Analysis Overview
SHA256
5256272996127b2837c4a8c306a0534b2c800ad81b7fa5f17bc0c08e004d83f7
Threat Level: Shows suspicious behavior
The file 2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:27
Reported
2024-04-07 19:30
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\847e9d482a644d7f.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javac.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\xjc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaws.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Windows\System32\alg.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_1cc6a8c3daee687c4b2c3f9e63e1c1bf_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 7.206.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 46.225.168.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 8.8.8.8:53 | 21.160.94.34.in-addr.arpa | udp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 8.8.8.8:53 | 170.253.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.170.162.34.in-addr.arpa | udp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 10.181.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
Files
memory/2776-0-0x0000000000510000-0x0000000000570000-memory.dmp
memory/2776-1-0x0000000140000000-0x00000001401EF000-memory.dmp
memory/2776-7-0x0000000000510000-0x0000000000570000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 8ddcfb488d07e5ad716d0a7ae5d28190 |
| SHA1 | c0b7a3b332efafbdedd091b0eb1795f73e3a91de |
| SHA256 | 8cba91025671ea6bbc04e4e0d08dde37f8b0367959c0ac5bcb5f9fef18d802b6 |
| SHA512 | c2c0192d686de184e3ca982e6ba4477605b62f12d24d30a8814af221c1deaa7e474ef547b5385b29e35fa2fa2def8fc4fb8cc59667b5bc294c1bdbf97945c4fb |
memory/788-14-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/788-12-0x0000000000740000-0x00000000007A0000-memory.dmp
memory/788-19-0x0000000000740000-0x00000000007A0000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 16095497f672b55155a2096899ad736a |
| SHA1 | e305e247eb63b827950a61fe6b7b60dbf0b7a1b0 |
| SHA256 | a3fa990e4a534a335a1631a5ec8e60af74f67e3b210ee6bd0e5eec0fe6744314 |
| SHA512 | 8a89ee53eb183b12c26131dd4b0625d6a6f5cdc25bb1ef7369cde6453f220cafd83317c3a90d538c7854e8a5e84ed026dc0d368bcd93c3bf78cefe75901d5cac |
memory/4824-26-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/4824-25-0x0000000000680000-0x00000000006E0000-memory.dmp
memory/4824-33-0x0000000000680000-0x00000000006E0000-memory.dmp
memory/4824-32-0x0000000000680000-0x00000000006E0000-memory.dmp
memory/2776-42-0x0000000140000000-0x00000001401EF000-memory.dmp
memory/1696-40-0x0000000140000000-0x0000000140135000-memory.dmp
memory/1696-41-0x0000000000C90000-0x0000000000CF0000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | d67eb82ba546c217510ff8a734d4780d |
| SHA1 | 58196b4c169c55735a04e6d0e43d87a3f8590768 |
| SHA256 | a03b0c41e235815c5ede7f396298823d9df1a1f92197467a7fed71e53e989c77 |
| SHA512 | 5cd053dd774ba3f0ad8c4970df004a0ba282b8bf209e43a06dadbee12f5631273ff60de253a5cb8b26750d51843ca22bff58b8807807beac6f3ee6f43199e323 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | fdd09d585dffb9154d91c46d24fc710c |
| SHA1 | c200f909aabdf1335786f96de2ac13279c8f6307 |
| SHA256 | 73d6e931a6697ffac61fd839992d3f59aff617eeb68f2f6d6ffb579d469205e8 |
| SHA512 | 8ebfa4d90e2edeb12e6909e4efa9636802cf4490321558e1346cfbfcc703d365cfe9e712dcfd133284a4dd3e30554670ed00de9893a61f5a65447efaa235aede |
memory/3996-48-0x0000000140000000-0x0000000140237000-memory.dmp
memory/1696-53-0x0000000000C90000-0x0000000000CF0000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | f1ff874948d6213ef9630635fe7aa02d |
| SHA1 | 0fce5f2a4c681dbef3d9e2dc2ed0646d5ca4e463 |
| SHA256 | 3ff6ecae07a47f0505ed2266204c9685fa26b221d602d42326617512c058508e |
| SHA512 | ad7be54280698c5192240f9768f391a61f90b2cf533d8c814b9bb10c35b00685595180c6fe2d7f653c50b01110dca5ca772ef4373284b49b9120ea265b8f19a4 |
memory/1696-57-0x0000000000C90000-0x0000000000CF0000-memory.dmp
memory/3996-61-0x0000000000510000-0x0000000000570000-memory.dmp
memory/1696-63-0x0000000140000000-0x0000000140135000-memory.dmp
memory/668-66-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | cff81970b2072bbdd76660ab32138651 |
| SHA1 | 3ed94d2e2423a9c351f886663e71d91dfacd2759 |
| SHA256 | 332a45e0be86904f01274cb41da0dc6957ab05f4b7f5aa2d474606d788a31a83 |
| SHA512 | 59f370bbd709a182478b84f4d6a70f70405fbcf5c8a9f1eede67617ea01e490192014b75b913e90d75a4bbfc65719692014786506b31b4649b0a22ccea13c9b3 |
memory/668-67-0x0000000140000000-0x000000014022B000-memory.dmp
memory/668-73-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 692529ead8f4b0c33a89a1b137089b9a |
| SHA1 | 97f981a4688ee03ad8fe39a92f173e4eea0b349b |
| SHA256 | ad2bf26d7a03501523054d0b5b029b724d8a2cbdae4ca51f4453e9b3b0de61b0 |
| SHA512 | 01de3f75023ede14b8788031c243d96fe0da17f427497ec04b6f480a13821988c850e184d92b0af419dfe536f6e145fc14ab8ef0a7af64a7f96c8c7f63f87286 |
memory/3064-78-0x0000000001AD0000-0x0000000001B30000-memory.dmp
memory/788-77-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/3064-80-0x0000000140000000-0x0000000140209000-memory.dmp
memory/3064-86-0x0000000001AD0000-0x0000000001B30000-memory.dmp
memory/3064-90-0x0000000001AD0000-0x0000000001B30000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | bddd76ffc934ca6a7596d1ccdde26fb9 |
| SHA1 | b269f9cbd4efff727c10104e51429a1ecbfc79ac |
| SHA256 | 0e351fba87ea24225617152ae65e8708ba6a6da8c24b68af0222bc2c5ca6dfd5 |
| SHA512 | 7342d0c6b6c7ebd4a3d08cee7aac23ef6dc0695184543cfd9c7dff226259d973ad05a62f173aeeb980a04e8007df75ac6b1bd5f3820883c2f78724745b2db702 |
memory/3864-94-0x00000000004F0000-0x0000000000550000-memory.dmp
memory/3864-97-0x0000000140000000-0x000000014020E000-memory.dmp
memory/3064-92-0x0000000140000000-0x0000000140209000-memory.dmp
memory/4824-95-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/3864-104-0x00000000004F0000-0x0000000000550000-memory.dmp
memory/3996-239-0x0000000140000000-0x0000000140237000-memory.dmp
memory/668-265-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3864-268-0x0000000140000000-0x000000014020E000-memory.dmp
C:\odt\office2016setup.exe
| MD5 | 15aeff2b0dfa1815d774764e9213452b |
| SHA1 | f848991d2d935b01f6952536f9e8cce7352fd646 |
| SHA256 | 484763d6bb6db3b472b5c111d2e51da82606baacb577544b6ca9a3b2de12c861 |
| SHA512 | b140b62e320551bb8c5871e821a4356713bcd02a6573e3d04b916997f433be187476788f48b92de4fe5f7c15e7747b04593310d6e5642879006f1d7492eea2f2 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 8ff232482303a4d3d20c7cff64c8e0a9 |
| SHA1 | e8f11ea53c06475a4ab70f8ab7562ba21eb93c2b |
| SHA256 | a682b56ee1420d00b671fa624fba598c606b139ab1716a65d9147e3cc6574f3f |
| SHA512 | 28e43060c178059cf225306a96067afa6115ba830817f7be24ddc9af7b29f44dc146859396216e7320abb392a0fd1a96368e92243a25a21002b1a86d37ebcdb2 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 6eba4d87c6afccd85b85a755ac3fa727 |
| SHA1 | 6b705acb9c34972f43109ea883d08eeaeeb4fd5e |
| SHA256 | bbc8a9f976d51fe96f5e153a961ec9cf40b91ed3ae7c73984fb0bc558deafc7d |
| SHA512 | c5e5b734082f34f9f320af5c2bffc47673b2e09eb4612c3f81e215eaa387ec902b92c0889c0169e7310cf2ece58c46db624f2fb41346e29a48c0148f24e54ee5 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 7f8d9bb38435065fd48b414f5c6ae06d |
| SHA1 | 2b7342b2e647a16ada27fe536ba29adb5c30a9e7 |
| SHA256 | 71656048af3d3f879513312c9fc360ff8bad62c64cc108801c40b1633b7fd85c |
| SHA512 | 8ad4f2914090a933251f381b50e64a82940f6d641214a7141537cd56bb65db33b0c65688634e4533ab5283e531bbc2d2bd31f35399ae3962f7fd7ae2676c57fd |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | d6a2ae9bcdb802ec002ea01fd0a05a32 |
| SHA1 | 22045c6bc4ca41cec55a44039ad0c902e715b357 |
| SHA256 | 3c6d246cfdfcb72406f6d3c484f5cd214371deca0dc4fd56e2f524f65dafa1d7 |
| SHA512 | 65bba9f96600c66c3eb68f7e1e22b3bdff5112a332d8b40c70b1f843ee54c16d11aef29bf8af6a6e1c559c7498c0f2f0badb54423a6959e66ae3d4d230cd8b1a |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 352a5bcc4ed1e468907c85c6edbf78ce |
| SHA1 | 3b0fc027abb69bf438e6365c6b242f4f293f089d |
| SHA256 | 57d6a14b56011d16d270f2e5efc6f54a73f9bba78a93fcafb1abde313d83bf93 |
| SHA512 | 1011056e337d9a005fbd6866f5dc25280d1dbe2b3ba56aa9926f0e9c4ca442ce45d59e147c505c8f2fd65d403d8fbf2661ee676483d98f515b42e3e75c13ed4b |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 584f27238a733b852bcea0b24de5cf6c |
| SHA1 | 967bc30d14603b2060b04adebb4072104ab82c6f |
| SHA256 | d3482232faae4605d8a275a6337e5abc779f1416711720d703b097fe7411242f |
| SHA512 | 181869c694d16be7c6596205d9bbd364488f0f62f8f20d32619e23dfd116f2043d79cbe8d97cff158367746049a7047e1bd145f5e6701d4216a77f8717e4add2 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | d8b4e0befbac330a75d5a72106627110 |
| SHA1 | b9d1a04739630d42dffdebf06f966c75be6050ac |
| SHA256 | c7b957073822ea9beed72a40b3c4bd44eada03c90160cfaea0617f276d2861aa |
| SHA512 | ccf26244fe6ca51c397573a75cacfa39054483d634143afb3200152a0961feafb8931b6a0c8b2cb607a72c02b76d1ec212b73536057e5cbdec18bae03d210367 |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | ab2bdf0eac09a2aae638813a0e6c6661 |
| SHA1 | b764d695ed6f78c4f223b662994d6b538ebb865b |
| SHA256 | d0c521d614b0ac93f643393d5b43e8f47b23fc6acc07229cd45017422101d259 |
| SHA512 | e106d30d31e231448317b26f48d184c19ce24570eb292b2aa0029ce3b58d53bf8480162e8cbfa37283baf9ffb83706407d4beb6bb42d1202e11c1404aead8c1f |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | f7a99814c11282e0b7eaff379e0d0ed0 |
| SHA1 | fd59f1fc2da2276435ed87109fc757a538a3cd81 |
| SHA256 | 9a3da660b98aac451460463ab33022b3d70ede55c9e0c53616602e24c2e2984a |
| SHA512 | e79b0bb09a4baa6d67c738ab8f0fc7105704e820067e903acc143281cbd6fd99635a6c1c786064251a1d3c2325080d52610c9336464b2d47e8bcdea2e3b5243a |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | 5a43c2c3c4388ed4121b0d45aeff98db |
| SHA1 | dfae1c0d89ee906e03caa44c778eb7c04c449146 |
| SHA256 | fa3b5cdc0a04eb5ae48c2ccf545524ad99ba369d2ee0a191c5d8a467c6641069 |
| SHA512 | 0f11299a68f3bf22be1c7d62e2cb425971adb6a7d2cfce2f637262036fd19e0743b498a795b1e5c1caf4f6875a00d27fa02fb65c1a6140148ac5659db6b3256b |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | 8318f8e6ef6d7d0641e573e572cb49c8 |
| SHA1 | f523e74af1111efd95acf788d0da6049fc922fab |
| SHA256 | 20d32d2e09e13fa314cff011bf742b85808a51b01cf3ba2d2d6ea4b9b7b0197c |
| SHA512 | d65d4bad9203c3813ef4116d90e122d001a3a6d103da139008ab74abb7c4bc8a788fbbf5e45c6ac88bafda0b2d75ebdea6b2dbe7eb963ad5d97b158ddbe0e00b |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | 1fc6926bef4747216ce3c256819f12e6 |
| SHA1 | 33660c499dae8655646645c91385f8713582c54b |
| SHA256 | c8df6a5cd63f04f4e203b4b7c7a36a57e7155341ee77391f8e550a7bbd342c98 |
| SHA512 | bc3149eda061a110ae0e3fef0099c42bf9c75b036f32a190616b3ff61fc585aaf511ab8a73062ec4b6af5b0efac995bcf03c9df567ccca53265e0e60ae8d8923 |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | e50f84d8152294c328bec0b57313f3a9 |
| SHA1 | 29e75795151c7a9a92fc72d8c4ac074c88f11356 |
| SHA256 | 22f6444474542660fa2c934e51e8d03cc7f93f53a5308e26285cdccdf73a7ff1 |
| SHA512 | 63cb469225fd98fc127262434fbb7765097890dcfed2f9a81d48770e58a93e3faa46da783722763a9feb65c386a189bea052110e614334b9e4f95c4eb169a7f1 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | 6c52c1f2eb1ea248b34ec9bc1dfa9b30 |
| SHA1 | ec7f9d8135e2c979f4e54fdc27fcd31297bf6555 |
| SHA256 | 6ae51b41ab2274412424bdb438a09a9e0c125a8f3b15b8b22e8973d5548b319c |
| SHA512 | 0ce0016ef8d36d64a3f71213017c0cb5dcbeb558982cbc77637e816cf0d2e86a3f9314bfa70bf6b563f8315e3c3ff6d6b2be3ec90aa9a096b759dbb9ec7145c0 |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | d0491dcff65ae8a41d0bafa0f7d77e23 |
| SHA1 | 76bc8046e26dde88a20f0449ab35a78a81bfba24 |
| SHA256 | 952ecf913892c08680024c6008f91ab62d8ab572bf8a0e9659553a7bd4bb1b37 |
| SHA512 | 7a9608012fa6fff9535ef7651bbec978bdb9bf174957bfc2bf89b9211155a22ca8efb69ca9e2292bd2084adbad97999f2923dcb032144427e541362ba5ba0521 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | 1d91fab0be639a638ddac9946b7ad074 |
| SHA1 | ed76b7cfa887ecb36759fbc2f72b1c695a9c68b4 |
| SHA256 | 7649be50d4d7f339cbb7633d7e580ca45c76c9d199d9d6c48fa668683ba95cfd |
| SHA512 | 4abc9c5d93fc2e0683c946a08f7e5fcf950a232b633ccadc0eebe347d9dda6cd13e91e3b1ff1e8773fae71a2d5dc23daef3d753da8ac86b4faa42038999b375f |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | f994d204080156cf826e4b7ad417fa1e |
| SHA1 | cbd0a4496891c423b67b9625a5388a74fae7da04 |
| SHA256 | b80bd2de45aa80056dcc6e1ba4229c9aa4ef58327dee66651f08deb32b967d48 |
| SHA512 | facf4fc2ac0e756899884c066afbf7159c59a1cb1505cb82b5e44d9ead05a40043882f90528f7821525282358aade3c4817db618fba156e179949ca08b2d4807 |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | 9f5f67b4ad283fac5876b1b3b3ddfc99 |
| SHA1 | bd6aba9b84df6417ed3dcd6d27ed8b332ce477ac |
| SHA256 | 1f1e7a9632ab03de765dfdcf8880967d25a8bfb6d682c985a90d8b5eb0ad4004 |
| SHA512 | 7f99e3c2bb38c98951bc0f8ec071111485ec600589671ba0ef89bc6c19f696e1eb4eb06030fc93e4862256d65c29ecd34682dc4f6531bdb3800779024dc4829f |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | c807196bde30a2f4dc12ee314cf6ddbd |
| SHA1 | 490ebc9ebddb424ddef3c041c4ac9ab5f45608b1 |
| SHA256 | fc2e9c4ca79bd8a3a606d1e9e46d9bf495c5a5a0af5403abd63a1b8cc7af3962 |
| SHA512 | 667ab97a75ffa455f25cc6a9cae10bfccc152bc808b70ecf377f99c4f9fd1a6e5d342757971918cb35af750d2c4c836b5508be83a379653ec1355e10994b78ea |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | 475d04ad67c154df697d54028f3ba804 |
| SHA1 | fefcdd788e3e113e6992b6e44d09bbfb462cd5a1 |
| SHA256 | a62a16dd95eaf21a12366dc2f452db54629d133302dd977173335b9df51b71c4 |
| SHA512 | 0d9cabf14d88afee094b0207c1f62be4a67d82380a8c051df27472d0e11e067bdd2614456b806be637b36ef3e8925dc1924a8d2626836a8ae6c7a3e4b07eb7c2 |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | 15a7842dde5b7a561c6ea0574bdc17f2 |
| SHA1 | 72de35ecd66eed78bcd80876bbf52d6a2c4c9409 |
| SHA256 | e3bc2a2c6fda20d5ee128b5bc58f2ffc4cd48159d0851920754fccda6cc2abd3 |
| SHA512 | 6a5ef0613c2e2fef04bc7272e24efff69e2638abd9a2e46c518f78fb6c2b93f05805c2cce1ce057700f27b61b67b7bc925d9c04e061be0846bce74ad3fcc3ffa |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 96eb279e1ae82085ba113e18177ff734 |
| SHA1 | a95068e0b25ac5610658033bc3e2c0ad37474aca |
| SHA256 | 9d4204cf9e1cef761e49e6c3d292564a26aaadee5e15599895f0294b604fda05 |
| SHA512 | 5c2e8cb65f2d364020740c89e8d37e5dd5cad5fd4eb14d597c78826b0fc0a27c0223bb74eb659637f5ba3693ce967c28aef9e1e5b49f46369068c81bd5431bf8 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | fb012412e5d3dcd7cc8bd0c08f833016 |
| SHA1 | e4dcd2be2eb85bd5bf19f726192f014324f584c7 |
| SHA256 | 1cb8d0115a30a08b57b4bb328f2c4f2055b4e0c7adf2ecd21914a2c3dbba5d67 |
| SHA512 | 5314c4ac2b20931dd954027e3c0bad994fc54443948152904cf5049ce07f2a8b9eb57ec20ce4cc9d69907afc54b3b105d08313b5aeab10d4642aad25144de284 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 22fee28ddc3e0dd0d2a9d60443fdbca3 |
| SHA1 | 7b83be58359fa0ab1cb09c1fcb6e45763a32ea15 |
| SHA256 | 677dbfb1bd5117de75821428a4c0dd1886cb201fef8195e74dc56b0ee6b1d199 |
| SHA512 | 22313ca143b4ec61d0c4f128135675dfba593eb16d7259d8ad2aedd772f2dc983eb7a960560b257585097496744090b9ab627d5f2ae5e6c59346ce6b70749749 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 5be60b991c48a6ef0b6214d70a6e19d0 |
| SHA1 | b7eeac7de167ca059d684f70f3b52284b15864bd |
| SHA256 | cea9a6f25a89a6de00ec1d60993a6d98060d681d6652ad607c9491a55db7e2f7 |
| SHA512 | dc62b3dcae01beac0ef650d58d27b34cac8c0ec273c353d162a351d7df34326094af4aa2575391c175aa4f77bc0a6d725a309fc6facbc11042be4b7c054ed777 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 4464038d9d393384f684d7392ae224f7 |
| SHA1 | 45d0b97ec58fc9b443b90d5abf9b08bacedd5a96 |
| SHA256 | 7679d02c8e513c13b96187251ea5ae5982010c533fd6d1573a02a4db70820ab6 |
| SHA512 | 915a16679b7256b4d01d95d3fe518b581377c884bf5ed32d7f2bbb7de5a21572803f449e889a953760fb0d86255b7ffac5f63803485e9b8c44fcbb3e5f93c439 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 1d7ff9854951455170c528cdabc88656 |
| SHA1 | 3fb82340d69db521cccaf4c724457f00862dbbaa |
| SHA256 | 5d94ebe1bea584eb9395fd0076ca1c683c087f959f3dd90d1da02cdd92c3dde6 |
| SHA512 | 91e3dfc334904e5ccd7fcdf7bc5d656a9be7d58bf7336ccaeae5d0129480539b5476fe0eface9e5b4b66057619546d2df24ea72b34a0b31e109837822be7168e |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | b297f0e020f7f93e0301e32ca03c690e |
| SHA1 | a15fbbac49e31922ffc7a4485393ae6603f7539c |
| SHA256 | dc6e585da62d6812fd6f3d5d91a85a400fd16b161479b383f4ee10b6d98ed9b6 |
| SHA512 | 8e31996cd5d8fc081359eac22a3ee0af6d2c0b52b805757f12fe262fc8f6d3628fffced019c213ff884a42c71a3b4ae5596634ee10dd329af26f39c7352ca903 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | ecad8d70d2503d96203ba183bd0fb25c |
| SHA1 | eb91e226f6541a431a8bcaa0c915588226a14694 |
| SHA256 | a132cf8f413d0e7375c86023faace7d7e3faabecdde089a8156cd1ee9843f6ff |
| SHA512 | cb3caccd404b2990c9d6bba048b6e7f83bd3df7b570fae68f4481c544725ae4ea4d2de5ae681a76121e636cdf0a889a0070f7caa095ff5e56c31609df314c002 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 760e00afad5d867b968918874f5eb030 |
| SHA1 | 72022c051eef2ec772cb38055b1afae3ff6a98f2 |
| SHA256 | d4efe512da4bceb9ff135f215a9d53412f44b8964dfca3ed03ef4ae3e1e81809 |
| SHA512 | 048b5d48e8b0adb6d45dbedd284eb9a2179d5464ebd5105736a29bb900834f4a496c665917426b599af9f2d8eb3a1f091d79d93443b646625d0568c1671e34ba |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 321fdf41f9fabb209e7b9cb60f60f886 |
| SHA1 | aebe4fe6e23f3577b3e8a9b4a3e9199e925bcc26 |
| SHA256 | 16f39d3d3c0636f6bed6c354e3cc65b9e04c8fff6ce3d031107924a25b7fa613 |
| SHA512 | 84a31fb5aa125eb3a54af3eb7b1100467646a081334a3373724c28ef9b934bdf80ffa40dcfd1d22c469722dfb451db5e82fcf0d38ae5af3357219f718c925ffd |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | c446ff461d8d165cfcbd1342b27ee5f4 |
| SHA1 | de353ae86b6f800121182244991564d841a74b74 |
| SHA256 | b7c5ca45bfcb8c0b4912afafabcd8b9916f89fff92104242ff830e3a99e77cdb |
| SHA512 | 716b10492152b09c24aa57f59db167e4a0c9ce649e460790b4b64417aee1172b0d98532d20135047a5d174778cf178b58f3e867e9f5f54a962f5f6aa0a5cbbe8 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | e107707f01eb7fee7ee667b16bf97815 |
| SHA1 | b54658e68a0b6454ca481da0e416ab8546ba73bd |
| SHA256 | 94551e6171e514c146a1a9e9c27b3cd19f006d1f1edb933cf141859bfa36ed88 |
| SHA512 | 9a6112c51977235edd4ae4bf1ec73b95ed0778b7ddd1dbd62f0a9deafc8a3cf33a1291b2a5f3726165ba4f78934d07dbb5da5e9a90d940835206d553c0ee1217 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | c544a7b16b7fe6ed74783ffb839b0654 |
| SHA1 | 784445ed4fad8836b1d00ac8de2ab984cdd76e57 |
| SHA256 | 0df9a784b992978418fcd0793067365d22649e188de79bcdfe221936ab296f3d |
| SHA512 | ab8cc15527915d1f88347aaa3c110a1edc3841fda870ed7d2479ecb23d5a40aa86449027e8a1b69c7f70d4ff4dd5b5e580e88c22c772bbcdcf7c8cd2b563ec12 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 628cc6aefca8c506140c8f01b42ddd5e |
| SHA1 | eaf64180522a2ad75eb4671b1d2e13529f2c9685 |
| SHA256 | e96784c002938c1e83e666bd5aae31d24e25bca6cb1a52d6db7b91b587343b35 |
| SHA512 | bc0bcc1f4c423b5ef36e1e5aaab1912c58b81323d8241b34a8308f6f940a6f1793c6f6a7e4694f2b5c8d18817794f3bb67d81c6f6a3a16ca20e41747f5d1f3c1 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 88590ee7957578ebd87837d0807fd204 |
| SHA1 | a8c6f7dc87b4b1e11777701743a3fc2c84d204e7 |
| SHA256 | a2178c09f6eef83402cfe6bd94fadb105176c1c225370fe77e60743443bf94fa |
| SHA512 | 842348fe97cbe86cea1d3bd7950fc4e0c926b2fc2216524b905fbf4a3e3538779632c5d73dc0bc3ff8323cce8dac3f232c42cfbb2b32b6f63c76e6abb263fadc |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | f9f449a624696588888a926516366f34 |
| SHA1 | 1849fee783917a1da1d007db1d04d6d482814289 |
| SHA256 | c02f296240b0864856e45bc8289305f7753c5132f5538661eb0972c948882e10 |
| SHA512 | 0175731513cdc11e8a25488d287aa4f3686f5a4c6de9da9f66c5bc0aff328fa25e5e1d6385a1076e946e5af35be6287781c16ca8ecd87fa56616a8a09b48f4b3 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 30fbd7d5c49438180b7fb0e873991bbf |
| SHA1 | 35bebf2dded9310e2d91b1b59200ed3d7728b83e |
| SHA256 | bda413e4bd84809bab802abdf10eeb9737fdd065fc533b72abc1ec0541238f1e |
| SHA512 | bf7efff8f83aeec310c4f51688b380f133ea6b769ee4f49ead6b0b6c931d2e3291a99365e19c08d2556c8d138f799f97f358a9bd06f0712493221860abbb3a62 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 48149783d07c1ff3e74a122ab1f62139 |
| SHA1 | 0447813d20cd2cc474fe2d3b460bfc58ea579e8f |
| SHA256 | b8e16be6f18c3c7c0bed645dd03e65618693c5a5b74f794e058269cac716c120 |
| SHA512 | dc4ca733c5ac60543f33ba1a95bdf4c4b113fdcdd6b72c2216fe53b54b5905fd7ba87d76978b63ecdfa73b4f62d9874ad20c1b094b441c3881fea792ce612ac7 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 2309e698064e571a599c00d37070f6b0 |
| SHA1 | 452f37c7e845b754d1d3dfdf4dcfa098ec05e489 |
| SHA256 | b042311f128ff5d590336b426ba2eb8e047fae7c40c9b6bd58072539390085b3 |
| SHA512 | 1ba418c293fbc8d677346f317baa9cc3d5ec936ebf5fcd9040a733422cd78997826d78406c5c469e4b8c08d711197fb2a2ca8174e2d1636af4b2db29609e6fca |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 04bc1d55bf752358da031fbe55418afc |
| SHA1 | 474efcf68650bbcfbd424f555c413e0c6a967680 |
| SHA256 | e94be343c4ed778901ef7ae676fcecb8bd77e9c0ba78ceae051bc0fb93862356 |
| SHA512 | 5554a4b9902bae6596b75bb5a4b0a23093e41d7d1a13bb84f1d9a04b3342dc173f6619689b4b05ba7e9c1287ed4c69a65f8d23eda883a692ca928e50a5b220f2 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 778ff3a0df0b575825333eccd6bfec2a |
| SHA1 | 5a50070a556cfc3c6ffd90df8cdc8665be60c04d |
| SHA256 | 28d657182bf5254d6e92f3936b4a788707713018b46dab23b492b60771005657 |
| SHA512 | a7e73c8442fa2c2429310737c99bd18331bbee201500e46952374a5c20bc9a86f18ceb6e41299f57d02033a447588bc50f4f960dc11d160b2c7a89491c21b21d |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 59ede66ec4155a8aa6a51871f49b0930 |
| SHA1 | d065362963e0a775c94ec41bfde96105c0975440 |
| SHA256 | 1f27e56b668fcfa74c09a6eb5b81d04cc6233c871a5e5e593a09a85ea2c4a92c |
| SHA512 | 5f56e547a82640cccdf67a9c3d5c9f3b9def0ff74ee9a3206b25ba2de9b7902cdab758c58aeb78e5cce10017080a6de8e4eb62e448c3009fcb901b23e52323c9 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | cdad6af3c41659f48ec36b94896243c7 |
| SHA1 | e75f87e716f50dc328ff3b3d8b27a80b000f355c |
| SHA256 | 0d1445396bd2891e6c7c2f885f8dc11c5ddf8da710584bd16faefba7e88d5bcc |
| SHA512 | 9642298d08e44942b63ccd4e9339aac48bb70ef5be6473d075bd24ebcb50adf445bdc0c278936d301acc0afce27c78191b8a338ce1400e1a695568ffa0c060ee |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 0c007f4e8d8f0387e1f377ca52e0242f |
| SHA1 | 01f10721c8152bcda247a922fa52a98bc7e16048 |
| SHA256 | 214d96cbf351006e4cddcb26abd479b7eeeb9dcdc803c9d774091162889ca3e9 |
| SHA512 | d942fe3e9fc06966fe16a669ac9f7bfe4bfadeb4236f28e3223b7af1ac6d7ac16ffdddb8e670bca9faf4f4ea6f0cd764a618d7f7ba43c0205b3d2899670287ad |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | 2f7be5308ed1c377308adeb5898043cf |
| SHA1 | 8bcde71a8046f67052818c308caa6985b9b8e13f |
| SHA256 | c8467c1116ffa8dc31497b9b2902af4c8a2c3ec39fd1c7091c70ee067c422ff6 |
| SHA512 | 340ce216d25bf015dcb6c350b64e91f26295ad8363e53707a8ed40f65c3eec930c78ada00d84bb8b24144ba54e9f72cc7c18cf343e22f30229f4690bcb3834c8 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | aea28cf6be85066b1276e72f89a02023 |
| SHA1 | b4776fb7500c01e9f78b13e39099c6af439160d0 |
| SHA256 | cd5870cb1146a05b6ac60b754dbf9238467dccfd1f8da25d951479188ccac6a9 |
| SHA512 | 2b289fcfad5493ff51763505988a5ebcf24101425a9fe895cd86517084662ece9083b10f7c258895670d833d7c617e61cfdf874b958f2db658ee0717d9319028 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | a83bbc3ea69232ab0b9ce5ee62930655 |
| SHA1 | 68317b781f09759b2038062e3405a6b216a9e774 |
| SHA256 | 66e77215f89327be9ac78c02d9e0ddd4442b6ffa1de02ff259496094faf7e1c0 |
| SHA512 | 4fd4ad83fb581f59e780cc9967fb28942dc932f7c9e21225b9d4c22841abaf75dd3cb6e7e245035792c8f117632e0d23750adfe58e792864ddd8a43b19622974 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | bec2281851cd0ec1a61682755153657f |
| SHA1 | 4e9ecadcc08ca38c768efebdf688abf58305bbe6 |
| SHA256 | dbc8e81e3f361136c7e779fbe2861a59f85d8a2b195cdc2a610d05b0230cd2f9 |
| SHA512 | 95a1369e69c648afff44cb0ee2e9fdf794aa96f0819e4dede4383c56312dcf39efdd6b62148df8d687ad01ec0445c3ad7c1764d222e0280a52da96b23c58c6d5 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | cc592add2239d3ea69a30a4bdbf30fa2 |
| SHA1 | beeaa5195edc3a8115f33588f5b988f13d887fc6 |
| SHA256 | c02064ce0bb4d4edd2c72fb60d2f9bbef2cc5012514cf2f46311404fcc5ce747 |
| SHA512 | 2efb1b27e0ae758d547dda585e3f1112e806e4025bcf250596e4fc75ce7570f23bc164d6ad813af7e59bdd731620d774103659abab5b35d2edc2edbab14025ff |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | a0912fa4ec069acb38e35487ba27bf2a |
| SHA1 | 62b537fb1c6396ff8b3eba904b03abcf68266d50 |
| SHA256 | a37dff6b2061adc0036bb8142c5c2fd32bb375f421201d0c79f73d854d1b181e |
| SHA512 | 76da8e8c05b4bd1098596a62b20bf8c130238c058abeb81d99857b62020811893912cf6743a091cfa9adc1cecf2c22b0df9634ed490fabb291df320fa40522a9 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | d8d90e61b88daadcb8ef9de1969c2ac7 |
| SHA1 | 3ceafd338ce19f9965aa173032fb507763742351 |
| SHA256 | d6a78fde6452ab6fa8c28aa276ca18e20e3703a13c4d752df95fec5b054f6420 |
| SHA512 | bf299ca87ceb0923a8b7bb03ce0092338e52bc703241d805992171f38eb9ca54433ff3da44958647c6f28fd753b7fda0ca436c210a3421af9430433882b4df5c |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 4b5c29cbd04fbf739e7b9c16e4e0e0e0 |
| SHA1 | c5e6213df78ba6d81fa204095dfbcccecb52168a |
| SHA256 | 0eee59f0279c4347cd4ced0e40b3d64e0580e9279ed6d298beb6a3293bf0ce39 |
| SHA512 | 8c205d613b1f63bba664c356c34308bafd448e06b82f53c3b95345d5d804b7a54ee52e911028f0da02d3fecc867c9cc63d6422bced5464cddb43a088f9e4e557 |