Malware Analysis Report

2024-11-30 02:39

Sample ID 240407-weq99aae68
Target 2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk
SHA256 5d84401a6cdb6f2d5dbe6cf52cd9b79338f873e437b8bfe0419a84c2bd04ef11
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5d84401a6cdb6f2d5dbe6cf52cd9b79338f873e437b8bfe0419a84c2bd04ef11

Threat Level: Shows suspicious behavior

The file 2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 17:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 17:50

Reported

2024-04-07 17:52

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe"

Network

N/A

Files

memory/2924-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 17:50

Reported

2024-04-07 17:52

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\cdb13c2205991d4.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{AFF521F6-AE33-4DA9-91C8-593A92655606}\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_4b38723ce9b8c78583a22c74ea37a47d_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 uaafd.biz udp
NL 35.204.181.10:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
ID 34.128.82.12:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
NL 34.91.32.224:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 34.29.71.138:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 34.174.206.7:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 34.94.245.237:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
ID 34.128.82.12:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 34.67.9.172:80 reczwga.biz tcp
US 8.8.8.8:53 237.245.94.34.in-addr.arpa udp
US 8.8.8.8:53 bghjpy.biz udp
US 34.168.225.46:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 8.8.8.8:53 ocsvqjg.biz udp
NL 35.204.181.10:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp

Files

memory/1696-0-0x00000000008D0000-0x0000000000930000-memory.dmp

memory/1696-1-0x0000000140000000-0x0000000140248000-memory.dmp

memory/1696-8-0x00000000008D0000-0x0000000000930000-memory.dmp

memory/1696-7-0x00000000008D0000-0x0000000000930000-memory.dmp

C:\Windows\System32\alg.exe

MD5 aeadf911f6347b7849e0367901bdb958
SHA1 0498e0d031ae5388fe35fea31f15d84f6335f2dc
SHA256 99730b5caa79fe71e494a75260dee76c83b4881dc04471a8917f84d75bb56cf5
SHA512 19282aa7bc0e180f067469030d34e32ff0576a9abe748ffa8261923a9368b738ee90dfacb6bdf107db2c4d90ffc1e8ef225c2565790bb5c0f6ddf450902b3c63

memory/1532-14-0x00000000006F0000-0x0000000000750000-memory.dmp

memory/1532-13-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/1532-20-0x00000000006F0000-0x0000000000750000-memory.dmp

memory/1532-21-0x00000000006F0000-0x0000000000750000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 2f5130efb089a35d869b81fde469ba8f
SHA1 34dfb608ff5135a611ca8d7f0b1b1c1c276478f5
SHA256 e88265554e0ee9e03bf18518357c9738c1c35244f1cf0668870e4d86f3dd4979
SHA512 6075cea968935ad34eb9e148d2cb3aa7e7697120b44584b2fa639f651638cbb8b6301cc104fabde351057257c70bda614bff1b2eee7a0e524c5f7310e498c196

memory/3132-27-0x00000000006C0000-0x0000000000720000-memory.dmp

memory/3132-28-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/3132-34-0x00000000006C0000-0x0000000000720000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 70d2f25106854f3595259e1f76d529b8
SHA1 ead9897fcf4a0c2a385c3787cfc60b982781b24f
SHA256 8b5fa0c11345061880faff8667ee81986bfddf4ad3ad3f5eeffc384f509c9076
SHA512 56698a1c2517a1cc4adf45e7a45097d0ed9e95065f07c4b8e428ce65f46cdec46d382a6bf809ab2ceb9ef1cf72dd8b38f3fa717fdffaad9bf068fc213447e065

memory/1696-40-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 234cfe56f1b3cb4f818e042fb7ed7cdb
SHA1 0578293c7a30bc0f4a92edf256a5b4e5c09d6f79
SHA256 983a349a1e82dfbc2513cada08055f38143d7476c09900a272573d35428cbbc2
SHA512 472d2aeb64da5d7e09fe7dd6b95c6b961ec03f36199c3dbff719d8a01dcf891217776257e345379400108f99e0a4e6de2d2a19bbabfcf557a0e5f5f53a023988

memory/4436-43-0x0000000000510000-0x0000000000570000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 a93748231b9996469edb6340e5909f9e
SHA1 8f34d92cd583f9ca24428fefaea2ef0a59ccf56c
SHA256 2cb4c79781728ea754ffd5f5d724a3cf6ad1983e84f7f391459c6ee654a1e3c1
SHA512 63caa4904912d1741f4f7de9b0060d750b96c74cefe5d3ff6e2262c67c399ec9fac56bbfe16723f32d50ad2a387743d246db4620e96ac11aa7810460d35f1e6a

memory/976-49-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4436-46-0x0000000140000000-0x0000000140237000-memory.dmp

memory/4436-54-0x0000000000510000-0x0000000000570000-memory.dmp

memory/976-52-0x0000000000DD0000-0x0000000000E30000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 73123a234a9e12c65a3861b82a0318c5
SHA1 7f755921e205cb517dc8a39524b4a41b87d5a075
SHA256 9635da40472a6404e5a12e95f982eafb7a01147cc80c8507e2e704edae5f5ce5
SHA512 126422bbdde8fec5a0e2143cf069992a8b187a9b66ce21182e5c9ec767cf1d29d2d10b3a14eb39cb30e1a17322aad597b8eaf502183ff64249f3e8d771793873

memory/4780-62-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/4780-63-0x0000000140000000-0x000000014022B000-memory.dmp

memory/976-66-0x0000000000DD0000-0x0000000000E30000-memory.dmp

memory/4780-72-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/4780-73-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/976-75-0x0000000000DD0000-0x0000000000E30000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 94ae678517a0e5a88f9840c75c03180f
SHA1 cc0dfdba04762ef5f1309c6e6a5c5f2318b2f652
SHA256 69950a04361c8d2e1392c678caa5f6b24567daa8e3074e6929b1b52e881ca670
SHA512 82fbc23e199f12edf896eef79a0ae250a5a2f96f6c1e12d18184d4cb3f7a05465b1ec20e8aa305c84be5aefc6dcfcf3e6c534e0f9c9b5b8c9c4f8b68deba681d

memory/1128-80-0x00000000015E0000-0x0000000001640000-memory.dmp

memory/1532-83-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/1128-81-0x0000000140000000-0x00000001400CA000-memory.dmp

memory/976-78-0x0000000140000000-0x0000000140135000-memory.dmp

memory/1128-89-0x00000000015E0000-0x0000000001640000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 71bd7ea142d163c1e08d96d2b340d6f1
SHA1 f062c831bd37f70c1c5642385179c8a3c83061e8
SHA256 0fdb39a9c0b8f812dcae74bb15e0263dd137d0517a977546cf60b5cc979dccd5
SHA512 13fc24cac8aae5bd0124226d627fca436cf8e96010cef6d70076166284207a6b83008bfa66d25a1ba65bc4108a26f03fa047e85073feed0341606307de79ac97

memory/1128-95-0x00000000015E0000-0x0000000001640000-memory.dmp

memory/1512-99-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1128-100-0x0000000140000000-0x00000001400CA000-memory.dmp

memory/3132-97-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/4436-107-0x0000000140000000-0x0000000140237000-memory.dmp

memory/1512-108-0x00000000006F0000-0x0000000000750000-memory.dmp

memory/4780-268-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1512-271-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\odt\office2016setup.exe

MD5 8e95a93393bc519ac017d78cc22d62be
SHA1 fe2d2a4953b6d87e32ef10b35daf3d5911c0650d
SHA256 20ed498b101deda6f53b5a8653b9192ef6122c5b5abadc2d70bdefd6372a97a3
SHA512 78f909b08a58a0b5125d1cc80601741de13b3d514fb056ab6b921aec664e71174c410b687e46a16a7d6219a55bd02a78b06320c4c56f5d25f395594e4c2a22bb

C:\Program Files\7-Zip\7zFM.exe

MD5 8a996b5bc465f4c282592b83435e9867
SHA1 398eacfd306ebd6f2148aa065c445c4370d6e98a
SHA256 e1607c4ee2e59adb8631b782e78eda7bc25c59ef088c29767a3a1b7becfa34c2
SHA512 e52e1d374babada12696b910c5a567185ebd865c4726838f34ad0c45c474d65aea4c643f388df6edb3d568f191ebd55df485808a58b6be452774a626a121576c

C:\Program Files\7-Zip\7z.exe

MD5 aa58fb39b81a70db951b2f5d63a0d4bf
SHA1 df3f37962d88ba21c698689942f0dd98bb8b748d
SHA256 8ef1cdd1136177d759fede90401a1e608dc0423d554768a6ebc7cdd30ad92eae
SHA512 568d01546f3a63e698a7d9ede9a4768d8e650f21986f5fec7d8c470f367959a1e0ac50d12814a2f993353fe56f1bc36908b403734ccddc810fed1bc525455799

C:\Program Files\7-Zip\7zG.exe

MD5 7c60340e59b7bce7e51568820664c65c
SHA1 19b516910e66a144eea0a6db9f1a2ffd2f51a29b
SHA256 4223fff644232144d5d6fb4407de00f0f3e35596e80ca1914cfca6002bf9683f
SHA512 78c691062b37dd2d60d8c67a45989e33c84f26da84fe21e8c391b08143f1f057460e407bbc5548947c9ae92dcd3c4db365160d1cb2b77a2ef0c1822cb06809f9

C:\Program Files\7-Zip\Uninstall.exe

MD5 a386c119a7f71320c2774d953867027d
SHA1 556952a261bb404555340a9a3a74e2763408eb2b
SHA256 be65e0271697535ef37961d01f612939f6f6ad019bd55a4245220de393032247
SHA512 c4a5cf3601410c64bf907a647ba5dc839c7114d2823995974d948718a0eea7f2e8678ff45577db6cb88d8a656b0e91c2603e9938899984ac05cb1a08d7163426

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 d2a93a5f1fc3bc58f5bd1e82e080fa2d
SHA1 429120eb67dcefaec06a338ef46704e19dab8e9d
SHA256 8ef9f0a23894d2983a0cb44ea6b559ab32fec4ddcc3de7f3f8418f468eeee194
SHA512 1c1316e1cd4278e376dce53a5956b223403356a54d2739a8e885de0342e11da700e13a48daf51bcbad1e4b16b0592f12a17fd0c5fd0a058188eaad17b67f153e

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 6b0e326164081ed209e558b158368bfd
SHA1 a258cf897af135ef036f2da58a61c57b3cd88ff5
SHA256 0523a1a396ebe88f94da81d52e29a1bce7b32dab82590be7c6d3b098968b3784
SHA512 43db054c36d91cbfb31a925f26f0467fbc14652197caff96c39907ebb4dffa404bbba24bd0e4b6b816d98339068dd1851963326df7a7e95e77bd901ef157c564

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 58b8535d51bbe441b5855006a32c458e
SHA1 f46dfda0f9318dd262f5d074bae4528c4525ee5e
SHA256 db35f07dbe5017dc1e19ab3611d7bd181423c085adfc735682e8402a8e64ae04
SHA512 5f6d2a34f2f9817e11b61f3ea3117bbe84ba2d4a57c19660a53d522286cf2f174886dff68522d056bc5a9eca18fdfa12e08a82a9ed8c6ae14987203442eda929

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 2f4977dfce8d36399874d76268bece35
SHA1 4a0d51dad29e151ff395505cc24c706dc9bb7ffa
SHA256 bc114d76a7f52df701b2b9b9deebc903f0db381b1119195ef6c1c70c310e46c7
SHA512 16a51a3c50775b3a5fd2ccb796df45f3785f3d91cb93dd64b2e06c095771b991b121435a60772a17291479d06e313c45b3cc2662acea397b48599d7a3e571da7

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 1d1aba6018c0024e2b335339ed89c28d
SHA1 e4443c25b6cbb9fc3105235b5aca14f5e3d92bee
SHA256 d82dbb4209d438f9df0fc0c602e102c4bce42959269719b2efd4a00ce135484e
SHA512 401875e57ab664ac7eb61fa42db6eda9a836187eb0422f9e47c0eb2d27df046eb5f7e51b1d32618af6cef33353927b7845e02fe419ab23831b64b1698de5112b

C:\Program Files\dotnet\dotnet.exe

MD5 ddbf9ec7f52d7b6cea9c7d835a54a928
SHA1 ab01a5199f5ef6843e8f207ad3c91c1818f14d6b
SHA256 53ae4f55107aed7521d23140bd79eb6720f615ca059d1b517aba672a52948636
SHA512 6d44fc588d171c1d50266f269ae34e0ed92ac30fcda5e90885a57d006a79f7cdfff8e4d8e45d7e8610c419341b82213cb64db6cb7c58ba19c5f8405206a837a9

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 71e0d698bb1bcefe73830e65c1b93e21
SHA1 0ba9cc1ac41a5d34cbbf1e4b5ebfa1b629fd57bf
SHA256 909e8f64e13e75a0b9a5ffbc9e12dba6f9ad74009c072fd26c2990d8826a1af5
SHA512 15af411974f5d067e11ff484fff48e283c385fba0405a83492102890fd24ee55da0f9895a8036d3c9c62d283964d6b0b52d2dd6ecb2ff2ea480c134cca5c21bc

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 0eba2a6dbcfa07f979e9702bd70008a3
SHA1 fc8caeb9efc7f115541b1c89571db33d918d324c
SHA256 6530c6ee0cedaae0e71b2d807e023b5e6e2b3baa92daa394c588b9ad737e191e
SHA512 63248172685653754a8a285ad39c120ba14dccd7c1774bc75cbafd9ed75f5eb01e08fbedede7aa989343821a5a4953c43e68aacdddc83fbc60baf7bed61c460c

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 8328987e75febb3d3481b0d2fa5f5782
SHA1 74ff0a2d835ce01446602b2f27823f665ee70e87
SHA256 36042d11db3979fdd0abd0923cda617b6ddc1bb8193bd820377d0ce065f93663
SHA512 faa6843b901c2a286f77a3e1fa8ac27561ebb41fa15f52c7a9971af9c37883d42a574f5e4691a9bab544071f34d8eabafcaee8050350b758a55f86ca9f536eee

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 0ab6d318a041fc9d4ec480c3990586fc
SHA1 0e39654f091987363024c1b79883fd2f2aa362eb
SHA256 ec692bdc22a1148e5c14a56ef3143d6bb86efb805ed13d24a7284782001b8015
SHA512 36158f6179664eccaf7c75670bead3696ecfcd8c6a3a6ca2690418b0e46dbf600a6cc568563d6b76009241b839fe674b28aa58e379145a9ac4ce1a888f1e1c0c

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 369c4984252b3e14e48818b4012b22a2
SHA1 deca8094209b4af8df99445ed37d1e8a62c47d4a
SHA256 34c71291c2da833d4b248ced8a5ca02bb83a6d60e6b148868f84449af4e7bf1f
SHA512 8b3733fe6a5cc1eda5d3a90a97621872347efef2e6c577f73869ec3d00ec4a51d4b85773a9cc63f01d190787860ff12bf89481e8ee67df481e2dc27e17b64549

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 089f1456326568ff2097a821d0afebbb
SHA1 2fdaa5fe6780d2d90987a7633d5e196e5a4cecbe
SHA256 84c1225db0d9e78c8c632f1248799b65a07a9e4e4efa25d5769ac3d7eece08c6
SHA512 11a60703b0edb89c6bd448e9b80be25d14cfeb6da942dd4a0d882e8332dd316e591469a355a941dc774316b59a63343db2c5ce9d035caab5bdb0e923c54ff87d

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 557df1316c43b5c8dfe608287afad0ab
SHA1 2f15fc80bad6945f8c95f6fcd1748755aa52f8fa
SHA256 496ca50ff840beadf29cff001384a67f29e200bae9204f85fb0b23e2a8a66640
SHA512 cf5b1028d433e2e67a02d7e054bfb2453044b309cdc2fe76d010fffc970b814f8bbee7043bbadc700cefbd3c64b2529553a6f81b2be239550fe39cc53d19c53f

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 61718b9b5ddcb072e211829ace8774bb
SHA1 9dde68836dddf75367d58b129b96c35e397df133
SHA256 a200d1f634312ca1c8f519624c532812c02f99da840aa26bc9f379575fcf8a20
SHA512 0a65666036bfbd483005ae5fedaa3d359add5b25ca445bb7a36e592d5f63a488007558228d1b3c7a23a4b932aa7a3e2160f998235a0434be89a4a9ad43fda5e9

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 89696ade56a77b29377989f5d66d4d9b
SHA1 8fbf643a247d7bfa380b6c1e7023ea8ddc9a6fba
SHA256 9a990a918ec786e6e8be8cb2d50582a9d50e125d5b73ad91370f50f26f9c5be0
SHA512 6907b102022b051965a4ed2e73b16c8e731ce2aab24257baca7a72ef02b6b90a05ff99bb97883d311564f70da2179bedd2597820a96392819803395e66cd1215

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 2be29aa689d15caea547dce440dc10a4
SHA1 7990d8eb268bd9c1769664b26622f5f98b02c258
SHA256 e96641f063970c0d989f4f9055f7d92608eb5e949c9c045e771d9fa11ba614be
SHA512 bf6611212ce8ddb1180d710d0736a2329d4dd446c90041164ab2af5620b4456f9e6621db92808f2d62fed19d6303a122703bbae50b75b0cc022f409f83b980ea

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 44a1ad119ba32c7e8d0a48434628da7b
SHA1 565d9dd2495af777a049e8d9444e881a170bf6f1
SHA256 eccd2a27189e5c2957c1e1615149c5dfd161d1d9b613fa93923066d42b592f72
SHA512 369b53f0f6ba3fd629bf666df9bd3f796eb009976f532c820e599fd4f7219f26ad210f14486ed6003e430317924125e84716661cf291fbd737508761fa2cf7f4

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 cfccb0ba3935eb980b2c805aa5c5eb44
SHA1 81ed83e93d73970c92b7190aca5eeeab7b8f2238
SHA256 6c7e68240e3b3df11c3769727ae71e978397706835ffd56f28b87119f732951f
SHA512 2485d97e9f9c6d879a26fd98bb1940e68c6e6303331d31218dfa690a0efdb0f65865255baef37739c5ee76b10458bf5c1e4daf85f887b2eda49aa0c401117dbe

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 5f2f34c701d8c4a4a208a49a5d56859c
SHA1 c4b3c28fd0f0417979a2281fad61389cf0e5c939
SHA256 c792086898a9d033d7b6677c5cb9731325a24ef78e769a4c617e7b6e13f8a850
SHA512 c567f36316222cecf73c5c6f15313db7bb4aeea995b06ed6b56cd9803bcc8611a3e46e8765cd09d039ac7d81b0a8299048efc9c10b060d1f9d610cd0bef774e2

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 e2e8d1bcff8de882188d7f4164c7c70e
SHA1 55e70bca48f8a658b18a16a4c29a46c48cf2bff6
SHA256 39b4295dd6583634ed9c61931760991539ac7b943d94e994e852126ad3870e0b
SHA512 6eb88003fc9505a249b0a699992c9284856c612a838dc2951d28e6e77df39519f35ab6e2ac8a26c7fd30069310f3a3f9b6ca9f4a06d6aeea8c21f21b2c41339a

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 3d1216ee63b7727397178bb8cf3c7a11
SHA1 90fd8cf1c466fb5309145830e63bd4712571df16
SHA256 3bcbd384524957bc174435b88ae6a90e9059463e93e586cf1f363bf55727bf42
SHA512 34b020f090c9b8fc14f7d2d8a7b4abc967200312e5cb439e1d3510511856c42798296632276f9d9defe629d9b2cfe9bb093899cdb3f2911567bd533e2318b679

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 78c9118ead9e1cdf8be2af0de18cbccc
SHA1 cd4470a01f894c81a01346755cafea9533444cfa
SHA256 248128ecf04bb1378dfe5ad76a56d03a509aec4bd26cfc4d02d64e0e2f6b51a0
SHA512 761860db2dee99673d8b9bd08bc19b19f9d1ec1d6b77bd96c44c9471e4285eba546b34c532c2e18630ee5b59663958ed972016b8367e93265fff2f41e9f3ca2b

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 cfb42c083f2a88e75ef111d48efafad5
SHA1 60c1cfaaa60847f63cd41eb4c6614fafbdeb7d90
SHA256 bd204452ca93a9eae558c6c454830cf5901a292afffbdb0d4eab72211a4779df
SHA512 c71e574bd3309a5b539c71c8f20de175dec9f12b5ab27c896a4ae0e2487639bdbeb1d9600be904fd31fd952a3f1fbf8acdda0c504d88b8a070ad0b2edb338f85

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 bb030ea91127442f479ad912bf16b00d
SHA1 12202adf7972c4b381775220323e52159cf9f291
SHA256 5c1dbae471a7c074b96e6fad4d02c96c04c3b3ed8ba488b3a38b38179b7fb5a2
SHA512 eeda3761d60fd4b84a037b52a75b17f6a40029337563002b914547f789331a7b22f7ff79c01ce4c40ce19c6299a5adfe3ad28e2143d356fc26ffaab61f87f981

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 d47d20ce377a748f79e999769f8ef5b6
SHA1 83e8b13b547a17d9e3956debef089fb41d14aa67
SHA256 bc015c4b2cd3965e8f4968ca4a9959e7616f5d7c12a7928dbd79d35747702b91
SHA512 0115ad159fb6493f4dad3107d334c5f709a9a1ca50b5ba1ec6b2a93ddc9742128b515b01d608c4c7a08cbfa4a92119cd39b18068afda1c71c9f82fe6fd8147e9

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 a2c0b3384d0e3d597723d1e78e5e4670
SHA1 b45a30be72382b1cf76ff3da14423398d17ba9e5
SHA256 f6a66316055f374067bc2b09a6a1b0f562e7ed546df0fbc99a816e8ce4fc2f18
SHA512 b7c0121c62ad63627e7768ca8ef9e917ff723aad4efecdbc53845eca121fd2f3d9efa2a2fd51886b8f85402a6f12682b81a5872eead55fb9fb1a63f46c6c085b

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 4b3890ab88ba99d62ccd3b9bd859f845
SHA1 86826802cda3e20332c4706cbe865c6d59e76518
SHA256 864c2596fdcd367177de05625f80533e69530bc69f7fd7f58ef1dc8516ecdfbf
SHA512 695516249c80d58a6b0a658d01d25e2e5ee8ff5f72b9e40bc9950a4d4e07d5f3b43107a6dec16946770d668385c33509e5f1521eed3b0d0718e58b74ee1f97e6

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 6e00caf3ec782aec526f99054c2633a2
SHA1 2f7ce4c192e2275f1a4f877f3785afdcade22868
SHA256 26298562343a1948482a66c15b54770b0f73af170c636ce18deb976c83951e6a
SHA512 080705bd0b2f03d1a861fc1dde8525eede6fc41bf31f3806e152580821234dab2e396e7e3f7bc7b8d62f09eca860d17b3b3a25f25f5e49c9bb8697b5d4f5efe9

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 250b3ec6fd9b4dd8cb32b8ee209bc807
SHA1 98b7e8ff3fd8d2d83f6829b94b89a5d9fe9fb1c5
SHA256 34c4a9b5b2bfd6deb6291fb62cf4c7b72187a1e1284a8d05d288fa6e55cc9e24
SHA512 2f903a4fce17ef9d7c02073251ba66f509104bc5a2daac12e011042928cec5826697f022d96cb71934199337d4fcd6179e187415239c0bf9441fd5482774a29c

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 faa8f8aaf652b3843b1b5a2526a5f7c6
SHA1 79ba715326f13fb3878ca96b900b3937f4ddd452
SHA256 3e925db1c429aeef8a682b918091646284f6fef79f1a759af84318ce521475f1
SHA512 79e052ff744c3ec35c24a5d0c3fbfff8f7092aaaee37e0d97e76d867bd1c854ddc2d763dde090d1a895a88fff5f1b3edfd152d4b6ecd822612fc078febf0faa5

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 e9f475369f3ab998653dff9d29d9956d
SHA1 18491d9245e9b819b6d24f27efb49cc90ff5daff
SHA256 f7cd50b060e863dcdf8f256e6bd9f4b0b34ded86c6748fc947b7bcfd4d154db4
SHA512 ea505525af623b880672c9e516c2dcd021d0a07b2078fb564ce49cb8a7d6c7847e22bda442c25d3c1f27c6177aba1a14e3d704f58ebfa159e92863ced3a9d0a1

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 c9b04d703186a25669d84352b57938ad
SHA1 093a5c272d5fb204718ce0b55031056597835705
SHA256 b2b30f13988362893e3f79a82a27dcf9e83fa7c1adb5c6976c316fe1a3075da7
SHA512 fbaf3242f4bf6eccce8f7a882a6eeb2f9981392d8b0fd3c025d76a4e810d3690804f6591366fc0d177389296d0bd7377198e4bf0ad1d157a6f31e621209a9d00

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 f62c1fa01be1a00ab3747aafd5101a51
SHA1 b1badd860eca66d363cb748fc0695f9392688b93
SHA256 739412bf72db6f7c84a88121f34c67fc37c5bfe0112e23266efbdf96e63b6371
SHA512 e960722e86a500be86f3581e66a68bc48dad4a6b3b654c7ffd9c3e687349e5fd30a77ce2efd7f281fd8f67f3f2f6b1b4cb40c5a8203c5f33c61ddfbdecc6323f

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 85be7101f9ddc2ec2dea28a905dd93d8
SHA1 24c5047ac20fef5494d4eb7c0d1fbfe7b6a78b01
SHA256 bfca223d5908727b2ae3a0d780dadaf595495d4d6843019fff40d754b7e3d8cd
SHA512 51859aaf7eda892d60a7558f58bad1467e7604c2ce03ce228e1d16216be86c437ea7902a78a14fa2b1caa7f128fa637049884755f8f422d67f573d8bfcf6466b

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 3240ec9bc2d4e6698b1bc209ae1c0d62
SHA1 904e3a84cd2dcc158382fcd6087d11fb21501f1a
SHA256 2a3660df38c8aeb65b775d7e435ee0b2340cb2edef70ba5635c1224336982d48
SHA512 5f9c1c081e2a0d2d5a3fea53a1055847e6d73eb49e8ed99c3bafd189ec1ee421b99eabe2710ea28b97c60d90307a7759311aac749effb3b6d8eb662e0b4c04ba

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 aa6b8dc2f329d9a4c0162b297d199d55
SHA1 20f3b938bdb0073c7842e61e45be378ed0132d5b
SHA256 787f4b915ea4b944724e2137026f8e1a18c7f63bbe75c41793b741ba9591e5b0
SHA512 30980aa320a069bbea6613e2d132536823a38d3b004668009df99877b43856bdad154d4cf5f3cf731760974cff56968db2d742789b26ffa86b8a3cbf5a373e76

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 5cfe85c5ce2e36761730f3de51fd1538
SHA1 7187efff2b6dbdfbfedc2f25b46a6a8f95d6cfdf
SHA256 eeb056062f4d9278e547a1bac122c4dfb0ac341a968c5815b06460c26ab835d2
SHA512 3d6647a6bbc90bd4e39b31ace745c10588972de3e2900d5828b0326365e7c4a16e503afbb80afee0d5c96f5722c47ac22c83f23874c7fba472e5727842b53479

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 99653127112ffc7221c028404bb811bd
SHA1 123c7429a543d9b37d8aae4cae074b32e1c2c5f7
SHA256 3818d6a8052de896e00a39f2c667bffba3ff6b831b3e123cf7e757aa478d5116
SHA512 f267c19bae1de0ec541e744776b370fb845e685e02491baa7035e7680817495199712f7e8262a85dd9b9fa5ee7443663deba68adc75b20369f11e7640e4283b3

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 4e08632fa5021c51ec3bedb2f48ffaed
SHA1 4d60c13697c6fe0af3b79580b1be6e49bae576ab
SHA256 f5d8d106643da396336ced507876de9a4dadde32a0929b38404eac23d7bd8897
SHA512 73610c74bc65540dedd0e4ce8d6c439ca31b65ce7c8231577f6fb9e5a81f555bb910584b5e64cd6fa8b5e181d3805e49f7bf1932f3945e75cd14752a91bb7db6

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 3d61b7665648bea506b5adf958ab303f
SHA1 99473b3911dbed1a1fd8db3e5c7588f93a56f164
SHA256 7c26d61eb037c7c1c7c56190c1be61456829ff58fc14ccb0689df56f31135382
SHA512 a534f861e4c9e08cc55c332ba00c3247298d20125e4831c19e8628b1bb9d708b4a48970d9b88ff379c727dcd0bce492fe400c19eb4a915cf62b7494ccc393171

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 985d29c33b1c2bb039529cafb6537008
SHA1 9f6f47b6f12a45236bc0ead02640af08f5d85baf
SHA256 15003fc41142901898a9e9dc3c9e343e46e70bc4c31a8459c75f76f13f7500ac
SHA512 e56f51208a6ba111be643025335dab5eda3678037f60ee86ade9e1fa187390b9e586aa2fe7c0b29aa5b79a2bed99d2dd2be226554c711f01dc0ffa0fa4a79ed7

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 ba61de515ddca5e798a910588dcbeb28
SHA1 99b4c6502ae2535a6e920ce1e1f427af5429c08b
SHA256 aab2750b85d7f530d292456e795cd3addcb9e07c70e6c1fa26c4fcb63f716e77
SHA512 8b9ee34b456ae796c9fe21f3f5adde0ceaf8a866d7a89e7e4c1bcfe641124170a1685e822bf6561d5ee16ff53759afc20236383b83e70a313a24f29e8ddc99cf

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 918778f8f2e4fc1bd510b7fbe2cc3071
SHA1 ee61f46c97fa6b191fa0b3bf288874080efacd65
SHA256 0ff6ee4c8c586fa69a0667e72348a808cb8f35507aa253f9985bf809f43416ca
SHA512 d8eda882596c0115c03dc1363e589b23895f5e8b9235d874fe2c21f356bbf122c5c0d22abf64be4ef492375d28045256e3a58a7092bc4bf1b71abd8408eda414

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 b46af94d1a9b12fc2b261b3ec3bf9181
SHA1 51744a60b102459c9914204ca43b083fa11a2f26
SHA256 0c6e5a62c05446fd1231ed08d5425c104db00542383bbad861edb98e9f04ab94
SHA512 9c6365300d40f0f54c4c9b015fb9e538381628ff080b68e947853de66da84a7f50f3f3c704eff62be89e6e56585199e9babc408e6b907c15f72028a63968fbb7

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 0e9a85338283ce16ef541f904dc17463
SHA1 0f717b5d8347cc7f08a18b8a3689755b62bcd653
SHA256 0ade5eaf333fc3e1ecedce62266cc3bc74ee5d988980bb944e1569c982670db3
SHA512 ca6fc476ec75d8e2273b6fa3eb76832374233b8f9a3365b924c1bfd0281b4c1d99b8446538ec57de830dda5ed857a37a6cae426ff65d5e6705ef90f533dd65ef

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 df30a8fe769222a34bd122b78d3d2c1a
SHA1 3b36433cfd948a70a984a01c8889654b15a5d479
SHA256 195e848906fd4292467045008a114ce7d7dc22acaa1b49f650ebd5ef878ff9cb
SHA512 eba37dac103e4d1ae9da05194add2e4dc1df81efc17b6d41dedc2cebb758e77523f5b5ad8faeeb3120063d7314a0044c4233e27d8e2530269063b05e1a1c25ab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 f1e31123356d69e24458df846920ea71
SHA1 3573d0ac1cca1f83e020ecfef0b48a0dbeee4619
SHA256 cd8e5d22f251fac3774dc52af10f5f6408d9f3b9bd5076efc18492bdc0b601fe
SHA512 74bf757146c6e1bea2787a3ac0ae32379fce4bc26839dc75854dd4dc54e21c62cbade0c7e7e624bbb9bd3b7afe0c8763ceed5e600887a4acb0209dc1a1d0c2e6

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 42dd4b649a3ed76d95a7b658c58093fd
SHA1 e240c9875f19e1139256740c3456e6ac79fcf30b
SHA256 1bb45eccb47fe85dfe86b29c5aa30ffa44cab52fa1f17bc82892c47769d8b5a7
SHA512 93464c1429486bf0227714346094b5e6a02f222ac052b425dccfd7609892b7bedf6eca53493e5d2ba97d1155470698ec551fd2cc8d86e31c12fa7424fcaf35ff

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 e72346f3188595637c40ed70fb401c59
SHA1 de86c6ca30f65dfa122a8ff4c23b6f955f6bacd2
SHA256 c0d8a82f5f010fe4c86b33812579fd4949024bdf7dd15e16f50af4d98d4a8116
SHA512 5bcc46ae4ae95b9ca4ee9957a8cc9da27447c9f8ee909a2067133b7849f4adf980bd69cce70107525180feb2e74d2f658077fca24222b1d3acb5c00912bb9421