Malware Analysis Report

2024-11-15 06:07

Sample ID 240407-x58snacf46
Target 2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk
SHA256 5256272996127b2837c4a8c306a0534b2c800ad81b7fa5f17bc0c08e004d83f7
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5256272996127b2837c4a8c306a0534b2c800ad81b7fa5f17bc0c08e004d83f7

Threat Level: Shows suspicious behavior

The file 2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:27

Reported

2024-04-07 19:30

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\847e9d482a644d7f.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\System32\alg.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp

Files

memory/2776-0-0x0000000000510000-0x0000000000570000-memory.dmp

memory/2776-1-0x0000000140000000-0x00000001401EF000-memory.dmp

memory/2776-7-0x0000000000510000-0x0000000000570000-memory.dmp

C:\Windows\System32\alg.exe

MD5 8ddcfb488d07e5ad716d0a7ae5d28190
SHA1 c0b7a3b332efafbdedd091b0eb1795f73e3a91de
SHA256 8cba91025671ea6bbc04e4e0d08dde37f8b0367959c0ac5bcb5f9fef18d802b6
SHA512 c2c0192d686de184e3ca982e6ba4477605b62f12d24d30a8814af221c1deaa7e474ef547b5385b29e35fa2fa2def8fc4fb8cc59667b5bc294c1bdbf97945c4fb

memory/788-14-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/788-12-0x0000000000740000-0x00000000007A0000-memory.dmp

memory/788-19-0x0000000000740000-0x00000000007A0000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 16095497f672b55155a2096899ad736a
SHA1 e305e247eb63b827950a61fe6b7b60dbf0b7a1b0
SHA256 a3fa990e4a534a335a1631a5ec8e60af74f67e3b210ee6bd0e5eec0fe6744314
SHA512 8a89ee53eb183b12c26131dd4b0625d6a6f5cdc25bb1ef7369cde6453f220cafd83317c3a90d538c7854e8a5e84ed026dc0d368bcd93c3bf78cefe75901d5cac

memory/4824-26-0x0000000140000000-0x00000001401E8000-memory.dmp

memory/4824-25-0x0000000000680000-0x00000000006E0000-memory.dmp

memory/4824-33-0x0000000000680000-0x00000000006E0000-memory.dmp

memory/4824-32-0x0000000000680000-0x00000000006E0000-memory.dmp

memory/2776-42-0x0000000140000000-0x00000001401EF000-memory.dmp

memory/1696-40-0x0000000140000000-0x0000000140135000-memory.dmp

memory/1696-41-0x0000000000C90000-0x0000000000CF0000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 d67eb82ba546c217510ff8a734d4780d
SHA1 58196b4c169c55735a04e6d0e43d87a3f8590768
SHA256 a03b0c41e235815c5ede7f396298823d9df1a1f92197467a7fed71e53e989c77
SHA512 5cd053dd774ba3f0ad8c4970df004a0ba282b8bf209e43a06dadbee12f5631273ff60de253a5cb8b26750d51843ca22bff58b8807807beac6f3ee6f43199e323

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 fdd09d585dffb9154d91c46d24fc710c
SHA1 c200f909aabdf1335786f96de2ac13279c8f6307
SHA256 73d6e931a6697ffac61fd839992d3f59aff617eeb68f2f6d6ffb579d469205e8
SHA512 8ebfa4d90e2edeb12e6909e4efa9636802cf4490321558e1346cfbfcc703d365cfe9e712dcfd133284a4dd3e30554670ed00de9893a61f5a65447efaa235aede

memory/3996-48-0x0000000140000000-0x0000000140237000-memory.dmp

memory/1696-53-0x0000000000C90000-0x0000000000CF0000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 f1ff874948d6213ef9630635fe7aa02d
SHA1 0fce5f2a4c681dbef3d9e2dc2ed0646d5ca4e463
SHA256 3ff6ecae07a47f0505ed2266204c9685fa26b221d602d42326617512c058508e
SHA512 ad7be54280698c5192240f9768f391a61f90b2cf533d8c814b9bb10c35b00685595180c6fe2d7f653c50b01110dca5ca772ef4373284b49b9120ea265b8f19a4

memory/1696-57-0x0000000000C90000-0x0000000000CF0000-memory.dmp

memory/3996-61-0x0000000000510000-0x0000000000570000-memory.dmp

memory/1696-63-0x0000000140000000-0x0000000140135000-memory.dmp

memory/668-66-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 cff81970b2072bbdd76660ab32138651
SHA1 3ed94d2e2423a9c351f886663e71d91dfacd2759
SHA256 332a45e0be86904f01274cb41da0dc6957ab05f4b7f5aa2d474606d788a31a83
SHA512 59f370bbd709a182478b84f4d6a70f70405fbcf5c8a9f1eede67617ea01e490192014b75b913e90d75a4bbfc65719692014786506b31b4649b0a22ccea13c9b3

memory/668-67-0x0000000140000000-0x000000014022B000-memory.dmp

memory/668-73-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 692529ead8f4b0c33a89a1b137089b9a
SHA1 97f981a4688ee03ad8fe39a92f173e4eea0b349b
SHA256 ad2bf26d7a03501523054d0b5b029b724d8a2cbdae4ca51f4453e9b3b0de61b0
SHA512 01de3f75023ede14b8788031c243d96fe0da17f427497ec04b6f480a13821988c850e184d92b0af419dfe536f6e145fc14ab8ef0a7af64a7f96c8c7f63f87286

memory/3064-78-0x0000000001AD0000-0x0000000001B30000-memory.dmp

memory/788-77-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/3064-80-0x0000000140000000-0x0000000140209000-memory.dmp

memory/3064-86-0x0000000001AD0000-0x0000000001B30000-memory.dmp

memory/3064-90-0x0000000001AD0000-0x0000000001B30000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 bddd76ffc934ca6a7596d1ccdde26fb9
SHA1 b269f9cbd4efff727c10104e51429a1ecbfc79ac
SHA256 0e351fba87ea24225617152ae65e8708ba6a6da8c24b68af0222bc2c5ca6dfd5
SHA512 7342d0c6b6c7ebd4a3d08cee7aac23ef6dc0695184543cfd9c7dff226259d973ad05a62f173aeeb980a04e8007df75ac6b1bd5f3820883c2f78724745b2db702

memory/3864-94-0x00000000004F0000-0x0000000000550000-memory.dmp

memory/3864-97-0x0000000140000000-0x000000014020E000-memory.dmp

memory/3064-92-0x0000000140000000-0x0000000140209000-memory.dmp

memory/4824-95-0x0000000140000000-0x00000001401E8000-memory.dmp

memory/3864-104-0x00000000004F0000-0x0000000000550000-memory.dmp

memory/3996-239-0x0000000140000000-0x0000000140237000-memory.dmp

memory/668-265-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3864-268-0x0000000140000000-0x000000014020E000-memory.dmp

C:\odt\office2016setup.exe

MD5 15aeff2b0dfa1815d774764e9213452b
SHA1 f848991d2d935b01f6952536f9e8cce7352fd646
SHA256 484763d6bb6db3b472b5c111d2e51da82606baacb577544b6ca9a3b2de12c861
SHA512 b140b62e320551bb8c5871e821a4356713bcd02a6573e3d04b916997f433be187476788f48b92de4fe5f7c15e7747b04593310d6e5642879006f1d7492eea2f2

C:\Program Files\7-Zip\7zFM.exe

MD5 8ff232482303a4d3d20c7cff64c8e0a9
SHA1 e8f11ea53c06475a4ab70f8ab7562ba21eb93c2b
SHA256 a682b56ee1420d00b671fa624fba598c606b139ab1716a65d9147e3cc6574f3f
SHA512 28e43060c178059cf225306a96067afa6115ba830817f7be24ddc9af7b29f44dc146859396216e7320abb392a0fd1a96368e92243a25a21002b1a86d37ebcdb2

C:\Program Files\7-Zip\7z.exe

MD5 6eba4d87c6afccd85b85a755ac3fa727
SHA1 6b705acb9c34972f43109ea883d08eeaeeb4fd5e
SHA256 bbc8a9f976d51fe96f5e153a961ec9cf40b91ed3ae7c73984fb0bc558deafc7d
SHA512 c5e5b734082f34f9f320af5c2bffc47673b2e09eb4612c3f81e215eaa387ec902b92c0889c0169e7310cf2ece58c46db624f2fb41346e29a48c0148f24e54ee5

C:\Program Files\7-Zip\7zG.exe

MD5 7f8d9bb38435065fd48b414f5c6ae06d
SHA1 2b7342b2e647a16ada27fe536ba29adb5c30a9e7
SHA256 71656048af3d3f879513312c9fc360ff8bad62c64cc108801c40b1633b7fd85c
SHA512 8ad4f2914090a933251f381b50e64a82940f6d641214a7141537cd56bb65db33b0c65688634e4533ab5283e531bbc2d2bd31f35399ae3962f7fd7ae2676c57fd

C:\Program Files\7-Zip\Uninstall.exe

MD5 d6a2ae9bcdb802ec002ea01fd0a05a32
SHA1 22045c6bc4ca41cec55a44039ad0c902e715b357
SHA256 3c6d246cfdfcb72406f6d3c484f5cd214371deca0dc4fd56e2f524f65dafa1d7
SHA512 65bba9f96600c66c3eb68f7e1e22b3bdff5112a332d8b40c70b1f843ee54c16d11aef29bf8af6a6e1c559c7498c0f2f0badb54423a6959e66ae3d4d230cd8b1a

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 352a5bcc4ed1e468907c85c6edbf78ce
SHA1 3b0fc027abb69bf438e6365c6b242f4f293f089d
SHA256 57d6a14b56011d16d270f2e5efc6f54a73f9bba78a93fcafb1abde313d83bf93
SHA512 1011056e337d9a005fbd6866f5dc25280d1dbe2b3ba56aa9926f0e9c4ca442ce45d59e147c505c8f2fd65d403d8fbf2661ee676483d98f515b42e3e75c13ed4b

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 584f27238a733b852bcea0b24de5cf6c
SHA1 967bc30d14603b2060b04adebb4072104ab82c6f
SHA256 d3482232faae4605d8a275a6337e5abc779f1416711720d703b097fe7411242f
SHA512 181869c694d16be7c6596205d9bbd364488f0f62f8f20d32619e23dfd116f2043d79cbe8d97cff158367746049a7047e1bd145f5e6701d4216a77f8717e4add2

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 d8b4e0befbac330a75d5a72106627110
SHA1 b9d1a04739630d42dffdebf06f966c75be6050ac
SHA256 c7b957073822ea9beed72a40b3c4bd44eada03c90160cfaea0617f276d2861aa
SHA512 ccf26244fe6ca51c397573a75cacfa39054483d634143afb3200152a0961feafb8931b6a0c8b2cb607a72c02b76d1ec212b73536057e5cbdec18bae03d210367

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 ab2bdf0eac09a2aae638813a0e6c6661
SHA1 b764d695ed6f78c4f223b662994d6b538ebb865b
SHA256 d0c521d614b0ac93f643393d5b43e8f47b23fc6acc07229cd45017422101d259
SHA512 e106d30d31e231448317b26f48d184c19ce24570eb292b2aa0029ce3b58d53bf8480162e8cbfa37283baf9ffb83706407d4beb6bb42d1202e11c1404aead8c1f

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 f7a99814c11282e0b7eaff379e0d0ed0
SHA1 fd59f1fc2da2276435ed87109fc757a538a3cd81
SHA256 9a3da660b98aac451460463ab33022b3d70ede55c9e0c53616602e24c2e2984a
SHA512 e79b0bb09a4baa6d67c738ab8f0fc7105704e820067e903acc143281cbd6fd99635a6c1c786064251a1d3c2325080d52610c9336464b2d47e8bcdea2e3b5243a

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 5a43c2c3c4388ed4121b0d45aeff98db
SHA1 dfae1c0d89ee906e03caa44c778eb7c04c449146
SHA256 fa3b5cdc0a04eb5ae48c2ccf545524ad99ba369d2ee0a191c5d8a467c6641069
SHA512 0f11299a68f3bf22be1c7d62e2cb425971adb6a7d2cfce2f637262036fd19e0743b498a795b1e5c1caf4f6875a00d27fa02fb65c1a6140148ac5659db6b3256b

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 8318f8e6ef6d7d0641e573e572cb49c8
SHA1 f523e74af1111efd95acf788d0da6049fc922fab
SHA256 20d32d2e09e13fa314cff011bf742b85808a51b01cf3ba2d2d6ea4b9b7b0197c
SHA512 d65d4bad9203c3813ef4116d90e122d001a3a6d103da139008ab74abb7c4bc8a788fbbf5e45c6ac88bafda0b2d75ebdea6b2dbe7eb963ad5d97b158ddbe0e00b

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 1fc6926bef4747216ce3c256819f12e6
SHA1 33660c499dae8655646645c91385f8713582c54b
SHA256 c8df6a5cd63f04f4e203b4b7c7a36a57e7155341ee77391f8e550a7bbd342c98
SHA512 bc3149eda061a110ae0e3fef0099c42bf9c75b036f32a190616b3ff61fc585aaf511ab8a73062ec4b6af5b0efac995bcf03c9df567ccca53265e0e60ae8d8923

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 e50f84d8152294c328bec0b57313f3a9
SHA1 29e75795151c7a9a92fc72d8c4ac074c88f11356
SHA256 22f6444474542660fa2c934e51e8d03cc7f93f53a5308e26285cdccdf73a7ff1
SHA512 63cb469225fd98fc127262434fbb7765097890dcfed2f9a81d48770e58a93e3faa46da783722763a9feb65c386a189bea052110e614334b9e4f95c4eb169a7f1

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 6c52c1f2eb1ea248b34ec9bc1dfa9b30
SHA1 ec7f9d8135e2c979f4e54fdc27fcd31297bf6555
SHA256 6ae51b41ab2274412424bdb438a09a9e0c125a8f3b15b8b22e8973d5548b319c
SHA512 0ce0016ef8d36d64a3f71213017c0cb5dcbeb558982cbc77637e816cf0d2e86a3f9314bfa70bf6b563f8315e3c3ff6d6b2be3ec90aa9a096b759dbb9ec7145c0

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 d0491dcff65ae8a41d0bafa0f7d77e23
SHA1 76bc8046e26dde88a20f0449ab35a78a81bfba24
SHA256 952ecf913892c08680024c6008f91ab62d8ab572bf8a0e9659553a7bd4bb1b37
SHA512 7a9608012fa6fff9535ef7651bbec978bdb9bf174957bfc2bf89b9211155a22ca8efb69ca9e2292bd2084adbad97999f2923dcb032144427e541362ba5ba0521

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 1d91fab0be639a638ddac9946b7ad074
SHA1 ed76b7cfa887ecb36759fbc2f72b1c695a9c68b4
SHA256 7649be50d4d7f339cbb7633d7e580ca45c76c9d199d9d6c48fa668683ba95cfd
SHA512 4abc9c5d93fc2e0683c946a08f7e5fcf950a232b633ccadc0eebe347d9dda6cd13e91e3b1ff1e8773fae71a2d5dc23daef3d753da8ac86b4faa42038999b375f

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 f994d204080156cf826e4b7ad417fa1e
SHA1 cbd0a4496891c423b67b9625a5388a74fae7da04
SHA256 b80bd2de45aa80056dcc6e1ba4229c9aa4ef58327dee66651f08deb32b967d48
SHA512 facf4fc2ac0e756899884c066afbf7159c59a1cb1505cb82b5e44d9ead05a40043882f90528f7821525282358aade3c4817db618fba156e179949ca08b2d4807

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 9f5f67b4ad283fac5876b1b3b3ddfc99
SHA1 bd6aba9b84df6417ed3dcd6d27ed8b332ce477ac
SHA256 1f1e7a9632ab03de765dfdcf8880967d25a8bfb6d682c985a90d8b5eb0ad4004
SHA512 7f99e3c2bb38c98951bc0f8ec071111485ec600589671ba0ef89bc6c19f696e1eb4eb06030fc93e4862256d65c29ecd34682dc4f6531bdb3800779024dc4829f

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 c807196bde30a2f4dc12ee314cf6ddbd
SHA1 490ebc9ebddb424ddef3c041c4ac9ab5f45608b1
SHA256 fc2e9c4ca79bd8a3a606d1e9e46d9bf495c5a5a0af5403abd63a1b8cc7af3962
SHA512 667ab97a75ffa455f25cc6a9cae10bfccc152bc808b70ecf377f99c4f9fd1a6e5d342757971918cb35af750d2c4c836b5508be83a379653ec1355e10994b78ea

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 475d04ad67c154df697d54028f3ba804
SHA1 fefcdd788e3e113e6992b6e44d09bbfb462cd5a1
SHA256 a62a16dd95eaf21a12366dc2f452db54629d133302dd977173335b9df51b71c4
SHA512 0d9cabf14d88afee094b0207c1f62be4a67d82380a8c051df27472d0e11e067bdd2614456b806be637b36ef3e8925dc1924a8d2626836a8ae6c7a3e4b07eb7c2

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 15a7842dde5b7a561c6ea0574bdc17f2
SHA1 72de35ecd66eed78bcd80876bbf52d6a2c4c9409
SHA256 e3bc2a2c6fda20d5ee128b5bc58f2ffc4cd48159d0851920754fccda6cc2abd3
SHA512 6a5ef0613c2e2fef04bc7272e24efff69e2638abd9a2e46c518f78fb6c2b93f05805c2cce1ce057700f27b61b67b7bc925d9c04e061be0846bce74ad3fcc3ffa

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 96eb279e1ae82085ba113e18177ff734
SHA1 a95068e0b25ac5610658033bc3e2c0ad37474aca
SHA256 9d4204cf9e1cef761e49e6c3d292564a26aaadee5e15599895f0294b604fda05
SHA512 5c2e8cb65f2d364020740c89e8d37e5dd5cad5fd4eb14d597c78826b0fc0a27c0223bb74eb659637f5ba3693ce967c28aef9e1e5b49f46369068c81bd5431bf8

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 fb012412e5d3dcd7cc8bd0c08f833016
SHA1 e4dcd2be2eb85bd5bf19f726192f014324f584c7
SHA256 1cb8d0115a30a08b57b4bb328f2c4f2055b4e0c7adf2ecd21914a2c3dbba5d67
SHA512 5314c4ac2b20931dd954027e3c0bad994fc54443948152904cf5049ce07f2a8b9eb57ec20ce4cc9d69907afc54b3b105d08313b5aeab10d4642aad25144de284

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 22fee28ddc3e0dd0d2a9d60443fdbca3
SHA1 7b83be58359fa0ab1cb09c1fcb6e45763a32ea15
SHA256 677dbfb1bd5117de75821428a4c0dd1886cb201fef8195e74dc56b0ee6b1d199
SHA512 22313ca143b4ec61d0c4f128135675dfba593eb16d7259d8ad2aedd772f2dc983eb7a960560b257585097496744090b9ab627d5f2ae5e6c59346ce6b70749749

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 5be60b991c48a6ef0b6214d70a6e19d0
SHA1 b7eeac7de167ca059d684f70f3b52284b15864bd
SHA256 cea9a6f25a89a6de00ec1d60993a6d98060d681d6652ad607c9491a55db7e2f7
SHA512 dc62b3dcae01beac0ef650d58d27b34cac8c0ec273c353d162a351d7df34326094af4aa2575391c175aa4f77bc0a6d725a309fc6facbc11042be4b7c054ed777

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 4464038d9d393384f684d7392ae224f7
SHA1 45d0b97ec58fc9b443b90d5abf9b08bacedd5a96
SHA256 7679d02c8e513c13b96187251ea5ae5982010c533fd6d1573a02a4db70820ab6
SHA512 915a16679b7256b4d01d95d3fe518b581377c884bf5ed32d7f2bbb7de5a21572803f449e889a953760fb0d86255b7ffac5f63803485e9b8c44fcbb3e5f93c439

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 1d7ff9854951455170c528cdabc88656
SHA1 3fb82340d69db521cccaf4c724457f00862dbbaa
SHA256 5d94ebe1bea584eb9395fd0076ca1c683c087f959f3dd90d1da02cdd92c3dde6
SHA512 91e3dfc334904e5ccd7fcdf7bc5d656a9be7d58bf7336ccaeae5d0129480539b5476fe0eface9e5b4b66057619546d2df24ea72b34a0b31e109837822be7168e

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 b297f0e020f7f93e0301e32ca03c690e
SHA1 a15fbbac49e31922ffc7a4485393ae6603f7539c
SHA256 dc6e585da62d6812fd6f3d5d91a85a400fd16b161479b383f4ee10b6d98ed9b6
SHA512 8e31996cd5d8fc081359eac22a3ee0af6d2c0b52b805757f12fe262fc8f6d3628fffced019c213ff884a42c71a3b4ae5596634ee10dd329af26f39c7352ca903

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 ecad8d70d2503d96203ba183bd0fb25c
SHA1 eb91e226f6541a431a8bcaa0c915588226a14694
SHA256 a132cf8f413d0e7375c86023faace7d7e3faabecdde089a8156cd1ee9843f6ff
SHA512 cb3caccd404b2990c9d6bba048b6e7f83bd3df7b570fae68f4481c544725ae4ea4d2de5ae681a76121e636cdf0a889a0070f7caa095ff5e56c31609df314c002

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 760e00afad5d867b968918874f5eb030
SHA1 72022c051eef2ec772cb38055b1afae3ff6a98f2
SHA256 d4efe512da4bceb9ff135f215a9d53412f44b8964dfca3ed03ef4ae3e1e81809
SHA512 048b5d48e8b0adb6d45dbedd284eb9a2179d5464ebd5105736a29bb900834f4a496c665917426b599af9f2d8eb3a1f091d79d93443b646625d0568c1671e34ba

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 321fdf41f9fabb209e7b9cb60f60f886
SHA1 aebe4fe6e23f3577b3e8a9b4a3e9199e925bcc26
SHA256 16f39d3d3c0636f6bed6c354e3cc65b9e04c8fff6ce3d031107924a25b7fa613
SHA512 84a31fb5aa125eb3a54af3eb7b1100467646a081334a3373724c28ef9b934bdf80ffa40dcfd1d22c469722dfb451db5e82fcf0d38ae5af3357219f718c925ffd

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 c446ff461d8d165cfcbd1342b27ee5f4
SHA1 de353ae86b6f800121182244991564d841a74b74
SHA256 b7c5ca45bfcb8c0b4912afafabcd8b9916f89fff92104242ff830e3a99e77cdb
SHA512 716b10492152b09c24aa57f59db167e4a0c9ce649e460790b4b64417aee1172b0d98532d20135047a5d174778cf178b58f3e867e9f5f54a962f5f6aa0a5cbbe8

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 e107707f01eb7fee7ee667b16bf97815
SHA1 b54658e68a0b6454ca481da0e416ab8546ba73bd
SHA256 94551e6171e514c146a1a9e9c27b3cd19f006d1f1edb933cf141859bfa36ed88
SHA512 9a6112c51977235edd4ae4bf1ec73b95ed0778b7ddd1dbd62f0a9deafc8a3cf33a1291b2a5f3726165ba4f78934d07dbb5da5e9a90d940835206d553c0ee1217

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 c544a7b16b7fe6ed74783ffb839b0654
SHA1 784445ed4fad8836b1d00ac8de2ab984cdd76e57
SHA256 0df9a784b992978418fcd0793067365d22649e188de79bcdfe221936ab296f3d
SHA512 ab8cc15527915d1f88347aaa3c110a1edc3841fda870ed7d2479ecb23d5a40aa86449027e8a1b69c7f70d4ff4dd5b5e580e88c22c772bbcdcf7c8cd2b563ec12

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 628cc6aefca8c506140c8f01b42ddd5e
SHA1 eaf64180522a2ad75eb4671b1d2e13529f2c9685
SHA256 e96784c002938c1e83e666bd5aae31d24e25bca6cb1a52d6db7b91b587343b35
SHA512 bc0bcc1f4c423b5ef36e1e5aaab1912c58b81323d8241b34a8308f6f940a6f1793c6f6a7e4694f2b5c8d18817794f3bb67d81c6f6a3a16ca20e41747f5d1f3c1

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 88590ee7957578ebd87837d0807fd204
SHA1 a8c6f7dc87b4b1e11777701743a3fc2c84d204e7
SHA256 a2178c09f6eef83402cfe6bd94fadb105176c1c225370fe77e60743443bf94fa
SHA512 842348fe97cbe86cea1d3bd7950fc4e0c926b2fc2216524b905fbf4a3e3538779632c5d73dc0bc3ff8323cce8dac3f232c42cfbb2b32b6f63c76e6abb263fadc

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 f9f449a624696588888a926516366f34
SHA1 1849fee783917a1da1d007db1d04d6d482814289
SHA256 c02f296240b0864856e45bc8289305f7753c5132f5538661eb0972c948882e10
SHA512 0175731513cdc11e8a25488d287aa4f3686f5a4c6de9da9f66c5bc0aff328fa25e5e1d6385a1076e946e5af35be6287781c16ca8ecd87fa56616a8a09b48f4b3

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 30fbd7d5c49438180b7fb0e873991bbf
SHA1 35bebf2dded9310e2d91b1b59200ed3d7728b83e
SHA256 bda413e4bd84809bab802abdf10eeb9737fdd065fc533b72abc1ec0541238f1e
SHA512 bf7efff8f83aeec310c4f51688b380f133ea6b769ee4f49ead6b0b6c931d2e3291a99365e19c08d2556c8d138f799f97f358a9bd06f0712493221860abbb3a62

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 48149783d07c1ff3e74a122ab1f62139
SHA1 0447813d20cd2cc474fe2d3b460bfc58ea579e8f
SHA256 b8e16be6f18c3c7c0bed645dd03e65618693c5a5b74f794e058269cac716c120
SHA512 dc4ca733c5ac60543f33ba1a95bdf4c4b113fdcdd6b72c2216fe53b54b5905fd7ba87d76978b63ecdfa73b4f62d9874ad20c1b094b441c3881fea792ce612ac7

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 2309e698064e571a599c00d37070f6b0
SHA1 452f37c7e845b754d1d3dfdf4dcfa098ec05e489
SHA256 b042311f128ff5d590336b426ba2eb8e047fae7c40c9b6bd58072539390085b3
SHA512 1ba418c293fbc8d677346f317baa9cc3d5ec936ebf5fcd9040a733422cd78997826d78406c5c469e4b8c08d711197fb2a2ca8174e2d1636af4b2db29609e6fca

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 04bc1d55bf752358da031fbe55418afc
SHA1 474efcf68650bbcfbd424f555c413e0c6a967680
SHA256 e94be343c4ed778901ef7ae676fcecb8bd77e9c0ba78ceae051bc0fb93862356
SHA512 5554a4b9902bae6596b75bb5a4b0a23093e41d7d1a13bb84f1d9a04b3342dc173f6619689b4b05ba7e9c1287ed4c69a65f8d23eda883a692ca928e50a5b220f2

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 778ff3a0df0b575825333eccd6bfec2a
SHA1 5a50070a556cfc3c6ffd90df8cdc8665be60c04d
SHA256 28d657182bf5254d6e92f3936b4a788707713018b46dab23b492b60771005657
SHA512 a7e73c8442fa2c2429310737c99bd18331bbee201500e46952374a5c20bc9a86f18ceb6e41299f57d02033a447588bc50f4f960dc11d160b2c7a89491c21b21d

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 59ede66ec4155a8aa6a51871f49b0930
SHA1 d065362963e0a775c94ec41bfde96105c0975440
SHA256 1f27e56b668fcfa74c09a6eb5b81d04cc6233c871a5e5e593a09a85ea2c4a92c
SHA512 5f56e547a82640cccdf67a9c3d5c9f3b9def0ff74ee9a3206b25ba2de9b7902cdab758c58aeb78e5cce10017080a6de8e4eb62e448c3009fcb901b23e52323c9

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 cdad6af3c41659f48ec36b94896243c7
SHA1 e75f87e716f50dc328ff3b3d8b27a80b000f355c
SHA256 0d1445396bd2891e6c7c2f885f8dc11c5ddf8da710584bd16faefba7e88d5bcc
SHA512 9642298d08e44942b63ccd4e9339aac48bb70ef5be6473d075bd24ebcb50adf445bdc0c278936d301acc0afce27c78191b8a338ce1400e1a695568ffa0c060ee

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 0c007f4e8d8f0387e1f377ca52e0242f
SHA1 01f10721c8152bcda247a922fa52a98bc7e16048
SHA256 214d96cbf351006e4cddcb26abd479b7eeeb9dcdc803c9d774091162889ca3e9
SHA512 d942fe3e9fc06966fe16a669ac9f7bfe4bfadeb4236f28e3223b7af1ac6d7ac16ffdddb8e670bca9faf4f4ea6f0cd764a618d7f7ba43c0205b3d2899670287ad

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 2f7be5308ed1c377308adeb5898043cf
SHA1 8bcde71a8046f67052818c308caa6985b9b8e13f
SHA256 c8467c1116ffa8dc31497b9b2902af4c8a2c3ec39fd1c7091c70ee067c422ff6
SHA512 340ce216d25bf015dcb6c350b64e91f26295ad8363e53707a8ed40f65c3eec930c78ada00d84bb8b24144ba54e9f72cc7c18cf343e22f30229f4690bcb3834c8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 aea28cf6be85066b1276e72f89a02023
SHA1 b4776fb7500c01e9f78b13e39099c6af439160d0
SHA256 cd5870cb1146a05b6ac60b754dbf9238467dccfd1f8da25d951479188ccac6a9
SHA512 2b289fcfad5493ff51763505988a5ebcf24101425a9fe895cd86517084662ece9083b10f7c258895670d833d7c617e61cfdf874b958f2db658ee0717d9319028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 a83bbc3ea69232ab0b9ce5ee62930655
SHA1 68317b781f09759b2038062e3405a6b216a9e774
SHA256 66e77215f89327be9ac78c02d9e0ddd4442b6ffa1de02ff259496094faf7e1c0
SHA512 4fd4ad83fb581f59e780cc9967fb28942dc932f7c9e21225b9d4c22841abaf75dd3cb6e7e245035792c8f117632e0d23750adfe58e792864ddd8a43b19622974

C:\Program Files\dotnet\dotnet.exe

MD5 bec2281851cd0ec1a61682755153657f
SHA1 4e9ecadcc08ca38c768efebdf688abf58305bbe6
SHA256 dbc8e81e3f361136c7e779fbe2861a59f85d8a2b195cdc2a610d05b0230cd2f9
SHA512 95a1369e69c648afff44cb0ee2e9fdf794aa96f0819e4dede4383c56312dcf39efdd6b62148df8d687ad01ec0445c3ad7c1764d222e0280a52da96b23c58c6d5

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 cc592add2239d3ea69a30a4bdbf30fa2
SHA1 beeaa5195edc3a8115f33588f5b988f13d887fc6
SHA256 c02064ce0bb4d4edd2c72fb60d2f9bbef2cc5012514cf2f46311404fcc5ce747
SHA512 2efb1b27e0ae758d547dda585e3f1112e806e4025bcf250596e4fc75ce7570f23bc164d6ad813af7e59bdd731620d774103659abab5b35d2edc2edbab14025ff

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 a0912fa4ec069acb38e35487ba27bf2a
SHA1 62b537fb1c6396ff8b3eba904b03abcf68266d50
SHA256 a37dff6b2061adc0036bb8142c5c2fd32bb375f421201d0c79f73d854d1b181e
SHA512 76da8e8c05b4bd1098596a62b20bf8c130238c058abeb81d99857b62020811893912cf6743a091cfa9adc1cecf2c22b0df9634ed490fabb291df320fa40522a9

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 d8d90e61b88daadcb8ef9de1969c2ac7
SHA1 3ceafd338ce19f9965aa173032fb507763742351
SHA256 d6a78fde6452ab6fa8c28aa276ca18e20e3703a13c4d752df95fec5b054f6420
SHA512 bf299ca87ceb0923a8b7bb03ce0092338e52bc703241d805992171f38eb9ca54433ff3da44958647c6f28fd753b7fda0ca436c210a3421af9430433882b4df5c

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 4b5c29cbd04fbf739e7b9c16e4e0e0e0
SHA1 c5e6213df78ba6d81fa204095dfbcccecb52168a
SHA256 0eee59f0279c4347cd4ced0e40b3d64e0580e9279ed6d298beb6a3293bf0ce39
SHA512 8c205d613b1f63bba664c356c34308bafd448e06b82f53c3b95345d5d804b7a54ee52e911028f0da02d3fecc867c9cc63d6422bced5464cddb43a088f9e4e557