Malware Analysis Report

2024-11-15 06:11

Sample ID 240407-3jwh4aaa62
Target 2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk
SHA256 eac4737aa19dcdf0f11122849bf48ee8ec41d66302cce8642d36a5f2920ab734
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

eac4737aa19dcdf0f11122849bf48ee8ec41d66302cce8642d36a5f2920ab734

Threat Level: Shows suspicious behavior

The file 2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:33

Reported

2024-04-07 23:36

Platform

win7-20240221-en

Max time kernel

118s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe"

Network

N/A

Files

memory/2632-0-0x0000000140000000-0x00000001401F0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:33

Reported

2024-04-07 23:35

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\c34fd69c990ca9c2.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\System32\alg.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/1944-0-0x0000000140000000-0x00000001401F0000-memory.dmp

memory/1944-1-0x0000000000440000-0x00000000004A0000-memory.dmp

memory/1944-8-0x0000000000440000-0x00000000004A0000-memory.dmp

memory/1944-7-0x0000000000440000-0x00000000004A0000-memory.dmp

C:\Windows\System32\alg.exe

MD5 58832a6154354e18338d338c4c033c79
SHA1 568cc6114f8a4192046dccb057e63971f0d93d5d
SHA256 9e5667b05b0ec61ace3e63acb769bf3a1decbbe0db3e16632a1ad50aee542dac
SHA512 ff098495df04885c917c183f8f2152c1e74202196f604d41dcf541558194472c4c5a8a9dc574f65971bfb19ce2d391849d5938eb4a64628c2feba550aa0ee423

memory/3156-13-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/3156-14-0x0000000000720000-0x0000000000780000-memory.dmp

memory/3156-21-0x0000000000720000-0x0000000000780000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 d3e4e7dc391ff152e95780b1421cca42
SHA1 3b9cd0882c62f412a2078959c15d2218277aad42
SHA256 3e0db6ef3f611a8cf3fcaa97f5615b310d9d8858c3f55e5952989178f3a9bed6
SHA512 9854104e7b74dcb8ecbc64577cebd09b5338dff9f336246f7bf7895a90945d2970adffbaaf197018f16f27900f23eae0c044813a03160f6dfae779c8f7102008

memory/4796-28-0x0000000140000000-0x00000001401E8000-memory.dmp

memory/4796-27-0x0000000000730000-0x0000000000790000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 85e183b3c07163f3d1a1d9a95cd2d13c
SHA1 791bcd55ee50fc484c042f065f9e0f5addaf29d0
SHA256 262e5b8c9b8baa2778729e598cbb50665f54d98911dc7b40096e79233d43dd6f
SHA512 6993131019a355b065cc21eea55ce0c967a9c7e3c87c5a0a337cb3b57b752f3aa21e7f5959f7e59653968c66b1a0968eb12c1bc8eaa2112129b554ff93a3d8c5

memory/1944-35-0x0000000140000000-0x00000001401F0000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 c6fb80b9f0f4962dba1a16aa7434d19a
SHA1 c74ad76f7512fd29d8f35c7f09b8f7f16d384c22
SHA256 a543ba3f2bca3f46d9a34a28527b1bb5e757debf56c69e33b673c201bf8aa394
SHA512 ac0237ff602c4db1761232b5457ec0c15ee6dab5d0f755bad20d836770ada1e0f239bc9c11fe19fa354c92db8f8c53b8462a6a238882f244b15bf45054ced6a2

memory/4796-41-0x0000000000730000-0x0000000000790000-memory.dmp

memory/1788-44-0x0000000140000000-0x0000000140237000-memory.dmp

memory/1788-50-0x0000000000720000-0x0000000000780000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 cbb0859f229479ecd6ef0bf69bce78d0
SHA1 3745eb2a66468ca5f4cfffe4e04453b0581d151b
SHA256 58b4355c8e7393bcd0ce1d99b6c6e6388cc3df8de47bf06bd7b7ed5f4022291f
SHA512 0f04ea83252a04564aba8fc07c5a280801e09836095b70e6f6e8254d65d9474e6c4ba4285cf26fd214d374ff64194c66c04a46c4eb7620a0b58e366cf322f966

memory/3428-55-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3428-54-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/3428-61-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1132-65-0x0000000001FB0000-0x0000000002010000-memory.dmp

memory/1132-66-0x0000000140000000-0x0000000140209000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 f0b706b5d96e96f0b3a7fd574651d73c
SHA1 248600cee0b95a6c52855ae367809de8c87126d9
SHA256 f03ce8c80734be67c68f0c60ad1d8b98b2fa693e2c0b38881800c6618d303ec9
SHA512 40960b4e9ff9ef09adae709d590315fe77891b8e1b34ecbd402be0830646d221a3616e20701b670f8d4c8682044faa50376e702aaa56e028f105c55cb3142f55

memory/1132-72-0x0000000001FB0000-0x0000000002010000-memory.dmp

memory/1132-76-0x0000000001FB0000-0x0000000002010000-memory.dmp

memory/1132-78-0x0000000140000000-0x0000000140209000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 9f30328be175b70585670b977c657a18
SHA1 c0dcbd7fa087ec2e752a8e3477398df922ea5535
SHA256 13d3ac8c4c9099a4f3f12687adbdb3b40a88c6897a1248da2530a0a95e48d2a0
SHA512 8a38ed8e6fbc6b8abac9975c0917646ac51df756e4357010dd10d20a5ac0bc56d1c530ab5d0ff6cd9148e6555d933837cb93c472cd90073e0b409cddc0ba5d94

memory/1912-81-0x0000000140000000-0x000000014020E000-memory.dmp

memory/1912-80-0x0000000000930000-0x0000000000990000-memory.dmp

memory/1912-88-0x0000000000930000-0x0000000000990000-memory.dmp

memory/3156-87-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/4796-224-0x0000000140000000-0x00000001401E8000-memory.dmp

memory/1788-225-0x0000000140000000-0x0000000140237000-memory.dmp

memory/3428-226-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1912-252-0x0000000140000000-0x000000014020E000-memory.dmp

C:\odt\office2016setup.exe

MD5 75448cdeec72c1e071b2b903bf17af9b
SHA1 196240afd94b2e905461bd091a7bbb7858bff6ce
SHA256 fc2fde94f654c29a7990e9fd5cf948d0a0c3433865aa01e39990e13717f16258
SHA512 e8e5976f7d2c066004d439dc02bfd75a80edbe4c52adaddff5f7311171c2e0839cff30bb88836206cfbf2018c36b9e313c10676ea63429c366a8f803df090792

C:\Program Files\7-Zip\7z.exe

MD5 7ee22e80240e4da29615491e4fdb4d1c
SHA1 26ed435e60eb834d7be10d4e8bef93794b5fc23b
SHA256 debf3f22afa7907d40f87b32829f7391146cc8ac74c9816a92a880ff4ae226a6
SHA512 a117412dcd02fc507db40fc20807f421512b116b823c45bb5c324c98b07ae18b3f1df30f42b3d351489fd4d601af42f4ca3561bced30908849dbe3b5e9c31b33

C:\Program Files\7-Zip\7zFM.exe

MD5 a230a37323f523782c8695b3ca7cca8c
SHA1 960451b36806253543ffc96c62e7806778cda635
SHA256 ce046f79d54b57148a43f7e443fbbef127a6c34876f39222f5e748ee887b8872
SHA512 2b2c20917bfaba1986329a9830b16ec8297f6234d3de87b08146aae4727ece3da8863b7a981b071bd866aa15ffb4dc42dc8577b5824cc72f894d44ded5e35869

C:\Program Files\7-Zip\7zG.exe

MD5 b2df7f26d003a7923ab4bf2aba017a96
SHA1 41ddbe6ec8403fc06b8054c21d942e933d2baab0
SHA256 0781f774d5a01768d060609f0c745e5f1054ccb01d18c35c63445158fadf6bcf
SHA512 b28b7c6751ea6aa9cb72af5a0856b89b42a1c32d58a1306ba5d66b3feaef981ec936a871987113bd36a794a0a8a482d73711099714c36d59c1e16603fcb5721a

C:\Program Files\7-Zip\Uninstall.exe

MD5 7349eb0d80a46e1454c8dad2bcdcb47b
SHA1 ae60a8c2cf82a8b2940a2f541de7d022c8b714dc
SHA256 9f8c55cad0fec70e78b173e955d590450f1ec127cc3f592ff80e1345d0b4390d
SHA512 16f7888c4a77f79c0d2033b89fb85cdaa70e61608f65ff211b921a7a45c5c525d270fbfec54f0eba77b222de034375c5cbb0ab392c24d1db973600bfb177fa22

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 ddecd1f168fdb3e4d1ec3c38f65cbba3
SHA1 46c8f5edf7c04ac7e7a2cd314f7a88052ff9cdb6
SHA256 8eca466fe9c59f1f0227bd956a68af5281d0ccf989ca70667a20613bdc6bacf5
SHA512 de4048ae2558856b142f724ce12a818dfc8a003d5b6e9a685151792dc47e33ac338f10e3706a1d91ce02fb577ea2abac487267de10bef9fcfdfe7b5e611b83a3

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 c0888c6bdd1d398c32f6e030baa76138
SHA1 2cca9bbf493ae6986e1c8377de3b6944ca759243
SHA256 f565f296762e5616131bf8778f6e1ddc269c5f462bdc0926da476eac89d1f3a4
SHA512 7c3578a62abe7d067d77a932288ad85714510fe3c71ebf800fedee38855aea63778bbeb412f95b9fb1997a8db64940c3f4d5c51d65f60e0745ad6950d3247e8e

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 e90a799723de91be18326ef3817a68c8
SHA1 a7982bd0371f10d0e07a137a22e7d8d48b54bf58
SHA256 73a243032999ab1c59e652c1422e2d36eaff51e030d4930079f9837d792c9ddb
SHA512 d2151574cf8963f667016661a0fe922f9ddf57e0b378605002c24d84d59a4970ae8264f8e3b5485edc6bbeba1d211d16d3d0b305b9b92714ba9a5017c1f21138

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 06138303fa02846e15ff90bcf1b27f04
SHA1 a09d859505a3481b7a3b830bb1fc621585f5c3f1
SHA256 8daa97079ac15574eeb6b6cf46e6886c18d87149c6b1a33dc8ed5a2b91665a00
SHA512 bd39c8ab6ae838dd48f1c9c8a6f40823d56106e1e0ff3a3869208ddca1cd6ad2a1cb9bdfe09aa13201d3ce653823172e3f26efb813a053a439f26a5d97980d82

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 65edebdb80d0dcabf43bd2addf5e66a9
SHA1 7a29327dd8c6d3d290574ff0d87c436169533fbe
SHA256 20fa027d0131a83b86f3304550d80dffd55a1100e1bb55ed20eec1906f7be946
SHA512 536d8baffdf10827181d961ab8bba22d33eac5978ea4fdbbd36c247ceb09805746db2682bfd9fd6f0222fa9d7adaf2a804464c74f09c072b19a822b791a122bf

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 c12c97265371f1bcb8d2810da21857fb
SHA1 ac8d22ef7cb7e3c852aa0625cffba83f448cca81
SHA256 9063ac0af328948665a9e93d5e23ad08035615ba3a081d95dca556f1683e8485
SHA512 29db8156b990e857f4f101d429dd66d71ebc4521dbb4577e47bd875342af424a29e4abcd705ff7067f79208c15b28b46557fc5c91c82d2fc358e363e875fb469

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

MD5 c288ab59f49329ed4919d321eff05f60
SHA1 cca68c48a3a704e84e1ab5b8463af158e05e8742
SHA256 89bc52bef16d5bb9cd2e9bd9a33a8347154fcd3d48bfdaa93c046638068e2530
SHA512 4ee71c291eab17f389ebe1de6f5583e630ef3388d4b174b380f98e8e28592c7a0938dda459d88d68a9e7edf57715ace951c51cc317a81a8964ab9956174535ee

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 30c1e5528ef585b2af64ddc149acb10b
SHA1 79ad7c8b513996e67ab393c9c40bd1353d3b7c8d
SHA256 df08de5dd675ab0300953723d4a49c1fe0f97fd90f81d0bb1041a1c1adae8680
SHA512 94f048d3a74283798cd8f8c27737d38a56a570536923552dd0dd259aee489b99d1e4bcb7b8804d517e6d2c1c56079adaa250e07c9d6d56aa03dda07c9c53904b

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 41a7b6a4f76ac52fe53f6f70fa90b0ec
SHA1 64e1453f6baca02a93d1506483af0350564cbdeb
SHA256 372ff63765cbb7dd02df8de50a339547a92d093694fa00086f9d57af1cff7c1a
SHA512 b19f6bedb9c654248feb0f0be9e8a77db7dcde358d1a0ad7e5dd93b3b4300a2b3d5f0058bbb3cecc6f745b5b374b5db9678d310a0d70b2bbb31c4341f99cbca6

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 a7c7a729659de42d4a359a19039175ad
SHA1 97a4dfc38fbcaa3b3e7e2f31c8cda481a213a448
SHA256 43870b4a77aeb6803c325e1df098a0c51817d80468e58e76262cbf09b42da689
SHA512 676b6043aaf49c769b6d10a626bac0ac348852c592387e9aa50573fb89bf37469cda24887b612dc1000daa231ba3caad0f3727d131d6e347586a6005ad6c0c3d

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 40d33544f0806f7ff85733e930363cf6
SHA1 85d6c187be4b8762ddeb86fee31b0eb1564f74e0
SHA256 14d4e2c1fcec0468487f4f95e7465c9ce6a40a0fc329b281a78a326716ad4ec1
SHA512 b353e87c758c94583b8441ed3021bc8c917b2c5422f4573509bdf466528da3846a3db114971170db866c3fbc3e3fdf8ec9ee53c4b3e62e6adefa77d70fc971f2

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 7205a5af76c627d51cc273405e81671b
SHA1 6deff4ecd3c3640812dbd0a960d37f035074817a
SHA256 5bdf12a03f586747a4bce945ff66b19e661d40b41b29e266ef5418475940a414
SHA512 5d1c85d76fb0c94306658b09cbf6312f735f12bb64706ec7b1242b150ba250f2fdd11bf1898198db8b16f6f2c25da510f40f7cc27e0fde11fd8f1289caab293f

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 4238d2ed15a8a9b8904743995353ba7c
SHA1 02b615e747ccf568ebe71ded90ec6496bcdcd0ac
SHA256 072f112b0469d99be664341558071f89a91c5a962f2bcd06a82a89243ee875a0
SHA512 d1b679dce90df782949b748df7b40a8ce3e2e034586f63f3321aad7167331b0b10de6b0fb888487ff718f940e2b10926e55a4efac6cdd0b8312e536be5e4958e

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 7cf19a41a1edf7e7da02f4c858aefb21
SHA1 68f39ba75743cfdf781f34c6bdb5b7fb8c51e537
SHA256 4191547285a05917fddfe384e8219d1b62624f7883b010dc6ad945fed0210293
SHA512 6ff52313c0c5b658951fecb470cc63c99fbd07362693c970a45c3b0e3a90ff891ebf89e6aa7b2843161a0f15363e7d3f1f1af4dfe833458ddb3ad5407eb13c92

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 49d28107c23d90306cadf94494d07006
SHA1 513ea560d1b3781dbee3944505fec10c7ac10921
SHA256 7d367cd6791e33f02a722ba608f7246d62ebb145cd73d96fa40966b0177340f2
SHA512 ce3b358e4ac79585dfb40067869333fb9f3483f53696898d8f17482ab09e3e849887dd929d7691b7e893838b7e2f2dda45540562a3367c763e281c0bd33426bb

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 ae4aae2aaafebb3662569b4e83ce6412
SHA1 1dfe8dd09d80c75e1be148b739a1c70171b34b3c
SHA256 7ea89673d7386c44b3d0dafba9c5881df7b1e80be47d7c630c8ffda1131e532d
SHA512 220f072bd3b458d2137bd7ece360908317b3c2f2e684e559a352553a1080d174987774b3b9a301c2c74a77bfe52af289e6fe2679be0cb1f00b76a7cdcc997050

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 e0fcae0dbdca5ee3bf1c9f11f7dcc697
SHA1 8a4d2101398921b9ca938b4e2bf5cb3b7c36e52e
SHA256 2f428ff7945d7a503494c7f216f7bdadacb52089e5fef46338e5fc6d556f9ef4
SHA512 1cd9254290075c02b1bbffa6881575d98563cd3d28af6db056324b557ad3eeb3c685d783802f9c0a74bb4f46da99a02b7cb2d56294a5973364b02111f8aab759

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 4f3ef86a0d3ddf6068be0b0f8f5cde8b
SHA1 8d85dbdb6907471e2d04d033b5f80f668caffca7
SHA256 f8fb9673823e8fb52cc106aae5ec5aad6b7671d7d209b559ab7d121a30580d05
SHA512 169a931758aa30f67d527115f36bfec5664c9a932d34e2f70ddad19f21c72590010d2fff47127614d7c3ac32aadc63729f9fdd173f82c3d69ebc66fe9d44851e

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 9d3f14a6464c6dde3094b5fa4bcb0475
SHA1 54f0a9410ba1c605133c86769027d37e5f17120a
SHA256 ce5875ad24535df7085e08ddfcd6d3eed8c7e28df530f20aade7002ce628f850
SHA512 b8e0bc6fff618d04cb9ab317bcec4469adf36e9bbdf73c9796453c28b8bc0bb5c2a27ae04f7c52c70963be608459489836ed8c7d08251dbb167cb543a2cf2835

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 d506f231055e999ee34c716c42a47898
SHA1 92866c0bcd53a96ff1188cf0a090b60a0e4d8acc
SHA256 d4e5fcc1b47bac1a15c79a56a45a0d9206ec4d530cddae86a0c03085b2c720ea
SHA512 d415e408a19cf108559fbaee13f131eac8026060cb3d5bcfe615f8322a31ef1d24e337ed3a032ef0f03c09d6d470917bde140cec77e8bdb28fbfe6f8c4184eeb

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 d7b8a9aef5e0d4c20752acaca9f8b1ad
SHA1 dc59fb29c835fc2293d9621002417a8b262eb3fe
SHA256 cbfdcdc77341eb0977b7ce95c909d9e14f4190f8e1da3a5a74ba37e129820fe9
SHA512 9b13ed062a74db671ce2d944a885a9111dbac5c2cdc29a1d9977d0673286c196acda87c00e3098471ebbd6d34a614776c0feed87ff6703a5f92a1dd5d0f514f1

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 f3152636954b0353197de86556c1ca16
SHA1 514bc60ba5e2134f4df67d74019e4b695a0c1a0a
SHA256 d80cdd3dc7460c93efdacba51654a6b64027bf405466c4426a6c5ba3a25e24cd
SHA512 2e6de1cf0c13457c629e8ad4789c8985e47605780317135f1f6daed681663c55d99c86ce921bc63b60fdaea8ef24c1db209c6ecb024e41bc33c570130039c88d

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 df7799538e2574389106060409b33ff5
SHA1 810889e4c40808e20776e0468d0aee385c7c11f3
SHA256 2fa19d5bedb6c8e695a1d48116ee831c0994bb95c66bcda325ff450cab713efb
SHA512 8fa71c4bd1ab9a3b0ee789457714d4b94aaba1e2735e30cf29545cd5581f48855873283653ee94c974a82181d626eaf8bd8c7b2c4d8ed7d6a26b177dea32705a

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 c06281072b87cae89c37458a9b66f61d
SHA1 a9b340ada44d49122c73b4dfb26cc73ef1e3c644
SHA256 9f64e8d28dbd19232da8bd349d303166fadbc24193875f39163bfef0b83dcf6b
SHA512 53024631ea552c515bc624cb90a36c40bb8db22973ffb154c12d8ad0b18b7f1b1ed7c5728aa0207894d2b6927b5c469c2dcc82275425713799dbf46ad6d6a4da

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 86ee42c9e96579de1f20957d35876a81
SHA1 2f420f8521591c8c9d6f0e81030537bf3c92d435
SHA256 2953cf0296cdbc376358fc6ec8762b1088fa79fb83bbf3cd3ce8d9d95bb2b89a
SHA512 122622a683efe08e1a91db9d29c1a6187ecd0a9f5e0d2d7cc3eca5b5cc0aaff3c7fe6efa17e47ec8a5807fd538b2f6d2d1ebaecb74715161cab06b132d23cb8c

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 f5111d226ae51ebe2a59bbee7d1eb5c6
SHA1 720884c6a07f0571e31f53d8256f540e2f9a1412
SHA256 37bdeaf3f34bb5922338cee6e81b9025e528d25c8fe046dd95f43a90df49e18f
SHA512 c36006289af550825279bcb4c102942fb2e74011e0ad0bb356a2427ddc8c3dae396f5f8e6366267fbd5d66aa584d99d206f41a083cae105a2ff2696061d8599b

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 7fa757f6b80dcafb89cfe5a8e7c24ec5
SHA1 bfde029c7c1fe9086454b4059d00ea6aa7c771c9
SHA256 8a026e78a01913a6880956425f47d769bc99825365ed6bf70d653436a851208a
SHA512 8b32f3bb2534af0f17fd32cbf3ead04a78cdfe051bd42869033b1d1fdb4e2c36e98dcc400cd479c48422edb0987e6f54ebe373dbc16881da5c70a781c5d75eee

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 71279d1704bbc23bf2f04ae503899433
SHA1 e67c7599e9d0dd9aede7d9c2d3e771e9756df9f4
SHA256 e96cc84480d10a30e6faffd1916dcf51dd9aa18fdd39a20a916e01c6831a0550
SHA512 3163198b50a7fc34b0c17586e98ba903664715ebe98394888ae552a09a510060a976155a6ae4420acaba83bab2664f09e5d910d9fb8e66ec4ea287af8a4efbe9

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 c11ab2aad80d04ab6b735dac6535998e
SHA1 f3faada955d97e2c173fff5864fd65584464e4e3
SHA256 aa7012c5652454282c1a3c8f0253f3535bada7b0528ce60076ba1b5d812576e9
SHA512 4c3e649fe562ac012269815b8fce38cf39ef230ebf27f9f7f5b267017dc320431f6af416fca27f70da94de5202aa962b0eef8d151d4af7af94eaf6f02756a853

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 0fbe2dc660c2366340c2c2cbf0eca688
SHA1 dfeed169f738b8daea7b62a5a85f63bef69c4f96
SHA256 928b4f7ab76069e207d97989772438852a7f91ea276309e32c41d2f11bd44e97
SHA512 a27abbebefcfe0b06ec18220abc872537437f2c0bb9d87b4fb112ae2afb6af8963a52d05e4a0fc089a4c247ca7ed27cfe01c3b38ae48099626c89ea4dd22f23a

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 831b92c36f66d23323e38e66a68167fb
SHA1 547d544dbb2e4ddca48b0d7a089f2a8663b5d927
SHA256 1e8df1823827040734b0923bf805cf25a984776c0309bc439af1188c66e95091
SHA512 8b5c69bfbdf374d402804954b4f6e42e4dabab9a5219cf9a536838cd6a9dd48e3a79042187589a9ea4f4fd0bf6688909c9edc8ff098b8e46d40ef77cf5fd242f

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 cc26567a676d4754c05681c624b2c417
SHA1 09529314d5eb137a525444bf9451bf747974be97
SHA256 0600384645b29c71fc005aeb33384896ec2b0c7026d9608633a744eb5c759adb
SHA512 967f48fff95b30f84add8e979e76fa63acb284b24f27f6c96ab232f9496abe0fcc0f8f083fc181ea73b00e189348539d973cd1a7c480d967093754cc61bdc7cb

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 067b1cd73e597ff7f15d971236464033
SHA1 72fd56bf04fc2d85091b8e902cc23076d7f1c416
SHA256 8dabb170ac4d56ec67d39038dc0880d0bd8a94837c898bff7fda2cd12fce1c7d
SHA512 32d52634b4cadb0e38a565d451cdcf0e4d9b79b1cf6ab673136855e4a651ef19dee4fafae71e5a72716459cb3e19f7c5f5f0b12cffc5d7cbdbd0b8c71a72fb5c

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 c64634fb868810511366e8a05f1267e4
SHA1 6781c7a31359e7c805774827742f67f06936bcf3
SHA256 4aac1ecd8d987a428b0fccca2d5204d0c4c03fef7af52add9c8d2ee49d69e879
SHA512 ae5cc9fc2dfc3cf8f62d5f068d7bc1959523f4598524d7054d623fdc56080564f14864d448fc48bfd36f898a0380829731094a996e0500b2092038c5512aff4f

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 05595106b0129dd6669ddf25fcfebea7
SHA1 0c98dcd8cc6af296d207880ff7fa3eea17ad296e
SHA256 2b16c280e9bcc82b2e5f25359f210658f626dbf9e3229f2de5aee45c657abab2
SHA512 f4ecd9c282c42a9a6e53b1563d5868d6a51ee660d4664dd54b1819648cad48c897c305d90b195d6622fb5676b00c1e9b19fb48b6a47352d59fb3b5c13d0dbddb

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 0181f7a12540434a79c0fd1309800ddd
SHA1 377b2519828aebc54da238ce909c4ea10e542213
SHA256 1cda726ed0da798644130c6fb82ad31551109416bf85c559e1fee18e945ccdd0
SHA512 5fd224843882f4651e1ac16e6202f06c0929388bbbb0544bd4f0e0d0a7c26a1646f1d4aa9ed83727286edda27360ea60e235b0d7a4521ae38b8429285a2826ba

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 45a22188dd4aae1b19078f17658a1494
SHA1 eb6b2644e7e559195a0a180a1dd4fce2d7a9714a
SHA256 951b224f7b2741977c1583f8ad75f4461039215e2186bbcc06a2a96d5fd530a0
SHA512 304064d6aeea940f586e2977fd3f4ed5b0a6f3ae34231c85f4c4a37382828450fb8036c9bd3cf7bf7eaf02f3d8bf9befa80308b494d155237ba1fe9da4a95b82

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 bfb428c92acddd87a7b8713453b09109
SHA1 3aca5cb4a317f18b1d5313b4ba9680fb1fc67d9a
SHA256 20129fb5248ebdd1d15ec0ac5774559a5ea4571bf71546013cd1e7d0b959adc8
SHA512 a1ef774ac9a2cf6f57925d367fa5f4158d5d3f5c36a52d72d18fa532f66cbfb883d66a3b494a803fe44f470f87c01dd90e7dc9e90c522cf24aaf121afd697791

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 07c322b24f8ffb557f9f9e1e2ee06418
SHA1 f1c094a3ee2d7b793478c51faa1ffb631be8ecd4
SHA256 a54781eb81ac953cfceec97fdd7b5f2eb844c715de0143c24031b8a7b4db79b1
SHA512 94f6741766aaedac46ffe620d71d36425af481a369c37dc56c83c5d5fbb55fb61919f77528bf39a09db70f95bab3c0b45bd5b5df1f581f665a624acfec370f64

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 2278a6733000f922fc519b22793d9d5e
SHA1 4d245c2f194f1d7f474beb348785d91dbd399fad
SHA256 c996d639fbe9c24800f83fc6fec0beb2941be2cea1c0a8c5c077e53efa7625d2
SHA512 5ed0b7ddbff49850b59a381580c6bbe7f0021655e94264a1f4314a98d883adb54301e6f8e40526a0ae1ef9d2c6bad59fe47c0f4e4a35598a1dca1875418f9d2c

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 fc0469210299560e5a848f9d438899c8
SHA1 7fb068de15197d3d755134207d5e974ae3387fb8
SHA256 27ab972e6dd0f68e7c2c85b822bb514bdb62004186550788b1ffd8bf59d6cb6a
SHA512 f26bd3843dce124629a41dbb9fbd997411feea1a09f4a5399eabe0d87bfd4e9663cdc7698de72e00cc51a00ef11e176d7155d77e6001f51e62895c53e1749da7

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 1cbf74aaa461926996de5a667b88d94b
SHA1 ecb3817d65f3d4af166abace8935fd8fd757a87b
SHA256 0a1010c3420deb0cd53470026394d28d4430c6a0d73daad3e9237addbd96faa3
SHA512 6555de7c63406208b9edd292d21a2ccac5a002755c82859ff0515d2003d8de05c78473d1e9e7e6f242866319d277f60b3df4a794e9fcea769fc1c356fecaeda5

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 abff7383da9f4b5b7befbac1dfd42182
SHA1 666ade4d582a60561af61991914c568fdfd0a22e
SHA256 3f62ace932be980eebd7a7ca91da994624391603ec154e3c06dd263dd9ce4c79
SHA512 72f73fb6e871f72426d1c8fcccd15a2b9583ee1c3938bdea077983118bceea916b10ef309a63ac40f3c6f35f87fec35d90f008c4dfea8ebdf9330002b4c099a6

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 38f7119e3064d81467aff2a232666e01
SHA1 cc653c1ea6f185a3be666e6bede9eb1d20437182
SHA256 e618bac4967e20878d852ca97e5687616f5f1ffba80aa9ba0a4f5fccec079c45
SHA512 0db9c0c9e642c5dfd62a3241b07c4a9b1d8ebefea996afb1a8bc44ea08a3da2dc22e079cb52d842daab31f40246a3e56f08df4c67100823934875db9c5487cb9

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 24d97bc1ebe7b67a7421b6f9f6ada851
SHA1 c1027397449f41f2e89ea15d21e6460cc48cf0a6
SHA256 103496e844af72d0593eed413189960f2694b3def5cdf93165df23c36de45c04
SHA512 4c36f1f910abb74e2a5e1e092d02c067d739ccf1b00566ac0e28f3120e643444d83df8462d5d5c35d68c6252d7f3e99e1a08c0f12446b649fff81abe260a2a05

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 402fa62262fb837fa72a779aa691ae1c
SHA1 6385c374422405c7ff3d44395c7a11ac258517d0
SHA256 a729cbd7455af66b87f0ef31bf2b39abf3a0ea8a14e72b1a2e89cba999a9a9d2
SHA512 299ae55a44b901652b6a3ed7e818af2e9fa3b35335fbb276bde19d13dfc9625b8eceff9a9d4029569572775e2528b271fdda176d78a4fea949599f1aa0f5e0e8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 33b8db91ae69c27602e4d46228532f80
SHA1 80c31a006359fa781a5e9124226e0273e91b31e5
SHA256 25af4a2f7a7db50d9a58ea22b0d5b89226fda7129e8336668baf22e58a9fb780
SHA512 5014cf5c2f6bc571a3766681fba727a59ff534589c4d3ae743e4c086d2229301a372916be7f637bb37acf85dedf11e7220c7faa73c3b5d6487e75105a7a08624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 743a28e6883e49fdbe621554471d60b1
SHA1 f533105ae024b21f9e448f1be9a9ffce0fe3cf24
SHA256 2371ff9897b4a3f677e22e2bd58bb8057b1951824397c12b83156c630433cafb
SHA512 1c5c7d9f8ccaad9303c452a8d03834923779a5e3d9a4bba797ebb8730f8d48a2cbde0baa68fd83780f8e7c4df6cd6b96efa160666ac306aca092e8e2797cf572

C:\Program Files\dotnet\dotnet.exe

MD5 6f9a1f50789c57f9ccc47a55b4a16153
SHA1 4ffb672cf79fc9afcbb782279e775c69ec83b3e2
SHA256 a2c84ce17a73faa2c733d33f365a3f8b516a974dd6ee91c0ce6f5d613b96cbfa
SHA512 9080b0e09d013e3f84240f95f5b2d015ff8f4eb6aff2795e1711e0f64616be47ce2dd9dc7da18d0caca3dc15ad393cc46b8bccd28feed36ffb2a3cd2a8073b10

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 18f96f332a9886faa3141574520b29dd
SHA1 4e0aef9517a4ccd9ba3db1baea61a7b387964900
SHA256 a12777b5b12d7f78e70bd56509c1a4aad115ed50654971320a5105977c6ac533
SHA512 2a867ddcad414bb9eca0f384d99c8937fb81e46cda052d841f0662b7451dfc1d48e6fc7ebeade7f601688ae89607fb1850683e5760f9ce803f134727ad581941

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 98fedc887002ab618dd4c9d5d5fab0b7
SHA1 a88093629e71af01e0d492ad9405adfb72a1a941
SHA256 8fe4d022a7c83c7138c9050ef206f649056151c82a6434546ad3cbacddd310d8
SHA512 0e22aa9c57cae2b312f490e4e2516211aa536d24a079b20bf21c136526f082b7c7832cc2f271b8b1d733a91090601939d990fd4c60de27448591297e90956b1f