Malware Analysis Report

2024-11-13 13:57

Sample ID 240407-yshldade48
Target 2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk
SHA256 b7447426f5c11a19f2080a6417c2382d0d7fd7866ef8c866e52ebd94f4068833
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b7447426f5c11a19f2080a6417c2382d0d7fd7866ef8c866e52ebd94f4068833

Threat Level: Shows suspicious behavior

The file 2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:02

Reported

2024-04-07 20:05

Platform

win7-20240215-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe"

Network

N/A

Files

memory/2352-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:02

Reported

2024-04-07 20:05

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\637e32af205991d4.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{AFF521F6-AE33-4DA9-91C8-593A92655606}\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
ID 34.128.82.12:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 104.198.2.251:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 34.174.61.199:80 npukfztj.biz tcp
US 8.8.8.8:53 251.2.198.104.in-addr.arpa udp
US 8.8.8.8:53 12.82.128.34.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 72.52.178.23:80 przvgke.biz tcp
US 72.52.178.23:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
ID 34.128.82.12:80 knjghuig.biz tcp
US 8.8.8.8:53 199.61.174.34.in-addr.arpa udp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 34.29.71.138:80 xlfhhhm.biz tcp
US 8.8.8.8:53 138.71.29.34.in-addr.arpa udp
US 8.8.8.8:53 ifsaia.biz udp
SG 34.143.166.163:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 34.67.9.172:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
ID 34.128.82.12:80 vcddkls.biz tcp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 67.225.218.6:80 fwiwk.biz tcp
US 67.225.218.6:80 fwiwk.biz tcp
US 8.8.8.8:53 172.9.67.34.in-addr.arpa udp
US 8.8.8.8:53 tbjrpv.biz udp
NL 34.91.32.224:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.174.78.212:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 6.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 34.143.166.163:80 qaynky.biz tcp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 34.174.61.199:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 34.41.229.245:80 dwrqljrr.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 245.229.41.34.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 34.174.206.7:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 7.206.174.34.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 34.41.229.245:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 34.41.229.245:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
ID 34.128.82.12:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 34.174.78.212:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 34.67.9.172:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
ID 34.128.82.12:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 yauexmxk.biz udp
US 34.174.78.212:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 34.143.166.163:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 34.143.166.163:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.168.225.46:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.94.160.21:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 34.143.166.163:80 typgfhb.biz tcp
US 8.8.8.8:53 46.225.168.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.168.225.46:80 esuzf.biz tcp
US 8.8.8.8:53 21.160.94.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 34.174.206.7:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 34.162.170.92:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
NL 35.204.181.10:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 34.29.71.138:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.168.225.46:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 34.29.71.138:80 mnjmhp.biz tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 10.181.204.35.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 opowhhece.biz udp
US 34.29.71.138:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 34.143.166.163:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
NL 34.91.32.224:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
ID 34.128.82.12:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 34.143.166.163:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 34.41.229.245:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 34.162.170.92:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 34.174.61.199:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 uaafd.biz udp
NL 35.204.181.10:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
ID 34.128.82.12:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
NL 34.91.32.224:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 34.29.71.138:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 34.174.206.7:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 34.94.245.237:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
ID 34.128.82.12:80 whjovd.biz tcp
US 8.8.8.8:53 237.245.94.34.in-addr.arpa udp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 34.67.9.172:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.168.225.46:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp

Files

memory/2364-0-0x0000000000860000-0x00000000008C0000-memory.dmp

memory/2364-2-0x0000000140000000-0x0000000140248000-memory.dmp

memory/2364-8-0x0000000000860000-0x00000000008C0000-memory.dmp

C:\Windows\System32\alg.exe

MD5 2d0dfce14916b8bf2fd070cd1931be88
SHA1 d2e0bf05cda4a251870fcfd84ad6dcd2d2dfd7a1
SHA256 dd833ffc45c0660230ff1753b75e97732a2b1364b4fedbf918e42228f44c1d21
SHA512 af82284faf689be97a67766e811186406323487bf0b0c79248a19ca52236c60b23f458dcffc6c875c1f83b4ad12749d1622c588f55f9dceec4c9a5a51019e003

memory/2140-14-0x0000000140000000-0x000000014014A000-memory.dmp

memory/2140-13-0x0000000000730000-0x0000000000790000-memory.dmp

memory/2140-20-0x0000000000730000-0x0000000000790000-memory.dmp

memory/2424-27-0x0000000000690000-0x00000000006F0000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 4d49441907342420c8ee18ab81a3e248
SHA1 1671acb4cf9c473459103da54a76ae50c7519b0d
SHA256 ec407beda4deb60de468d8e4f0a2dea6f0076d48cd98398cafc287ad693efa67
SHA512 5d824b521fd1b14df09b787f63b3156da2d23fa20255c397ed73468a21c8fed8ca9906881df8b42e63af44f9f2303f122939c21df7f43adf81404398291dcef5

memory/2424-26-0x0000000140000000-0x0000000140149000-memory.dmp

memory/2424-34-0x0000000000690000-0x00000000006F0000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 5571380785dcb2dd763b47c13f161998
SHA1 0654277352b6c7463d34dd4c1d299650b819a33f
SHA256 9a16601ab380ef6e280c9ae847297544d3d7b0549f51bb175bf3ffebc37bfdfc
SHA512 ccf935d95e3c752c22377e6c43467eaa12e6dcd96e124e3dbfeeefa68e7900762ef5c7ff56c3dc4fd5dc0156bed9eb0312321336619370743988ef15bd7feb1d

memory/2364-40-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 2871a4facfd2d4be31317f028b48f93c
SHA1 69357deeca161703d7d10901f1d56b5cf4d9ddd2
SHA256 f3d452139c5ed54d0e12eb3e9159e7f3f68219b2118a4fdd8dcfd3cf97fac9a6
SHA512 f3d7bb111f88f54223a02973cc164d1b327767301385687ab5aacee5dcd282dee29e6c07000ce4c28516b09fbe8a64433109ff302da81fb9c7cc541255b7445a

memory/3220-44-0x0000000000C60000-0x0000000000CC0000-memory.dmp

memory/3500-46-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3500-45-0x0000000000D80000-0x0000000000DE0000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 8029b3f8eafdc39eaa822237191a05fb
SHA1 b3861807b791e0766a8ab7189862e354ecdbee4c
SHA256 0d8f342eed2ab69dd0c1660268f3858c1917db79f305efa50b4e74cc9bff4918
SHA512 37a351762a98d38182c60618e453835d80f485d51686fbe4702a63d6e1f6e8bda3648991a3ec69c0e5a55e0e437aa7bacfb276e4194918688e172c79e910d945

memory/3220-50-0x0000000140000000-0x0000000140237000-memory.dmp

memory/3500-62-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/3220-59-0x0000000000C60000-0x0000000000CC0000-memory.dmp

memory/3500-65-0x0000000000D80000-0x0000000000DE0000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 27914504d88bda42953ae3a85fe6914d
SHA1 add50cac8a435a836400a374f895231fb282b752
SHA256 62eef108198b82077bb3eabe2b34fd60f05615843e3667e15ffcbee56581706d
SHA512 61a1999da80d5ddacda64e9a83e9e7403ae08301dfb62d83d6c978d54de3b20a77928e2e477822a22b4d2b5182cb0fcafed974d56f3181a1ab8cff8ada8a965a

memory/2612-70-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3500-68-0x0000000140000000-0x0000000140135000-memory.dmp

memory/2612-69-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/2612-76-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 70d5b62acdc357adf5eafcae01ca2c2b
SHA1 6a66fd12db972c7d310ed4dc221f776c28fc2e99
SHA256 847a5c99083eecfc682261e3dfe16fcb01b34abe383558d614302266bb6fa3d7
SHA512 547d15192632c6b631876cf06108daf1d31616bfa36c73f645190e0a32ba1c5db47aec0ed531f369610eb5b7725626f85b3d3f07ec8529396a3a8eb07302cf9a

memory/3768-80-0x0000000000C10000-0x0000000000C70000-memory.dmp

memory/3768-81-0x0000000140000000-0x000000014016B000-memory.dmp

memory/3768-87-0x0000000000C10000-0x0000000000C70000-memory.dmp

memory/2140-89-0x0000000140000000-0x000000014014A000-memory.dmp

memory/3768-92-0x0000000000C10000-0x0000000000C70000-memory.dmp

memory/3768-94-0x0000000140000000-0x000000014016B000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 b663482c87017c8431f2306b6924e948
SHA1 64d4d1be83afcba98d8d3cd119e9942ea3b9bb98
SHA256 788d60b8fe1acf8b1fc684fcd512bb1435bb74088a0a4e82f86c4107a2d44564
SHA512 380f91ff2e2c69ca8458bbc7586952c445f7cacc78053a491492d6deafacae86ee6720a50e3102c2daeeaecac7d81a5e9945c0d1d9623d7fcf4c3d24fd760dd5

memory/4628-96-0x0000000000510000-0x0000000000570000-memory.dmp

memory/4628-97-0x0000000140000000-0x0000000140170000-memory.dmp

memory/2424-104-0x0000000140000000-0x0000000140149000-memory.dmp

memory/4628-106-0x0000000000510000-0x0000000000570000-memory.dmp

memory/3220-266-0x0000000140000000-0x0000000140237000-memory.dmp

memory/2612-267-0x0000000140000000-0x000000014022B000-memory.dmp

memory/4628-270-0x0000000140000000-0x0000000140170000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 03966d3735fa6bba16cbd3a588eec27d
SHA1 37656188f68432b35538e9fca2f84a0fc8ada483
SHA256 f5a6e2880cfd46f00930b608a2da0488fb78c82b410a5128ffbf351bbf2fa138
SHA512 3c221075b5e793ac75e6bb44ef17f4232d5692a682d96f74c7a29a2a76f6c0e51a64e8659c33ab65d74cb785d3fbf5da7a8c5bc17ec478e5d5e10e8eedad9629

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 22f1a5decd912e0d18e15c016f3b869c
SHA1 ad27cac403ab02550c38eb8cf3efd7f6aef7c15e
SHA256 7ebc2cafebd6d7c4649bbbdb3b0dac1d9752e93993c9253fa96f081ae8a39e96
SHA512 93357f8ef783ccaa9b48f5da55d3bf354a8bfac162c883ad788640e701cf03c2052d22c78fcba151e626eb719176b6872659e0fe59d31f29a5c9f6ca9bcd5b8f

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 0fde13dd2b6970c89dfe7987d2a124dc
SHA1 9b152dee735c5114cf54a05abb16aa7f9b896e40
SHA256 2ee8c18f659dbc4b11b538fb9df82ef8ba16c4df851d5c7dd29141bc4a065d89
SHA512 5e7ca1e4d7f8acae12cea033a4acfb63c67243edd85c90db17b410c84ac72c6570d2351023c491d9d7fee5d571d5aa60ef215e346a274b9788c1b846718399f0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 2c24ae2c485c171ed34140e43b04146e
SHA1 d21646802165da53e1cdea927687d90e9d74359a
SHA256 aae4ae0be36f0e0b68fe4ef81b7ab5b878b417b7612ccc4785df6f7900efee11
SHA512 c66e4b1f6053189a823feeaa916cd23ebd21c30d2e66b2479f8bb49c5db76db6f20a4c0f6539de098b6ac97eec6414288511e5860cc69d25d262f2e4026c5fd1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 19752a961a31f09c66fb18d265e26e5a
SHA1 0b69f66e7d9220b499163340dbeb31cf36063d7f
SHA256 d35046f36c741052fb53eaa17df5c1080a9a0774d43230b1ce387d8c6c82f4b1
SHA512 db915d204bca471220108866dc26bcd1b30af06d0fb8bef42f14d769d9062695ef7d4f2d9f03f87c876caedd442b763a5803d160ba8e689af546807b1fbc77bd

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 2a5b10286822db622095d0b88bdfc97d
SHA1 a973f5957625ac40f75e69c679cde63d4557090d
SHA256 87f4a0092ddd1aa4d563b57eb03cb2323dcc389a55561d89157439800c9f1c0b
SHA512 ac6b9156358d6b5e1597ffc6203e558551b6d6abe6f6bab0ea1b2f68bb98ebb87b35dcbfa205e58a163af832e23991f07be6af5644ebefdd8b5e4269fb34ad26

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 13451945381360917a1822938a4e8545
SHA1 4a96481bd4ec3dccaf3fe889fa202ca660745717
SHA256 463d80df793bb0650072ecde5d0ec10e93cb1eb7b84bbe056b17e9b20c9dec4d
SHA512 c56534c9cf712450cf7e04ed32dc569b0fb53663bb242ec87aca067b7fc67e7799057390234028b1bf568646db2ced61bea83df6a7d15c80fbbd7140ee5bc721

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 63d52e9b7765f3a15b0bf2eb79ec6399
SHA1 1a7b28324d94e5777a07876639ea1861fbad6f1a
SHA256 d99dcf3e58f90b2dac7f11e6286f2846cd690b90cba4a37e4ba3f45bfa2a78ad
SHA512 c836e3dfec0ac9b16fe672ca5a9cb9988154db6ce508a95c0572b0da8c2e42c7a0cf4bbf786ead4939fbd3ae286c8f6225b361ffb9203d32dad1c85a556d81b0

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 2f11337240b72c9ab2b5d3d67ba917b2
SHA1 c525c790e68a93fe58f3654ef5c50b7ade9f47c4
SHA256 15306b21283799b12830d9340f8520bb413838eaeea3d4f6d8b02e364b83ddf2
SHA512 51d0b1df61d5b2e10bd80781592c761bfb173d36284a21f83c250029b71d70f36e8f32ecc85a55333259dc879e8c832a75b374a4b0993945c282e2abfefe496a

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 950cb7d994cc2bd7daa2ee3a2b79fe73
SHA1 0bbfabc4c04fc6bc3975e9d1121757c1facdc1ca
SHA256 3a56e96fd18a44d696badfb343c08cc96aa9c4efd10016c0d4c1a8f439c00560
SHA512 5dceacd4b456fd54547078ca5ca3b463d323f09323165147c152c7fe948d175a1b693e574ee79e55342b8d076e27248124d91820a7a1d30d2cd9a7cc24c9674a

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 4973c59cb54422b56219b6de836d6db2
SHA1 b906eff941584a62524bc923552d0a938447e862
SHA256 ed41aa31be8a2a14e8c66b3a0c156039e56d9d178f57dda487a4be52b254ee85
SHA512 500f1899d736fb5c7fe1e6248b0bf78d666ad5799d3183417c4ea9b300c2c44459a6d2f7a8b66f245d1e70116c446f00b6299567c470ff054cf9b489190a8e57

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 6d0c2b02c2455cbc26711aec5f378bd3
SHA1 96b2e236f04c38a7719197fc424ef047f4011579
SHA256 ce1d3af8346a131a1fcf6988a8110016d3156e25cfc65055e18625408e4b7a50
SHA512 460cc033828a40755f0299d706ff66ff6e3b5fae5941f977179cb4e9b5f067a5567f02b99605a28aa9007a8d4721865d33a47928961fb8576d34d24f3ffadfbc

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 f8ce194c66c3b51e6e8a86421106204b
SHA1 3e5748a7ef12a67615d51a49c4d2dd5697c380b8
SHA256 d01466a1eeb23c4b7014d6402f4f2c0d80b5a03a0eb519bc2f55f4cab0fea316
SHA512 a4966e9fc840f86eeb6b7271d75e89d1dfb8695bc4172977ca5015d819eb15b3ea4e8b8a31f868bc20c0b7c00adcef7f78449a7273c74cbca4ac3510f046c7b8

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 082c878cb4c11a2a96b56ea16df10492
SHA1 80341687b124d50de8214247ea9154154778afb9
SHA256 729d324bc991e4e528da24510babbbc684530ebbfd311753801561364e076f1e
SHA512 fb70cf9644bdbcee70b677f8f42d2c585c395de274a93d9ec6975f427e927827641665b37dd5b2da553156b7345b20b1c159e0d29babbc8474fbd408733686e7

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 86444a6b5e0448d1aaec1ec29692810d
SHA1 76ddd73d7e4c27a677ea21391aa9583869b86f49
SHA256 86cd62d36e6f287c4cfd5d728906a4615106e33d6b56a3799c16c2239afe3999
SHA512 0df6d79b11ce9aa1bedcadf2214f2ace8f26d321c8ede40d6976099cb9ce5fc0701dd102cabe155472e770ec6a27b85621c085cee3b6f17c0cafc3f78e8001e3

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 ecfb5d7ad1329491e5fb16070f360e89
SHA1 a51c4a02ca6814667d1452ee4f146eef2361eaec
SHA256 01af80cba4d283224960c46acf875dd0b8b4be033c7fc6f42be65cfb1c63d8fb
SHA512 d040a58974e1c2c506bfa14da3bd4395ceffe990f94890853d8234b8909402c3bbfa9457842e8947502c40429f9006ef184fa51d548d8255cc997b5aa8d8dce9

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 1357abc6898d25f205c929a5db746f15
SHA1 6cc92140c0c0947a9a61036b0ec5e43a3f786ff8
SHA256 c5d81636682b699f183728aba444b623d72c548e3654a008d1cec37254a9ba71
SHA512 680b299731e65ba5df90f1b65635375fcd3f4795a8286ae456749ade8fe2659773b290ae0a9ce18119e29b6db06ca81ed3e5e3a2325e9901969e0b5cab05bdb0

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 9fe4e40b4eed63c1ea0af6aebd7f1edb
SHA1 9b0403318e219d3f583dbc84675a17776bb08803
SHA256 b35024167dd699a58e00d90c0acbdf059535e62fda5f8a46c822417f90c18768
SHA512 3d731e164c83edaa20ca05ceed17b864f35b6873959d6c9a4b637d15e159267e0afa3402b02849a8db3cbf592d82a43ca829753a56eba814c90962a81e08da84

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 69c3793b180ee88adb8ea4f7cd1fb271
SHA1 8c031abf58453af1390efcb6969c1627fea08f14
SHA256 37f63b23d35e2947d3cd1fb20382deabc3c1a6bf759be080275a66570250b8a2
SHA512 942c2e722061f493865c4de140f371fce7af22958726adfb891433f64a85a6813d64180ac1e785d20a0e3c85336747955635aba203bc72922b2d52f475232816

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 9cb8a4b9b541e965d5d8e9614404809f
SHA1 49c2acfc2e6a61b1830d5a567b137bc4e6cadac8
SHA256 d6c2413b45cbacd91ef2c1881664e20c01f398726c4bfcbe61e49ddefba2c7e6
SHA512 1f01083ad885206182051dd3ebda68e798799e18fee23b21bf02345ec97f86ae488e36831f703d641ce36ca369579a52d79e1956ba3cac9c32261a3857f6657d

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 8a1d2e0b05be8a6dfa66d0f272eb9df8
SHA1 efb2289007f4c0940cbdcc800f8f4e79f1a863c2
SHA256 4334d0873145295947eacd117c789f561ba575287d134b8a8cd1b31ed8eaae25
SHA512 33a4217e7e41817f2ee2fb83c8aeb45d247fb9b0cab78f8796cd9b28386876a67116db5d064352c98defc2b2ce75c3075f6eeb00278d5fee5764fc66166071b6

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 4b6f4a5b27c6236bae7c941edaedcaa5
SHA1 c644f30687d599f62f2b9307e9050d32cbdd7bd0
SHA256 cab827f006c8818bd27ee0d8434de590259e4322aecf6b07048cd8913e039b69
SHA512 1f6eb41196b7c9cf012128f497094a48885284adb77cb7611c3836ade03e3a44ee1b7e2f66cee32e4ba993e50416381851148bda1abf24f4f2cbd3fa2ebc4192

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 260dc28b8ca88484fb959c634d7be19c
SHA1 8d267bac168a57770b81cfea99dd3b515f3f6e1b
SHA256 fa54922620b505958622cf9ad6455bfc1eb6679cb3bbbad3fc81064393bc8d68
SHA512 6fcde3909d987390754ca4c15544c144bde2281f90a5104729639e3e494b2b9c482c573afc59c43880265d762fc4be393b53e4411b609c3ef8682b120e985651

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 2cd634553378a18e047e2aff7faa74f1
SHA1 a16b048c480f89e0f9ef5def5bf62b2e7c0c6cc7
SHA256 fa60e1428c9803f679d32ba83f83e32412742f5ba619eb00b1100fed232f39e1
SHA512 6a28feb571a1acef66770a2dd9ebf7f867a8b3beae17b4d3e9f2235a5087d086a695fd154cb95e9c437d1fbe1d602415fbc3736077a1438fd3087928acf1dab5

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 1b05b09efdc320a155bfb790e0837ce9
SHA1 cf768773d2014b77a78ca06352819f0bb6590ae3
SHA256 2b03238da38821af02ba61ad919a155c2bbb95e06030dfaaee23f4b2a31cecf3
SHA512 b06aa1ea8dd4a8795dcea568decad47057b532a0b074c057bda656a24f4499d0e929f0e276cebe2ec4efb5bbda07aafe9a6b726a10d2e999bf9cc24c876db65f

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 6b87f1f2bc564fa337706a5d1857d91f
SHA1 b5afca914bdbe7629cca25347bb616bed7e75792
SHA256 569ada296172e5bbfa6a9d1bfb6e409acea77d677b4aa09ecaa1c6d5fc21ab3d
SHA512 34b93860ed9f58c7ac13260c801218bee502368ddebe519b66b26f43f68eb34e7301647ea24d0866b502e1816cdd851f4ae1eef0198ed44daf2265a960068e81

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 84eebd1ca750245f9b7c0376c430622b
SHA1 86d4ac9bb8f45aba3534d0c83d9825ddc2d1cfa9
SHA256 43928e3b8fbe5887ff1dfa54cfee65df06ef0bf1690288d235478391ba51762d
SHA512 5a6c8bb00f52da29cefa44978ce8ef725a1fe21b0df5d5d1e1e641c54b99147ee1a131c904fce0f0dbb5ae01a0c2fc91ab7a18d5bcdc57070c33d55cd249fb2c

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 3bbe07f9d6ed9975d0d9650750f74f2c
SHA1 b19def25b638734db3b895b296681bb7a972ad9f
SHA256 ff20678ffef5e8933b03fc739da9a1d80d76599fb46c857a54c611ce08a28837
SHA512 36fe649cbfcd9dbf08a06ca4805009ce85a1673fd5a52166df4b713d975976c755093b3e53e2358a9a4e86dd3cb2fe389bdb10763d0d6f5cfb07efc79d2bf18d

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 b1d8c7a4f7efdeb03d99b9918537f738
SHA1 2a9d724f023bd9bdbb755aee238817135799f7de
SHA256 d816b1d8d0ed7b4a76557ab67ad89402a8c0b78e95842b84c500de559bb9b214
SHA512 43b799b9841e6caf69ca9184610c0ddb4c834c0415ed449b9a55952356fd47dca0326dc801da14321898eed414b20be41024a319fdbabfdf1e7d00f58fd13ad1

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 da1442979cf094a1d3845c3ccef8b711
SHA1 11123267369e03d394971187152ecdc7a91e2ca9
SHA256 db2e1b00017dd2b6b4199c84f6559f78e40a303b5f1b6a6487ec9d992a2911e3
SHA512 5ecafed93624077383f3cc9896861bf07d34bcdf4d4d91ebd4bea6fcab3fe44a38c4f07e9c1ad5e7c405c6d8a3f743a655c937911b8f9f19a93e85e04e9d6a66

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 f592d7a4ce03dd9aa76b89bb162d75b1
SHA1 aeb853bc0e776ecd81384ff6216b4a34058cfebb
SHA256 b8308c7a245fdaf7dd4f06b2c51bd0c053a7fc1e6d9e301288bd54b622371276
SHA512 303080893a23f37eee79fe8a934c5a5eb1f0dc4f655447f22de9eda35e6a177eacc80e53db07a9527594fb904eb5999f0a12454445db9bdfe349d374755fe062

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 45b3d47484e3420df7e974dcf5e7602a
SHA1 8a12e4caddbf01922f1bb29f400707effbf009f0
SHA256 1d3903e23038a81874464e10b78c288a85d9fcab430bf39e1758b9e2d07667b2
SHA512 ba77be43bd10232056bd444cb458f5bb099e6a51280e8b4a265d50d27d74485e0e86dfa3ed02d22538e54e71d84400e5f92668c4cded3da5cf6d263425de16a0

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 ca512c995348827baaf581a455f94b50
SHA1 1d069890903e8b2ee3479ceb0337123adecf3843
SHA256 fc3d61298b8741fe242aaac08f96850989b143545d91378febe9c4e0e4d577be
SHA512 0b74a59644dff05c24b151e7040d720fa1af4f72c4ab0a579962499581fff4e9a6891d6549140b9d12ac7d39c15297f46c5da813fafa4941b8f7ebcf83fa782b

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 def6b9260f349d338231cef8fa5b4fc9
SHA1 5f09c4da8bfe8ce474c6eb84c82565e1baa4e006
SHA256 4bf0f324ed7be0c2703e492d6bf67073e804867cfc808d8d044a16ac64ef3633
SHA512 36b4f246e3e30969f75d845f5dcbf1ab3644446347854248150674f56ac121679972549a29db3989ffab21d0880cc66ee986a38b31c162b74dcad16ebbe1abdc

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 4e7b5c1225b6835f15998dc456230605
SHA1 e31b4f26d5ae0e8dc9c9fc760cef996c479e2b30
SHA256 fbf1aaaab7606b13bcf6962acfefe94f715f279bb3cd41e492ca135332eb1eda
SHA512 b1f8263e6239c38c0acf38b9ffe5c66156f9fd959b91587a23aa6b3f43e1cbd59b34512236b81530b11464f54e2da1d64ea70e2b7799c78b89e62b43b00a220a

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 62180776a7636f5ac4dae38185717fce
SHA1 c119503beee47a009cc2d78518e5329481b4b91f
SHA256 d89f570bdd367ecd2ecbec2010f0b41d4202888f64ff072ba31b950763dce74d
SHA512 b0b347d4011605e8f2c737aa6d0deec60a095e474ee3df8ed9d9aee9f5f3edbb0dc997c010d4cb7e81b0c3bb1b13af2cc4dd7b6e96bc5133d31fd42594126257

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 ca662d99ad9b0e7cdb67e8202c75720e
SHA1 91cfe73719c81f769e1646d4ee0db112f34fcf75
SHA256 45e6be809d3fe8401334d8656b73ef870d9da344b9aceed213c6e2dd8a02dc10
SHA512 d03423ef0c85637f5ef4a564172da5e4e35ad82448b95f762ddf9133be9e7dac462460b4e5e24f2d8162ab5c6d8c378ad599c3c76bc3728f89b3ac109c6f0766

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 e5e3a4082300c8cb94950173281a0ec8
SHA1 419f91618999384aa5532563db4eb841280c658d
SHA256 8e8b6b30b726f469a6bc0b0c2ddd580bb8dd594d0d198933ae8b2329671e7bdf
SHA512 d0f9c4f8d3699f1da993c17f08e47f9bdc2bceaea54258604492d90ea5d3e4c42f276633225c334ca63310e66cd3222e3d657e73f650b72196b873886f479ee5

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 eee479f68eaeda43e33d5228358fe748
SHA1 236cca9cb03f5519b5729b45a2f8826bc14fad2c
SHA256 0b15fe240a1c88643f0771926fa0b4098763f20265b44056f0ab65870c7388f0
SHA512 e89a685a7c92f57da843f5d9e60fa4cb2d04a14a620cc13fe62dbc288b5743d8aa7e28cd7d475974daac1d43b8b472e8de1d9a440d4ca8fb2c307e0f483b3a17

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 db864cc16250e7c12855d4a6e31a533d
SHA1 5818cee6b07d237ca3a28a14e1aabbcd3018af29
SHA256 0823d7c1cf5bb9783bf9ab94aecd37ad6adf8b6509a00e6a033749aef5998bc7
SHA512 6be6d7716505b2ad2c69d931656d75b0b52eee536dc9a344233905f8564226e201120727759e67cb6a41039273337ba2e80b7ec0e26f65d078482e0b38c5b968

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 95b094035700b29b3adf3b13dfab9228
SHA1 653da5288740fb87b1dc1ee953e960f4c317b33f
SHA256 53a27605fe661ffab418c0dc7148d3ecd22da70bf27282eddfaf6a36e11cffe0
SHA512 82c859e622ae5e612769aa499fcd4ba62e8e418b1f5aa2fbdca3d40d9cdc4adc5cfe925b36052680bac5ed633d363386d64f17085ab839d9a54313ae4510eb71

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 684a6f5976750152dd3cdfda3bec12b0
SHA1 1e1d9074170dfb272459032be98df77cefd209aa
SHA256 ed854565811efe4583013a356028ffbcd8fc535dcd24e51a072e9ccf6b52ad48
SHA512 f313ccc624066f764aeda346dab319aa58fd4fe77b288f71a589afe99447746e29b0ff4117eab4ad9ccfcf362b44e5a7a0ab2f34f1d4896be92f7f12f0dc13a1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 171d43ee897abedccd890514c81940f6
SHA1 e98625a5b978b2e2d2ba941dc808b5fee0d7cb3a
SHA256 3798638d3216397223cb1735563f1e3d1396cf008b6c49f86e5f643597620a39
SHA512 f4e2b12a1371ced7a9a3e1f8f153601e1d06f4148f162dbff0c3dfc284f860b0c9b2aa65ede774ec494931ca9286eeff7258c019825371201d0234550759660f

C:\Program Files\dotnet\dotnet.exe

MD5 86ecd53fb8caf3841ec01ba399877c89
SHA1 aa832f60c04578d6e6044c4c1cd6396b9c562157
SHA256 0935e0bac262819eae51855855740d7bd8442672e2a7318922735b6e2f5aaa7e
SHA512 028975089a5ffa91f59f06d67b05d5f6654e019016516b2c3d54cf1e8898daa8560315d936669b78de6a0701a229468e402c2258f54e7a26d3fcfc75035a1514

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 e261df64874ff7103f216f6b7ca917c7
SHA1 34aa4d51a2d839d6a75070555a155616f263ef62
SHA256 1b471d5d9fb42c59a70135d3f7540f381b94671e919806fc27821c88723f05ea
SHA512 1462774b913548e5ae9ced38d72d9debce6fdfbc540ee6a39209217861bc8f927daeb62003d6b882350cdf1309e49c766f7df85ec54e0b79b24972561c750b96

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 0c07e47fd9ca2c967cd393e15391dd00
SHA1 7db075c7956b32adc3e7dc0d629fb26fa62c2169
SHA256 d70531e1715bb458b59f9ca1b2c51bfa0938e53ff784e5422ccac918c62769a0
SHA512 ec3c2947359a28263610f63c2862bf7b5ec6489bd1b9d0098d72c848d0005e5555f0677a618c6bc5f550b29e97dac4d57b1f8514c95ce959c70326067ea863c4

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 89f27316c6634c53e4692944bd0a4e25
SHA1 c9f9fe74c74050083defe976fcf1095c8d07c335
SHA256 11eb0a1cc010904cdad46baf78ee0e7c8999b58f54b722ae6a8fad29f03c63da
SHA512 58fb3c59cf6067a900df922ecf434d25c694b029ced596a38414141189db847760ada6f987f43b60be5bb0f697b3cbd492f6fc37c031b65fd667c378f6d77a5e

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 c1d0da3925e57459874de0e46a6e2f74
SHA1 ebcfdbf4365ea81ea0c2066748227ab52a89f47b
SHA256 d07808be8af5185a19a1cadaa13d8f16bced02fe02718aa2f42dab1cbc7ae102
SHA512 ae0c0cce28fd42cf3512ccb0b9d88c021d10fdd0ab22a17e6c20dc1591380c0c612be8ce7083d734ac243d36f2543fb47f89dc21dd54dba9b36742fb3f5cc764

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 ed729cdee8570f6632bd813b8f09a894
SHA1 8fddfc7e0fc777b1a8e29bc0637e9a28e29754d4
SHA256 f927fb460fe6c06e94c5cea7858ecc6a12e20ae4be67b1b4b1d680fb46156c97
SHA512 13d3aee6060afd6a3b020c0733d4666741d2a9373dff8b1a03b5d5c5bc1bf659761342ffa12c3685f4a8f62d496ba0a43d20a31c18d248eadca98a1415ac5579

C:\Program Files\7-Zip\Uninstall.exe

MD5 1e16ad42466b45273e1eab677d4132e4
SHA1 ef791b0894e9e5f77b11fdad23f38f40e328e9b9
SHA256 455f4830b9f350281fc054cc4488217149f50f867f394494c3e198d003205a37
SHA512 a65d3a517c89e9686886f2ff62264b087376038e4a0d767283cfa33cecae5af9613c6cd253cfcf9cbbd4c7ebbcbd1fd083a70e8fe584db7affc55fb7aeee9d37

C:\Program Files\7-Zip\7zG.exe

MD5 bc1bae1eb9f37c707280a32fad7045b7
SHA1 ade980af41ce6dc6d39117dd878a40b059519926
SHA256 26aeb4c997f92fbfb4f61edae74a7bfe439bcb3fb3204686391a0579d7a23d68
SHA512 98f8077a2419b50247c9dc2a0c74de905a61923e783fffc8204454a99f3a931fd6d6fdf3903519dd8534f6214810714e8454154dc8b3d4b0c94f245f5719cdc2

C:\Program Files\7-Zip\7zFM.exe

MD5 d7229192654a3115d020dd8353ff2cdb
SHA1 0ae7623a6559f4404a82f2cd758e7e6faf747e3d
SHA256 c55f0ccdd88373bae1ab84a02b6bcb6bc2dc4340450a656df58da3ab90ed07bf
SHA512 e08b2427f1a75a4993848bd75569817a6a6a52b7e7681a6034edb2c29b40fdbb5d2483ee48c08b894eda8a433f456c3d7abae54e9c46b481705c7315d64927d2

C:\Program Files\7-Zip\7z.exe

MD5 d587ddc65e3b4638975cb5adb30669c0
SHA1 92a04b3d496c05d941e6e3346c006900df43a4fc
SHA256 49fa38e5f5201072a866e73bca725d3d88c82a43a1472e4556d839161f53a0e1
SHA512 6310cf7780cec2a2708c4d86a045bda8a5e256a00de85ba5f298a0be67e4915af4f180843e4178d4050238a11f57379b1c55d46a699cd374699183cd639e9bbb

C:\odt\office2016setup.exe

MD5 ffb1163423655438f0616a62e6995e78
SHA1 fd361ce7127375da678d0e56403b0df4d4c7e88c
SHA256 9f8d90fb3f21a4c4733241e89b920743c3dbc386d60129b2300b76d99660dd8c
SHA512 eb8c5f347f825e8dcb4861d0ee31772b619bf47c90d6c816823ae619b2114d009f067172d3ac78589abf519d119ed60d34977e831faa95e4343d36a04771ba70