Analysis Overview
SHA256
eac4737aa19dcdf0f11122849bf48ee8ec41d66302cce8642d36a5f2920ab734
Threat Level: Shows suspicious behavior
The file 2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:33
Reported
2024-04-07 23:36
Platform
win7-20240221-en
Max time kernel
118s
Max time network
147s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe"
Network
Files
memory/2632-0-0x0000000140000000-0x00000001401F0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:33
Reported
2024-04-07 23:35
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\c34fd69c990ca9c2.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jmap.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaws.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | C:\Windows\System32\alg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_87bf9bce4bca123f08cd4e3f0329aed6_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | 7.206.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 46.225.168.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | 21.160.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 92.170.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.181.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 34.29.71.138:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
memory/1944-0-0x0000000140000000-0x00000001401F0000-memory.dmp
memory/1944-1-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/1944-8-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/1944-7-0x0000000000440000-0x00000000004A0000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 58832a6154354e18338d338c4c033c79 |
| SHA1 | 568cc6114f8a4192046dccb057e63971f0d93d5d |
| SHA256 | 9e5667b05b0ec61ace3e63acb769bf3a1decbbe0db3e16632a1ad50aee542dac |
| SHA512 | ff098495df04885c917c183f8f2152c1e74202196f604d41dcf541558194472c4c5a8a9dc574f65971bfb19ce2d391849d5938eb4a64628c2feba550aa0ee423 |
memory/3156-13-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/3156-14-0x0000000000720000-0x0000000000780000-memory.dmp
memory/3156-21-0x0000000000720000-0x0000000000780000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | d3e4e7dc391ff152e95780b1421cca42 |
| SHA1 | 3b9cd0882c62f412a2078959c15d2218277aad42 |
| SHA256 | 3e0db6ef3f611a8cf3fcaa97f5615b310d9d8858c3f55e5952989178f3a9bed6 |
| SHA512 | 9854104e7b74dcb8ecbc64577cebd09b5338dff9f336246f7bf7895a90945d2970adffbaaf197018f16f27900f23eae0c044813a03160f6dfae779c8f7102008 |
memory/4796-28-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/4796-27-0x0000000000730000-0x0000000000790000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 85e183b3c07163f3d1a1d9a95cd2d13c |
| SHA1 | 791bcd55ee50fc484c042f065f9e0f5addaf29d0 |
| SHA256 | 262e5b8c9b8baa2778729e598cbb50665f54d98911dc7b40096e79233d43dd6f |
| SHA512 | 6993131019a355b065cc21eea55ce0c967a9c7e3c87c5a0a337cb3b57b752f3aa21e7f5959f7e59653968c66b1a0968eb12c1bc8eaa2112129b554ff93a3d8c5 |
memory/1944-35-0x0000000140000000-0x00000001401F0000-memory.dmp
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | c6fb80b9f0f4962dba1a16aa7434d19a |
| SHA1 | c74ad76f7512fd29d8f35c7f09b8f7f16d384c22 |
| SHA256 | a543ba3f2bca3f46d9a34a28527b1bb5e757debf56c69e33b673c201bf8aa394 |
| SHA512 | ac0237ff602c4db1761232b5457ec0c15ee6dab5d0f755bad20d836770ada1e0f239bc9c11fe19fa354c92db8f8c53b8462a6a238882f244b15bf45054ced6a2 |
memory/4796-41-0x0000000000730000-0x0000000000790000-memory.dmp
memory/1788-44-0x0000000140000000-0x0000000140237000-memory.dmp
memory/1788-50-0x0000000000720000-0x0000000000780000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | cbb0859f229479ecd6ef0bf69bce78d0 |
| SHA1 | 3745eb2a66468ca5f4cfffe4e04453b0581d151b |
| SHA256 | 58b4355c8e7393bcd0ce1d99b6c6e6388cc3df8de47bf06bd7b7ed5f4022291f |
| SHA512 | 0f04ea83252a04564aba8fc07c5a280801e09836095b70e6f6e8254d65d9474e6c4ba4285cf26fd214d374ff64194c66c04a46c4eb7620a0b58e366cf322f966 |
memory/3428-55-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3428-54-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3428-61-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/1132-65-0x0000000001FB0000-0x0000000002010000-memory.dmp
memory/1132-66-0x0000000140000000-0x0000000140209000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | f0b706b5d96e96f0b3a7fd574651d73c |
| SHA1 | 248600cee0b95a6c52855ae367809de8c87126d9 |
| SHA256 | f03ce8c80734be67c68f0c60ad1d8b98b2fa693e2c0b38881800c6618d303ec9 |
| SHA512 | 40960b4e9ff9ef09adae709d590315fe77891b8e1b34ecbd402be0830646d221a3616e20701b670f8d4c8682044faa50376e702aaa56e028f105c55cb3142f55 |
memory/1132-72-0x0000000001FB0000-0x0000000002010000-memory.dmp
memory/1132-76-0x0000000001FB0000-0x0000000002010000-memory.dmp
memory/1132-78-0x0000000140000000-0x0000000140209000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 9f30328be175b70585670b977c657a18 |
| SHA1 | c0dcbd7fa087ec2e752a8e3477398df922ea5535 |
| SHA256 | 13d3ac8c4c9099a4f3f12687adbdb3b40a88c6897a1248da2530a0a95e48d2a0 |
| SHA512 | 8a38ed8e6fbc6b8abac9975c0917646ac51df756e4357010dd10d20a5ac0bc56d1c530ab5d0ff6cd9148e6555d933837cb93c472cd90073e0b409cddc0ba5d94 |
memory/1912-81-0x0000000140000000-0x000000014020E000-memory.dmp
memory/1912-80-0x0000000000930000-0x0000000000990000-memory.dmp
memory/1912-88-0x0000000000930000-0x0000000000990000-memory.dmp
memory/3156-87-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/4796-224-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/1788-225-0x0000000140000000-0x0000000140237000-memory.dmp
memory/3428-226-0x0000000140000000-0x000000014022B000-memory.dmp
memory/1912-252-0x0000000140000000-0x000000014020E000-memory.dmp
C:\odt\office2016setup.exe
| MD5 | 75448cdeec72c1e071b2b903bf17af9b |
| SHA1 | 196240afd94b2e905461bd091a7bbb7858bff6ce |
| SHA256 | fc2fde94f654c29a7990e9fd5cf948d0a0c3433865aa01e39990e13717f16258 |
| SHA512 | e8e5976f7d2c066004d439dc02bfd75a80edbe4c52adaddff5f7311171c2e0839cff30bb88836206cfbf2018c36b9e313c10676ea63429c366a8f803df090792 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 7ee22e80240e4da29615491e4fdb4d1c |
| SHA1 | 26ed435e60eb834d7be10d4e8bef93794b5fc23b |
| SHA256 | debf3f22afa7907d40f87b32829f7391146cc8ac74c9816a92a880ff4ae226a6 |
| SHA512 | a117412dcd02fc507db40fc20807f421512b116b823c45bb5c324c98b07ae18b3f1df30f42b3d351489fd4d601af42f4ca3561bced30908849dbe3b5e9c31b33 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | a230a37323f523782c8695b3ca7cca8c |
| SHA1 | 960451b36806253543ffc96c62e7806778cda635 |
| SHA256 | ce046f79d54b57148a43f7e443fbbef127a6c34876f39222f5e748ee887b8872 |
| SHA512 | 2b2c20917bfaba1986329a9830b16ec8297f6234d3de87b08146aae4727ece3da8863b7a981b071bd866aa15ffb4dc42dc8577b5824cc72f894d44ded5e35869 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | b2df7f26d003a7923ab4bf2aba017a96 |
| SHA1 | 41ddbe6ec8403fc06b8054c21d942e933d2baab0 |
| SHA256 | 0781f774d5a01768d060609f0c745e5f1054ccb01d18c35c63445158fadf6bcf |
| SHA512 | b28b7c6751ea6aa9cb72af5a0856b89b42a1c32d58a1306ba5d66b3feaef981ec936a871987113bd36a794a0a8a482d73711099714c36d59c1e16603fcb5721a |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 7349eb0d80a46e1454c8dad2bcdcb47b |
| SHA1 | ae60a8c2cf82a8b2940a2f541de7d022c8b714dc |
| SHA256 | 9f8c55cad0fec70e78b173e955d590450f1ec127cc3f592ff80e1345d0b4390d |
| SHA512 | 16f7888c4a77f79c0d2033b89fb85cdaa70e61608f65ff211b921a7a45c5c525d270fbfec54f0eba77b222de034375c5cbb0ab392c24d1db973600bfb177fa22 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | ddecd1f168fdb3e4d1ec3c38f65cbba3 |
| SHA1 | 46c8f5edf7c04ac7e7a2cd314f7a88052ff9cdb6 |
| SHA256 | 8eca466fe9c59f1f0227bd956a68af5281d0ccf989ca70667a20613bdc6bacf5 |
| SHA512 | de4048ae2558856b142f724ce12a818dfc8a003d5b6e9a685151792dc47e33ac338f10e3706a1d91ce02fb577ea2abac487267de10bef9fcfdfe7b5e611b83a3 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | c0888c6bdd1d398c32f6e030baa76138 |
| SHA1 | 2cca9bbf493ae6986e1c8377de3b6944ca759243 |
| SHA256 | f565f296762e5616131bf8778f6e1ddc269c5f462bdc0926da476eac89d1f3a4 |
| SHA512 | 7c3578a62abe7d067d77a932288ad85714510fe3c71ebf800fedee38855aea63778bbeb412f95b9fb1997a8db64940c3f4d5c51d65f60e0745ad6950d3247e8e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | e90a799723de91be18326ef3817a68c8 |
| SHA1 | a7982bd0371f10d0e07a137a22e7d8d48b54bf58 |
| SHA256 | 73a243032999ab1c59e652c1422e2d36eaff51e030d4930079f9837d792c9ddb |
| SHA512 | d2151574cf8963f667016661a0fe922f9ddf57e0b378605002c24d84d59a4970ae8264f8e3b5485edc6bbeba1d211d16d3d0b305b9b92714ba9a5017c1f21138 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 06138303fa02846e15ff90bcf1b27f04 |
| SHA1 | a09d859505a3481b7a3b830bb1fc621585f5c3f1 |
| SHA256 | 8daa97079ac15574eeb6b6cf46e6886c18d87149c6b1a33dc8ed5a2b91665a00 |
| SHA512 | bd39c8ab6ae838dd48f1c9c8a6f40823d56106e1e0ff3a3869208ddca1cd6ad2a1cb9bdfe09aa13201d3ce653823172e3f26efb813a053a439f26a5d97980d82 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 65edebdb80d0dcabf43bd2addf5e66a9 |
| SHA1 | 7a29327dd8c6d3d290574ff0d87c436169533fbe |
| SHA256 | 20fa027d0131a83b86f3304550d80dffd55a1100e1bb55ed20eec1906f7be946 |
| SHA512 | 536d8baffdf10827181d961ab8bba22d33eac5978ea4fdbbd36c247ceb09805746db2682bfd9fd6f0222fa9d7adaf2a804464c74f09c072b19a822b791a122bf |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | c12c97265371f1bcb8d2810da21857fb |
| SHA1 | ac8d22ef7cb7e3c852aa0625cffba83f448cca81 |
| SHA256 | 9063ac0af328948665a9e93d5e23ad08035615ba3a081d95dca556f1683e8485 |
| SHA512 | 29db8156b990e857f4f101d429dd66d71ebc4521dbb4577e47bd875342af424a29e4abcd705ff7067f79208c15b28b46557fc5c91c82d2fc358e363e875fb469 |
C:\Program Files\Java\jdk-1.8\bin\policytool.exe
| MD5 | c288ab59f49329ed4919d321eff05f60 |
| SHA1 | cca68c48a3a704e84e1ab5b8463af158e05e8742 |
| SHA256 | 89bc52bef16d5bb9cd2e9bd9a33a8347154fcd3d48bfdaa93c046638068e2530 |
| SHA512 | 4ee71c291eab17f389ebe1de6f5583e630ef3388d4b174b380f98e8e28592c7a0938dda459d88d68a9e7edf57715ace951c51cc317a81a8964ab9956174535ee |
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
| MD5 | 30c1e5528ef585b2af64ddc149acb10b |
| SHA1 | 79ad7c8b513996e67ab393c9c40bd1353d3b7c8d |
| SHA256 | df08de5dd675ab0300953723d4a49c1fe0f97fd90f81d0bb1041a1c1adae8680 |
| SHA512 | 94f048d3a74283798cd8f8c27737d38a56a570536923552dd0dd259aee489b99d1e4bcb7b8804d517e6d2c1c56079adaa250e07c9d6d56aa03dda07c9c53904b |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | 41a7b6a4f76ac52fe53f6f70fa90b0ec |
| SHA1 | 64e1453f6baca02a93d1506483af0350564cbdeb |
| SHA256 | 372ff63765cbb7dd02df8de50a339547a92d093694fa00086f9d57af1cff7c1a |
| SHA512 | b19f6bedb9c654248feb0f0be9e8a77db7dcde358d1a0ad7e5dd93b3b4300a2b3d5f0058bbb3cecc6f745b5b374b5db9678d310a0d70b2bbb31c4341f99cbca6 |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | a7c7a729659de42d4a359a19039175ad |
| SHA1 | 97a4dfc38fbcaa3b3e7e2f31c8cda481a213a448 |
| SHA256 | 43870b4a77aeb6803c325e1df098a0c51817d80468e58e76262cbf09b42da689 |
| SHA512 | 676b6043aaf49c769b6d10a626bac0ac348852c592387e9aa50573fb89bf37469cda24887b612dc1000daa231ba3caad0f3727d131d6e347586a6005ad6c0c3d |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | 40d33544f0806f7ff85733e930363cf6 |
| SHA1 | 85d6c187be4b8762ddeb86fee31b0eb1564f74e0 |
| SHA256 | 14d4e2c1fcec0468487f4f95e7465c9ce6a40a0fc329b281a78a326716ad4ec1 |
| SHA512 | b353e87c758c94583b8441ed3021bc8c917b2c5422f4573509bdf466528da3846a3db114971170db866c3fbc3e3fdf8ec9ee53c4b3e62e6adefa77d70fc971f2 |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | 7205a5af76c627d51cc273405e81671b |
| SHA1 | 6deff4ecd3c3640812dbd0a960d37f035074817a |
| SHA256 | 5bdf12a03f586747a4bce945ff66b19e661d40b41b29e266ef5418475940a414 |
| SHA512 | 5d1c85d76fb0c94306658b09cbf6312f735f12bb64706ec7b1242b150ba250f2fdd11bf1898198db8b16f6f2c25da510f40f7cc27e0fde11fd8f1289caab293f |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | 4238d2ed15a8a9b8904743995353ba7c |
| SHA1 | 02b615e747ccf568ebe71ded90ec6496bcdcd0ac |
| SHA256 | 072f112b0469d99be664341558071f89a91c5a962f2bcd06a82a89243ee875a0 |
| SHA512 | d1b679dce90df782949b748df7b40a8ce3e2e034586f63f3321aad7167331b0b10de6b0fb888487ff718f940e2b10926e55a4efac6cdd0b8312e536be5e4958e |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | 7cf19a41a1edf7e7da02f4c858aefb21 |
| SHA1 | 68f39ba75743cfdf781f34c6bdb5b7fb8c51e537 |
| SHA256 | 4191547285a05917fddfe384e8219d1b62624f7883b010dc6ad945fed0210293 |
| SHA512 | 6ff52313c0c5b658951fecb470cc63c99fbd07362693c970a45c3b0e3a90ff891ebf89e6aa7b2843161a0f15363e7d3f1f1af4dfe833458ddb3ad5407eb13c92 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | 49d28107c23d90306cadf94494d07006 |
| SHA1 | 513ea560d1b3781dbee3944505fec10c7ac10921 |
| SHA256 | 7d367cd6791e33f02a722ba608f7246d62ebb145cd73d96fa40966b0177340f2 |
| SHA512 | ce3b358e4ac79585dfb40067869333fb9f3483f53696898d8f17482ab09e3e849887dd929d7691b7e893838b7e2f2dda45540562a3367c763e281c0bd33426bb |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | ae4aae2aaafebb3662569b4e83ce6412 |
| SHA1 | 1dfe8dd09d80c75e1be148b739a1c70171b34b3c |
| SHA256 | 7ea89673d7386c44b3d0dafba9c5881df7b1e80be47d7c630c8ffda1131e532d |
| SHA512 | 220f072bd3b458d2137bd7ece360908317b3c2f2e684e559a352553a1080d174987774b3b9a301c2c74a77bfe52af289e6fe2679be0cb1f00b76a7cdcc997050 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | e0fcae0dbdca5ee3bf1c9f11f7dcc697 |
| SHA1 | 8a4d2101398921b9ca938b4e2bf5cb3b7c36e52e |
| SHA256 | 2f428ff7945d7a503494c7f216f7bdadacb52089e5fef46338e5fc6d556f9ef4 |
| SHA512 | 1cd9254290075c02b1bbffa6881575d98563cd3d28af6db056324b557ad3eeb3c685d783802f9c0a74bb4f46da99a02b7cb2d56294a5973364b02111f8aab759 |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | 4f3ef86a0d3ddf6068be0b0f8f5cde8b |
| SHA1 | 8d85dbdb6907471e2d04d033b5f80f668caffca7 |
| SHA256 | f8fb9673823e8fb52cc106aae5ec5aad6b7671d7d209b559ab7d121a30580d05 |
| SHA512 | 169a931758aa30f67d527115f36bfec5664c9a932d34e2f70ddad19f21c72590010d2fff47127614d7c3ac32aadc63729f9fdd173f82c3d69ebc66fe9d44851e |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | 9d3f14a6464c6dde3094b5fa4bcb0475 |
| SHA1 | 54f0a9410ba1c605133c86769027d37e5f17120a |
| SHA256 | ce5875ad24535df7085e08ddfcd6d3eed8c7e28df530f20aade7002ce628f850 |
| SHA512 | b8e0bc6fff618d04cb9ab317bcec4469adf36e9bbdf73c9796453c28b8bc0bb5c2a27ae04f7c52c70963be608459489836ed8c7d08251dbb167cb543a2cf2835 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | d506f231055e999ee34c716c42a47898 |
| SHA1 | 92866c0bcd53a96ff1188cf0a090b60a0e4d8acc |
| SHA256 | d4e5fcc1b47bac1a15c79a56a45a0d9206ec4d530cddae86a0c03085b2c720ea |
| SHA512 | d415e408a19cf108559fbaee13f131eac8026060cb3d5bcfe615f8322a31ef1d24e337ed3a032ef0f03c09d6d470917bde140cec77e8bdb28fbfe6f8c4184eeb |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | d7b8a9aef5e0d4c20752acaca9f8b1ad |
| SHA1 | dc59fb29c835fc2293d9621002417a8b262eb3fe |
| SHA256 | cbfdcdc77341eb0977b7ce95c909d9e14f4190f8e1da3a5a74ba37e129820fe9 |
| SHA512 | 9b13ed062a74db671ce2d944a885a9111dbac5c2cdc29a1d9977d0673286c196acda87c00e3098471ebbd6d34a614776c0feed87ff6703a5f92a1dd5d0f514f1 |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | f3152636954b0353197de86556c1ca16 |
| SHA1 | 514bc60ba5e2134f4df67d74019e4b695a0c1a0a |
| SHA256 | d80cdd3dc7460c93efdacba51654a6b64027bf405466c4426a6c5ba3a25e24cd |
| SHA512 | 2e6de1cf0c13457c629e8ad4789c8985e47605780317135f1f6daed681663c55d99c86ce921bc63b60fdaea8ef24c1db209c6ecb024e41bc33c570130039c88d |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | df7799538e2574389106060409b33ff5 |
| SHA1 | 810889e4c40808e20776e0468d0aee385c7c11f3 |
| SHA256 | 2fa19d5bedb6c8e695a1d48116ee831c0994bb95c66bcda325ff450cab713efb |
| SHA512 | 8fa71c4bd1ab9a3b0ee789457714d4b94aaba1e2735e30cf29545cd5581f48855873283653ee94c974a82181d626eaf8bd8c7b2c4d8ed7d6a26b177dea32705a |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | c06281072b87cae89c37458a9b66f61d |
| SHA1 | a9b340ada44d49122c73b4dfb26cc73ef1e3c644 |
| SHA256 | 9f64e8d28dbd19232da8bd349d303166fadbc24193875f39163bfef0b83dcf6b |
| SHA512 | 53024631ea552c515bc624cb90a36c40bb8db22973ffb154c12d8ad0b18b7f1b1ed7c5728aa0207894d2b6927b5c469c2dcc82275425713799dbf46ad6d6a4da |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 86ee42c9e96579de1f20957d35876a81 |
| SHA1 | 2f420f8521591c8c9d6f0e81030537bf3c92d435 |
| SHA256 | 2953cf0296cdbc376358fc6ec8762b1088fa79fb83bbf3cd3ce8d9d95bb2b89a |
| SHA512 | 122622a683efe08e1a91db9d29c1a6187ecd0a9f5e0d2d7cc3eca5b5cc0aaff3c7fe6efa17e47ec8a5807fd538b2f6d2d1ebaecb74715161cab06b132d23cb8c |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | f5111d226ae51ebe2a59bbee7d1eb5c6 |
| SHA1 | 720884c6a07f0571e31f53d8256f540e2f9a1412 |
| SHA256 | 37bdeaf3f34bb5922338cee6e81b9025e528d25c8fe046dd95f43a90df49e18f |
| SHA512 | c36006289af550825279bcb4c102942fb2e74011e0ad0bb356a2427ddc8c3dae396f5f8e6366267fbd5d66aa584d99d206f41a083cae105a2ff2696061d8599b |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 7fa757f6b80dcafb89cfe5a8e7c24ec5 |
| SHA1 | bfde029c7c1fe9086454b4059d00ea6aa7c771c9 |
| SHA256 | 8a026e78a01913a6880956425f47d769bc99825365ed6bf70d653436a851208a |
| SHA512 | 8b32f3bb2534af0f17fd32cbf3ead04a78cdfe051bd42869033b1d1fdb4e2c36e98dcc400cd479c48422edb0987e6f54ebe373dbc16881da5c70a781c5d75eee |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 71279d1704bbc23bf2f04ae503899433 |
| SHA1 | e67c7599e9d0dd9aede7d9c2d3e771e9756df9f4 |
| SHA256 | e96cc84480d10a30e6faffd1916dcf51dd9aa18fdd39a20a916e01c6831a0550 |
| SHA512 | 3163198b50a7fc34b0c17586e98ba903664715ebe98394888ae552a09a510060a976155a6ae4420acaba83bab2664f09e5d910d9fb8e66ec4ea287af8a4efbe9 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | c11ab2aad80d04ab6b735dac6535998e |
| SHA1 | f3faada955d97e2c173fff5864fd65584464e4e3 |
| SHA256 | aa7012c5652454282c1a3c8f0253f3535bada7b0528ce60076ba1b5d812576e9 |
| SHA512 | 4c3e649fe562ac012269815b8fce38cf39ef230ebf27f9f7f5b267017dc320431f6af416fca27f70da94de5202aa962b0eef8d151d4af7af94eaf6f02756a853 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 0fbe2dc660c2366340c2c2cbf0eca688 |
| SHA1 | dfeed169f738b8daea7b62a5a85f63bef69c4f96 |
| SHA256 | 928b4f7ab76069e207d97989772438852a7f91ea276309e32c41d2f11bd44e97 |
| SHA512 | a27abbebefcfe0b06ec18220abc872537437f2c0bb9d87b4fb112ae2afb6af8963a52d05e4a0fc089a4c247ca7ed27cfe01c3b38ae48099626c89ea4dd22f23a |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 831b92c36f66d23323e38e66a68167fb |
| SHA1 | 547d544dbb2e4ddca48b0d7a089f2a8663b5d927 |
| SHA256 | 1e8df1823827040734b0923bf805cf25a984776c0309bc439af1188c66e95091 |
| SHA512 | 8b5c69bfbdf374d402804954b4f6e42e4dabab9a5219cf9a536838cd6a9dd48e3a79042187589a9ea4f4fd0bf6688909c9edc8ff098b8e46d40ef77cf5fd242f |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | cc26567a676d4754c05681c624b2c417 |
| SHA1 | 09529314d5eb137a525444bf9451bf747974be97 |
| SHA256 | 0600384645b29c71fc005aeb33384896ec2b0c7026d9608633a744eb5c759adb |
| SHA512 | 967f48fff95b30f84add8e979e76fa63acb284b24f27f6c96ab232f9496abe0fcc0f8f083fc181ea73b00e189348539d973cd1a7c480d967093754cc61bdc7cb |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 067b1cd73e597ff7f15d971236464033 |
| SHA1 | 72fd56bf04fc2d85091b8e902cc23076d7f1c416 |
| SHA256 | 8dabb170ac4d56ec67d39038dc0880d0bd8a94837c898bff7fda2cd12fce1c7d |
| SHA512 | 32d52634b4cadb0e38a565d451cdcf0e4d9b79b1cf6ab673136855e4a651ef19dee4fafae71e5a72716459cb3e19f7c5f5f0b12cffc5d7cbdbd0b8c71a72fb5c |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | c64634fb868810511366e8a05f1267e4 |
| SHA1 | 6781c7a31359e7c805774827742f67f06936bcf3 |
| SHA256 | 4aac1ecd8d987a428b0fccca2d5204d0c4c03fef7af52add9c8d2ee49d69e879 |
| SHA512 | ae5cc9fc2dfc3cf8f62d5f068d7bc1959523f4598524d7054d623fdc56080564f14864d448fc48bfd36f898a0380829731094a996e0500b2092038c5512aff4f |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 05595106b0129dd6669ddf25fcfebea7 |
| SHA1 | 0c98dcd8cc6af296d207880ff7fa3eea17ad296e |
| SHA256 | 2b16c280e9bcc82b2e5f25359f210658f626dbf9e3229f2de5aee45c657abab2 |
| SHA512 | f4ecd9c282c42a9a6e53b1563d5868d6a51ee660d4664dd54b1819648cad48c897c305d90b195d6622fb5676b00c1e9b19fb48b6a47352d59fb3b5c13d0dbddb |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 0181f7a12540434a79c0fd1309800ddd |
| SHA1 | 377b2519828aebc54da238ce909c4ea10e542213 |
| SHA256 | 1cda726ed0da798644130c6fb82ad31551109416bf85c559e1fee18e945ccdd0 |
| SHA512 | 5fd224843882f4651e1ac16e6202f06c0929388bbbb0544bd4f0e0d0a7c26a1646f1d4aa9ed83727286edda27360ea60e235b0d7a4521ae38b8429285a2826ba |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 45a22188dd4aae1b19078f17658a1494 |
| SHA1 | eb6b2644e7e559195a0a180a1dd4fce2d7a9714a |
| SHA256 | 951b224f7b2741977c1583f8ad75f4461039215e2186bbcc06a2a96d5fd530a0 |
| SHA512 | 304064d6aeea940f586e2977fd3f4ed5b0a6f3ae34231c85f4c4a37382828450fb8036c9bd3cf7bf7eaf02f3d8bf9befa80308b494d155237ba1fe9da4a95b82 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | bfb428c92acddd87a7b8713453b09109 |
| SHA1 | 3aca5cb4a317f18b1d5313b4ba9680fb1fc67d9a |
| SHA256 | 20129fb5248ebdd1d15ec0ac5774559a5ea4571bf71546013cd1e7d0b959adc8 |
| SHA512 | a1ef774ac9a2cf6f57925d367fa5f4158d5d3f5c36a52d72d18fa532f66cbfb883d66a3b494a803fe44f470f87c01dd90e7dc9e90c522cf24aaf121afd697791 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 07c322b24f8ffb557f9f9e1e2ee06418 |
| SHA1 | f1c094a3ee2d7b793478c51faa1ffb631be8ecd4 |
| SHA256 | a54781eb81ac953cfceec97fdd7b5f2eb844c715de0143c24031b8a7b4db79b1 |
| SHA512 | 94f6741766aaedac46ffe620d71d36425af481a369c37dc56c83c5d5fbb55fb61919f77528bf39a09db70f95bab3c0b45bd5b5df1f581f665a624acfec370f64 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 2278a6733000f922fc519b22793d9d5e |
| SHA1 | 4d245c2f194f1d7f474beb348785d91dbd399fad |
| SHA256 | c996d639fbe9c24800f83fc6fec0beb2941be2cea1c0a8c5c077e53efa7625d2 |
| SHA512 | 5ed0b7ddbff49850b59a381580c6bbe7f0021655e94264a1f4314a98d883adb54301e6f8e40526a0ae1ef9d2c6bad59fe47c0f4e4a35598a1dca1875418f9d2c |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | fc0469210299560e5a848f9d438899c8 |
| SHA1 | 7fb068de15197d3d755134207d5e974ae3387fb8 |
| SHA256 | 27ab972e6dd0f68e7c2c85b822bb514bdb62004186550788b1ffd8bf59d6cb6a |
| SHA512 | f26bd3843dce124629a41dbb9fbd997411feea1a09f4a5399eabe0d87bfd4e9663cdc7698de72e00cc51a00ef11e176d7155d77e6001f51e62895c53e1749da7 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 1cbf74aaa461926996de5a667b88d94b |
| SHA1 | ecb3817d65f3d4af166abace8935fd8fd757a87b |
| SHA256 | 0a1010c3420deb0cd53470026394d28d4430c6a0d73daad3e9237addbd96faa3 |
| SHA512 | 6555de7c63406208b9edd292d21a2ccac5a002755c82859ff0515d2003d8de05c78473d1e9e7e6f242866319d277f60b3df4a794e9fcea769fc1c356fecaeda5 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | abff7383da9f4b5b7befbac1dfd42182 |
| SHA1 | 666ade4d582a60561af61991914c568fdfd0a22e |
| SHA256 | 3f62ace932be980eebd7a7ca91da994624391603ec154e3c06dd263dd9ce4c79 |
| SHA512 | 72f73fb6e871f72426d1c8fcccd15a2b9583ee1c3938bdea077983118bceea916b10ef309a63ac40f3c6f35f87fec35d90f008c4dfea8ebdf9330002b4c099a6 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 38f7119e3064d81467aff2a232666e01 |
| SHA1 | cc653c1ea6f185a3be666e6bede9eb1d20437182 |
| SHA256 | e618bac4967e20878d852ca97e5687616f5f1ffba80aa9ba0a4f5fccec079c45 |
| SHA512 | 0db9c0c9e642c5dfd62a3241b07c4a9b1d8ebefea996afb1a8bc44ea08a3da2dc22e079cb52d842daab31f40246a3e56f08df4c67100823934875db9c5487cb9 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 24d97bc1ebe7b67a7421b6f9f6ada851 |
| SHA1 | c1027397449f41f2e89ea15d21e6460cc48cf0a6 |
| SHA256 | 103496e844af72d0593eed413189960f2694b3def5cdf93165df23c36de45c04 |
| SHA512 | 4c36f1f910abb74e2a5e1e092d02c067d739ccf1b00566ac0e28f3120e643444d83df8462d5d5c35d68c6252d7f3e99e1a08c0f12446b649fff81abe260a2a05 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 402fa62262fb837fa72a779aa691ae1c |
| SHA1 | 6385c374422405c7ff3d44395c7a11ac258517d0 |
| SHA256 | a729cbd7455af66b87f0ef31bf2b39abf3a0ea8a14e72b1a2e89cba999a9a9d2 |
| SHA512 | 299ae55a44b901652b6a3ed7e818af2e9fa3b35335fbb276bde19d13dfc9625b8eceff9a9d4029569572775e2528b271fdda176d78a4fea949599f1aa0f5e0e8 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | 33b8db91ae69c27602e4d46228532f80 |
| SHA1 | 80c31a006359fa781a5e9124226e0273e91b31e5 |
| SHA256 | 25af4a2f7a7db50d9a58ea22b0d5b89226fda7129e8336668baf22e58a9fb780 |
| SHA512 | 5014cf5c2f6bc571a3766681fba727a59ff534589c4d3ae743e4c086d2229301a372916be7f637bb37acf85dedf11e7220c7faa73c3b5d6487e75105a7a08624 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | 743a28e6883e49fdbe621554471d60b1 |
| SHA1 | f533105ae024b21f9e448f1be9a9ffce0fe3cf24 |
| SHA256 | 2371ff9897b4a3f677e22e2bd58bb8057b1951824397c12b83156c630433cafb |
| SHA512 | 1c5c7d9f8ccaad9303c452a8d03834923779a5e3d9a4bba797ebb8730f8d48a2cbde0baa68fd83780f8e7c4df6cd6b96efa160666ac306aca092e8e2797cf572 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 6f9a1f50789c57f9ccc47a55b4a16153 |
| SHA1 | 4ffb672cf79fc9afcbb782279e775c69ec83b3e2 |
| SHA256 | a2c84ce17a73faa2c733d33f365a3f8b516a974dd6ee91c0ce6f5d613b96cbfa |
| SHA512 | 9080b0e09d013e3f84240f95f5b2d015ff8f4eb6aff2795e1711e0f64616be47ce2dd9dc7da18d0caca3dc15ad393cc46b8bccd28feed36ffb2a3cd2a8073b10 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 18f96f332a9886faa3141574520b29dd |
| SHA1 | 4e0aef9517a4ccd9ba3db1baea61a7b387964900 |
| SHA256 | a12777b5b12d7f78e70bd56509c1a4aad115ed50654971320a5105977c6ac533 |
| SHA512 | 2a867ddcad414bb9eca0f384d99c8937fb81e46cda052d841f0662b7451dfc1d48e6fc7ebeade7f601688ae89607fb1850683e5760f9ce803f134727ad581941 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 98fedc887002ab618dd4c9d5d5fab0b7 |
| SHA1 | a88093629e71af01e0d492ad9405adfb72a1a941 |
| SHA256 | 8fe4d022a7c83c7138c9050ef206f649056151c82a6434546ad3cbacddd310d8 |
| SHA512 | 0e22aa9c57cae2b312f490e4e2516211aa536d24a079b20bf21c136526f082b7c7832cc2f271b8b1d733a91090601939d990fd4c60de27448591297e90956b1f |