8b1f2a74133031cf75f9187a8896586ca9b22f2aa3a4f677942428826753cebebb207fcc88e204dbf9a9a1ce618cf0548f4fa842d1ff7ba1b030

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 1567951e35636b6cf6fca741fee2fb33
SHA1 31973cef00ada0fae1656ddbf45b41ca7e0f6863
SHA256 72402556b43bfb4392a4a874ad477aa2968b7fae3f23dae208ae6679f41d039d
SHA512 0b5b81e70a81a7767cdf3985f82b692ecb801c9c5c0a9fdc84f89e235fc053d40807ebc5d8ed46a8644868880efcb43d075d97a2a6bf4ade576c4d125d5cfcbf

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 0cf701153cd74feeff1f8b1d74616a8f
SHA1 f69a83e814b06176b2db42f40830e74af3cfdd57
SHA256 0b89fdd8b0879ae4d23aff89649f811f5399a5e7b7849e819e56d8c90753d114
SHA512 110e8c6cd453afa5b2757dc8599821f66aca456d81c0d98d90972f3343649ee6dd40c4a74179f8c55a89b12dbcea2c7b0506fdb010b8443c41828c30047638c9

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 d3ec75017effb7551f41a494712c1046
SHA1 601909fa3676e4ad6a99b080624bfb8dfd52b5d4
SHA256 8d87b95ee771b2af706e78c03e40d41bb556f31c2622f186bc900ef8de56a9c7
SHA512 e441f022f9b6c612b6e7a30c8fd7be81b1643e76855a9172e3ec4716cd061c64ff4729a4062bdd558248280a7feb91849e62f3f55ecce28f853ba88019c40fa7

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 866db800f7e04b81b336094d793339b7
SHA1 5bb6605db1a34368421c670b6a60a9c794879967
SHA256 37ed2f71f27bd57064f3a7bb734cc39be3db94837acca57fd12bc8a8163459a8
SHA512 3f02661bf0bc9e19b18bfcfff507f2f8d1ab7112f26e9d4a57240bb5055086adbab898f02d547f069f2bcf561b73f31535745b38a0c44ec6870a3b92082264af

C:\Program Files\dotnet\dotnet.exe

MD5 0af186bbac859a0383ff477a11078bf9
SHA1 7d3d6bc266731e1b6ea7b17047e0b0a8487eb85a
SHA256 7112ccb30b7511782fa5fa726383d630765de7dec3e18c8009775b49778ea6d3
SHA512 51f612b87e5f395bdb8bf2b4ec79a33835608d4f16c600c0679c872b6d00d051bd244fb316001e3359a092838dd71490eceddc6015f1554237669754c0a92a22

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 58442362cb8ede57ce6a0ddda1a44d61
SHA1 d3d9f3e622ef11c72e100fed11fbb4b9bd711288
SHA256 9f2f775488c6a92a67ae7e106858e8adb2e1566ceeacb64e4ad13f7dd4968c7d
SHA512 30a9968bf1115d3e319b89dff73d110c407d33dcb3d8553bee8e01fe356d3f556cdd9d5d4feb2c4ed8c21bbbec8e7e3e4c5b697d514f5fc48fa5ddc8e801bb9f

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 5219094b36f2b9a6c88246a0267f8a38
SHA1 ae23e685a6740d85f4cf755ec57c744460c9ae8f
SHA256 c18405dbe4161ce9b1178ddc45ceecb4f09c53f10a0500c66e2046dc3761f404
SHA512 73bbf0446f8401a8e79c58555ed00fc7c3c385013f5f48231684fc4448fd1934c3eee3b19a385c8b2eb948b4dcd72c62a2d66296871c7ac363f7e6d95f7629cf

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 38900a63bb622f793ab6d661e670a54a
SHA1 79b5b3fa4e973ed6d2fd19c71208d45cf9b22f8b
SHA256 62a70c92beafd4be3bbcbcd7cdec40b4c0b55f894de3c5acd7344bf53ef8aeb3
SHA512 f4c109f0e4e172b9f8dbc55e00857e177ac1df3bf828684cd71b3bd35e9fe1e6d94f56f5b4292bdbb0a3ad50803745957c8c2056cd7fa53c75d87c7657a9b3b2

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 2023f1cb17a750dc593b1735fa9051f2
SHA1 3f589792b111552baa2e9f046f40faae7d032b06
SHA256 d8b590db6d63fbf88dab01c366c74fcdf7c9ebf37b366f1d53a2f312c5dfbc7e
SHA512 92539445a546fc25adfbde2a1567a8bc4d17e3d87d5c323f19a2fd92d73822d77ce729576bc9e53c70951a36f35afd5d51b2f5996c2f273e97fd3af1792c7d0a

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 36c54a7eea2ba08a867abef463aa0939
SHA1 efedc8ffd2d6b45d7d163fcf203a9209df9c1b3d
SHA256 887fd32fe26c7ad6ec967af15f37f1c0b1d22b64f4d024be3e4196f5cb6df384
SHA512 001cbc8194f14d542d8a3dacc8df3951307caae5b2457ef0bfeae329c11fbc0eb0991633aa09a164bc96438376ca3bc19d94278297b5e52bf3a12e60d7fdeb45

C:\Program Files\7-Zip\Uninstall.exe

MD5 220ad72ccf254eacf00374a1e50ec62e
SHA1 9f1bfb40d39dfc5676839d3aa8790a96de7b30d4
SHA256 5579be205149e414c6855d55bb12e5221e0496a23e3afff6213292fed2ebad18
SHA512 d488211dc3af40bdb9fe504e6409064ac7c1b60ad915d05515badf04d5478652b96328167e6b3cc542b03af4ab2a94ac5966438ad0af1616fef9086f044fc2eb

C:\Program Files\7-Zip\7zG.exe

MD5 419511333195e59de6af35b369b794d3
SHA1 7a113f912bed86e4aaab7a3a51b0ca316d4f73f5
SHA256 ea275ba9c018394afea541823520791fbcce0b7153b84e66ef7af44d42f121e3
SHA512 7f592c7e8518decb1be0987ecb25a7df3e8217184f5459bae5511967e532966ac9090c8b7a8a4cb14cbb14e268a27c66e21934057fa8499129d0c9ffdb669ded

C:\Program Files\7-Zip\7zFM.exe

MD5 201b5d4f157efe66b80cc0ca12dd3907
SHA1 ae53d006e355cd1942642c55a980d0d30e5b00f8
SHA256 70a8bd682230d3aa224f0be82c07204c35179a500078270a889885d19e52299e
SHA512 33645c915ea88efff71511b8148e88a2c7de031535028a3df9a323d8bf5141778517d2fcd1160a8c9f38795717f0ad742b192dccaccc637510e83d6678ce308e

C:\Program Files\7-Zip\7z.exe

MD5 6b0e42fcbe7c80ac95b5911f002f0b12
SHA1 b0572681bd986c3a9b70f7619d12edf3221b058a
SHA256 78d491b8530912e3912bc3776838ac17b769865976fe0cea69e49afc37a2635e
SHA512 8eb52ce8a96cb903de70b1e412a6597c0bfcd1e2816764d1c93576467a24165a8d4a7b363194009aa0018a4948c4e12050be1cbfcb1ff3e94fdab8818d1b63ae

C:\odt\office2016setup.exe

MD5 47fb3f79c31e494f1297ac6f85afcedc
SHA1 3cb3fdfc67c950436ecf701d6ea53931682210f3
SHA256 2134d445669a1812a7817701825bcbdf9b90e0dbe9fb54f78818fbd6dfb8f762
SHA512 b99cbcde5b11742a5dc842c257f0246dfa4489bc866c5868199155a26bde6fc9990fd9fc9b482af5d396b2ece191f4c36eb4601cacfeeb6dcc77d539f8918931