Analysis Overview
SHA256
b7447426f5c11a19f2080a6417c2382d0d7fd7866ef8c866e52ebd94f4068833
Threat Level: Shows suspicious behavior
The file 2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:02
Reported
2024-04-07 20:05
Platform
win7-20240215-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe"
Network
Files
memory/2352-0-0x0000000140000000-0x0000000140248000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:02
Reported
2024-04-07 20:05
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\637e32af205991d4.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\xjc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{AFF521F6-AE33-4DA9-91C8-593A92655606}\chrome_installer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\tnameserv.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\klist.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\kinit.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7a1b3dd44d04c80ca5a760ee5443a651_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | 7.206.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 46.225.168.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | 21.160.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 34.29.71.138:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 92.170.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.181.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 34.29.71.138:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 34.143.166.163:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| NL | 34.91.32.224:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| ID | 34.128.82.12:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 34.143.166.163:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 34.41.229.245:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 34.162.170.92:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 34.174.61.199:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| NL | 35.204.181.10:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| ID | 34.128.82.12:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| NL | 34.91.32.224:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 34.29.71.138:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 34.174.206.7:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 34.94.245.237:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| ID | 34.128.82.12:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | 237.245.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 34.67.9.172:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.168.225.46:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
Files
memory/2364-0-0x0000000000860000-0x00000000008C0000-memory.dmp
memory/2364-2-0x0000000140000000-0x0000000140248000-memory.dmp
memory/2364-8-0x0000000000860000-0x00000000008C0000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 2d0dfce14916b8bf2fd070cd1931be88 |
| SHA1 | d2e0bf05cda4a251870fcfd84ad6dcd2d2dfd7a1 |
| SHA256 | dd833ffc45c0660230ff1753b75e97732a2b1364b4fedbf918e42228f44c1d21 |
| SHA512 | af82284faf689be97a67766e811186406323487bf0b0c79248a19ca52236c60b23f458dcffc6c875c1f83b4ad12749d1622c588f55f9dceec4c9a5a51019e003 |
memory/2140-14-0x0000000140000000-0x000000014014A000-memory.dmp
memory/2140-13-0x0000000000730000-0x0000000000790000-memory.dmp
memory/2140-20-0x0000000000730000-0x0000000000790000-memory.dmp
memory/2424-27-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 4d49441907342420c8ee18ab81a3e248 |
| SHA1 | 1671acb4cf9c473459103da54a76ae50c7519b0d |
| SHA256 | ec407beda4deb60de468d8e4f0a2dea6f0076d48cd98398cafc287ad693efa67 |
| SHA512 | 5d824b521fd1b14df09b787f63b3156da2d23fa20255c397ed73468a21c8fed8ca9906881df8b42e63af44f9f2303f122939c21df7f43adf81404398291dcef5 |
memory/2424-26-0x0000000140000000-0x0000000140149000-memory.dmp
memory/2424-34-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 5571380785dcb2dd763b47c13f161998 |
| SHA1 | 0654277352b6c7463d34dd4c1d299650b819a33f |
| SHA256 | 9a16601ab380ef6e280c9ae847297544d3d7b0549f51bb175bf3ffebc37bfdfc |
| SHA512 | ccf935d95e3c752c22377e6c43467eaa12e6dcd96e124e3dbfeeefa68e7900762ef5c7ff56c3dc4fd5dc0156bed9eb0312321336619370743988ef15bd7feb1d |
memory/2364-40-0x0000000140000000-0x0000000140248000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 2871a4facfd2d4be31317f028b48f93c |
| SHA1 | 69357deeca161703d7d10901f1d56b5cf4d9ddd2 |
| SHA256 | f3d452139c5ed54d0e12eb3e9159e7f3f68219b2118a4fdd8dcfd3cf97fac9a6 |
| SHA512 | f3d7bb111f88f54223a02973cc164d1b327767301385687ab5aacee5dcd282dee29e6c07000ce4c28516b09fbe8a64433109ff302da81fb9c7cc541255b7445a |
memory/3220-44-0x0000000000C60000-0x0000000000CC0000-memory.dmp
memory/3500-46-0x0000000140000000-0x0000000140135000-memory.dmp
memory/3500-45-0x0000000000D80000-0x0000000000DE0000-memory.dmp
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | 8029b3f8eafdc39eaa822237191a05fb |
| SHA1 | b3861807b791e0766a8ab7189862e354ecdbee4c |
| SHA256 | 0d8f342eed2ab69dd0c1660268f3858c1917db79f305efa50b4e74cc9bff4918 |
| SHA512 | 37a351762a98d38182c60618e453835d80f485d51686fbe4702a63d6e1f6e8bda3648991a3ec69c0e5a55e0e437aa7bacfb276e4194918688e172c79e910d945 |
memory/3220-50-0x0000000140000000-0x0000000140237000-memory.dmp
memory/3500-62-0x0000000000D80000-0x0000000000DE0000-memory.dmp
memory/3220-59-0x0000000000C60000-0x0000000000CC0000-memory.dmp
memory/3500-65-0x0000000000D80000-0x0000000000DE0000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 27914504d88bda42953ae3a85fe6914d |
| SHA1 | add50cac8a435a836400a374f895231fb282b752 |
| SHA256 | 62eef108198b82077bb3eabe2b34fd60f05615843e3667e15ffcbee56581706d |
| SHA512 | 61a1999da80d5ddacda64e9a83e9e7403ae08301dfb62d83d6c978d54de3b20a77928e2e477822a22b4d2b5182cb0fcafed974d56f3181a1ab8cff8ada8a965a |
memory/2612-70-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3500-68-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2612-69-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/2612-76-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 70d5b62acdc357adf5eafcae01ca2c2b |
| SHA1 | 6a66fd12db972c7d310ed4dc221f776c28fc2e99 |
| SHA256 | 847a5c99083eecfc682261e3dfe16fcb01b34abe383558d614302266bb6fa3d7 |
| SHA512 | 547d15192632c6b631876cf06108daf1d31616bfa36c73f645190e0a32ba1c5db47aec0ed531f369610eb5b7725626f85b3d3f07ec8529396a3a8eb07302cf9a |
memory/3768-80-0x0000000000C10000-0x0000000000C70000-memory.dmp
memory/3768-81-0x0000000140000000-0x000000014016B000-memory.dmp
memory/3768-87-0x0000000000C10000-0x0000000000C70000-memory.dmp
memory/2140-89-0x0000000140000000-0x000000014014A000-memory.dmp
memory/3768-92-0x0000000000C10000-0x0000000000C70000-memory.dmp
memory/3768-94-0x0000000140000000-0x000000014016B000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | b663482c87017c8431f2306b6924e948 |
| SHA1 | 64d4d1be83afcba98d8d3cd119e9942ea3b9bb98 |
| SHA256 | 788d60b8fe1acf8b1fc684fcd512bb1435bb74088a0a4e82f86c4107a2d44564 |
| SHA512 | 380f91ff2e2c69ca8458bbc7586952c445f7cacc78053a491492d6deafacae86ee6720a50e3102c2daeeaecac7d81a5e9945c0d1d9623d7fcf4c3d24fd760dd5 |
memory/4628-96-0x0000000000510000-0x0000000000570000-memory.dmp
memory/4628-97-0x0000000140000000-0x0000000140170000-memory.dmp
memory/2424-104-0x0000000140000000-0x0000000140149000-memory.dmp
memory/4628-106-0x0000000000510000-0x0000000000570000-memory.dmp
memory/3220-266-0x0000000140000000-0x0000000140237000-memory.dmp
memory/2612-267-0x0000000140000000-0x000000014022B000-memory.dmp
memory/4628-270-0x0000000140000000-0x0000000140170000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 03966d3735fa6bba16cbd3a588eec27d |
| SHA1 | 37656188f68432b35538e9fca2f84a0fc8ada483 |
| SHA256 | f5a6e2880cfd46f00930b608a2da0488fb78c82b410a5128ffbf351bbf2fa138 |
| SHA512 | 3c221075b5e793ac75e6bb44ef17f4232d5692a682d96f74c7a29a2a76f6c0e51a64e8659c33ab65d74cb785d3fbf5da7a8c5bc17ec478e5d5e10e8eedad9629 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 22f1a5decd912e0d18e15c016f3b869c |
| SHA1 | ad27cac403ab02550c38eb8cf3efd7f6aef7c15e |
| SHA256 | 7ebc2cafebd6d7c4649bbbdb3b0dac1d9752e93993c9253fa96f081ae8a39e96 |
| SHA512 | 93357f8ef783ccaa9b48f5da55d3bf354a8bfac162c883ad788640e701cf03c2052d22c78fcba151e626eb719176b6872659e0fe59d31f29a5c9f6ca9bcd5b8f |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 0fde13dd2b6970c89dfe7987d2a124dc |
| SHA1 | 9b152dee735c5114cf54a05abb16aa7f9b896e40 |
| SHA256 | 2ee8c18f659dbc4b11b538fb9df82ef8ba16c4df851d5c7dd29141bc4a065d89 |
| SHA512 | 5e7ca1e4d7f8acae12cea033a4acfb63c67243edd85c90db17b410c84ac72c6570d2351023c491d9d7fee5d571d5aa60ef215e346a274b9788c1b846718399f0 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 2c24ae2c485c171ed34140e43b04146e |
| SHA1 | d21646802165da53e1cdea927687d90e9d74359a |
| SHA256 | aae4ae0be36f0e0b68fe4ef81b7ab5b878b417b7612ccc4785df6f7900efee11 |
| SHA512 | c66e4b1f6053189a823feeaa916cd23ebd21c30d2e66b2479f8bb49c5db76db6f20a4c0f6539de098b6ac97eec6414288511e5860cc69d25d262f2e4026c5fd1 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | 19752a961a31f09c66fb18d265e26e5a |
| SHA1 | 0b69f66e7d9220b499163340dbeb31cf36063d7f |
| SHA256 | d35046f36c741052fb53eaa17df5c1080a9a0774d43230b1ce387d8c6c82f4b1 |
| SHA512 | db915d204bca471220108866dc26bcd1b30af06d0fb8bef42f14d769d9062695ef7d4f2d9f03f87c876caedd442b763a5803d160ba8e689af546807b1fbc77bd |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | 2a5b10286822db622095d0b88bdfc97d |
| SHA1 | a973f5957625ac40f75e69c679cde63d4557090d |
| SHA256 | 87f4a0092ddd1aa4d563b57eb03cb2323dcc389a55561d89157439800c9f1c0b |
| SHA512 | ac6b9156358d6b5e1597ffc6203e558551b6d6abe6f6bab0ea1b2f68bb98ebb87b35dcbfa205e58a163af832e23991f07be6af5644ebefdd8b5e4269fb34ad26 |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | 13451945381360917a1822938a4e8545 |
| SHA1 | 4a96481bd4ec3dccaf3fe889fa202ca660745717 |
| SHA256 | 463d80df793bb0650072ecde5d0ec10e93cb1eb7b84bbe056b17e9b20c9dec4d |
| SHA512 | c56534c9cf712450cf7e04ed32dc569b0fb53663bb242ec87aca067b7fc67e7799057390234028b1bf568646db2ced61bea83df6a7d15c80fbbd7140ee5bc721 |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | 63d52e9b7765f3a15b0bf2eb79ec6399 |
| SHA1 | 1a7b28324d94e5777a07876639ea1861fbad6f1a |
| SHA256 | d99dcf3e58f90b2dac7f11e6286f2846cd690b90cba4a37e4ba3f45bfa2a78ad |
| SHA512 | c836e3dfec0ac9b16fe672ca5a9cb9988154db6ce508a95c0572b0da8c2e42c7a0cf4bbf786ead4939fbd3ae286c8f6225b361ffb9203d32dad1c85a556d81b0 |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | 2f11337240b72c9ab2b5d3d67ba917b2 |
| SHA1 | c525c790e68a93fe58f3654ef5c50b7ade9f47c4 |
| SHA256 | 15306b21283799b12830d9340f8520bb413838eaeea3d4f6d8b02e364b83ddf2 |
| SHA512 | 51d0b1df61d5b2e10bd80781592c761bfb173d36284a21f83c250029b71d70f36e8f32ecc85a55333259dc879e8c832a75b374a4b0993945c282e2abfefe496a |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | 950cb7d994cc2bd7daa2ee3a2b79fe73 |
| SHA1 | 0bbfabc4c04fc6bc3975e9d1121757c1facdc1ca |
| SHA256 | 3a56e96fd18a44d696badfb343c08cc96aa9c4efd10016c0d4c1a8f439c00560 |
| SHA512 | 5dceacd4b456fd54547078ca5ca3b463d323f09323165147c152c7fe948d175a1b693e574ee79e55342b8d076e27248124d91820a7a1d30d2cd9a7cc24c9674a |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | 4973c59cb54422b56219b6de836d6db2 |
| SHA1 | b906eff941584a62524bc923552d0a938447e862 |
| SHA256 | ed41aa31be8a2a14e8c66b3a0c156039e56d9d178f57dda487a4be52b254ee85 |
| SHA512 | 500f1899d736fb5c7fe1e6248b0bf78d666ad5799d3183417c4ea9b300c2c44459a6d2f7a8b66f245d1e70116c446f00b6299567c470ff054cf9b489190a8e57 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | 6d0c2b02c2455cbc26711aec5f378bd3 |
| SHA1 | 96b2e236f04c38a7719197fc424ef047f4011579 |
| SHA256 | ce1d3af8346a131a1fcf6988a8110016d3156e25cfc65055e18625408e4b7a50 |
| SHA512 | 460cc033828a40755f0299d706ff66ff6e3b5fae5941f977179cb4e9b5f067a5567f02b99605a28aa9007a8d4721865d33a47928961fb8576d34d24f3ffadfbc |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | f8ce194c66c3b51e6e8a86421106204b |
| SHA1 | 3e5748a7ef12a67615d51a49c4d2dd5697c380b8 |
| SHA256 | d01466a1eeb23c4b7014d6402f4f2c0d80b5a03a0eb519bc2f55f4cab0fea316 |
| SHA512 | a4966e9fc840f86eeb6b7271d75e89d1dfb8695bc4172977ca5015d819eb15b3ea4e8b8a31f868bc20c0b7c00adcef7f78449a7273c74cbca4ac3510f046c7b8 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | 082c878cb4c11a2a96b56ea16df10492 |
| SHA1 | 80341687b124d50de8214247ea9154154778afb9 |
| SHA256 | 729d324bc991e4e528da24510babbbc684530ebbfd311753801561364e076f1e |
| SHA512 | fb70cf9644bdbcee70b677f8f42d2c585c395de274a93d9ec6975f427e927827641665b37dd5b2da553156b7345b20b1c159e0d29babbc8474fbd408733686e7 |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | 86444a6b5e0448d1aaec1ec29692810d |
| SHA1 | 76ddd73d7e4c27a677ea21391aa9583869b86f49 |
| SHA256 | 86cd62d36e6f287c4cfd5d728906a4615106e33d6b56a3799c16c2239afe3999 |
| SHA512 | 0df6d79b11ce9aa1bedcadf2214f2ace8f26d321c8ede40d6976099cb9ce5fc0701dd102cabe155472e770ec6a27b85621c085cee3b6f17c0cafc3f78e8001e3 |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | ecfb5d7ad1329491e5fb16070f360e89 |
| SHA1 | a51c4a02ca6814667d1452ee4f146eef2361eaec |
| SHA256 | 01af80cba4d283224960c46acf875dd0b8b4be033c7fc6f42be65cfb1c63d8fb |
| SHA512 | d040a58974e1c2c506bfa14da3bd4395ceffe990f94890853d8234b8909402c3bbfa9457842e8947502c40429f9006ef184fa51d548d8255cc997b5aa8d8dce9 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | 1357abc6898d25f205c929a5db746f15 |
| SHA1 | 6cc92140c0c0947a9a61036b0ec5e43a3f786ff8 |
| SHA256 | c5d81636682b699f183728aba444b623d72c548e3654a008d1cec37254a9ba71 |
| SHA512 | 680b299731e65ba5df90f1b65635375fcd3f4795a8286ae456749ade8fe2659773b290ae0a9ce18119e29b6db06ca81ed3e5e3a2325e9901969e0b5cab05bdb0 |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | 9fe4e40b4eed63c1ea0af6aebd7f1edb |
| SHA1 | 9b0403318e219d3f583dbc84675a17776bb08803 |
| SHA256 | b35024167dd699a58e00d90c0acbdf059535e62fda5f8a46c822417f90c18768 |
| SHA512 | 3d731e164c83edaa20ca05ceed17b864f35b6873959d6c9a4b637d15e159267e0afa3402b02849a8db3cbf592d82a43ca829753a56eba814c90962a81e08da84 |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | 69c3793b180ee88adb8ea4f7cd1fb271 |
| SHA1 | 8c031abf58453af1390efcb6969c1627fea08f14 |
| SHA256 | 37f63b23d35e2947d3cd1fb20382deabc3c1a6bf759be080275a66570250b8a2 |
| SHA512 | 942c2e722061f493865c4de140f371fce7af22958726adfb891433f64a85a6813d64180ac1e785d20a0e3c85336747955635aba203bc72922b2d52f475232816 |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 9cb8a4b9b541e965d5d8e9614404809f |
| SHA1 | 49c2acfc2e6a61b1830d5a567b137bc4e6cadac8 |
| SHA256 | d6c2413b45cbacd91ef2c1881664e20c01f398726c4bfcbe61e49ddefba2c7e6 |
| SHA512 | 1f01083ad885206182051dd3ebda68e798799e18fee23b21bf02345ec97f86ae488e36831f703d641ce36ca369579a52d79e1956ba3cac9c32261a3857f6657d |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 8a1d2e0b05be8a6dfa66d0f272eb9df8 |
| SHA1 | efb2289007f4c0940cbdcc800f8f4e79f1a863c2 |
| SHA256 | 4334d0873145295947eacd117c789f561ba575287d134b8a8cd1b31ed8eaae25 |
| SHA512 | 33a4217e7e41817f2ee2fb83c8aeb45d247fb9b0cab78f8796cd9b28386876a67116db5d064352c98defc2b2ce75c3075f6eeb00278d5fee5764fc66166071b6 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 4b6f4a5b27c6236bae7c941edaedcaa5 |
| SHA1 | c644f30687d599f62f2b9307e9050d32cbdd7bd0 |
| SHA256 | cab827f006c8818bd27ee0d8434de590259e4322aecf6b07048cd8913e039b69 |
| SHA512 | 1f6eb41196b7c9cf012128f497094a48885284adb77cb7611c3836ade03e3a44ee1b7e2f66cee32e4ba993e50416381851148bda1abf24f4f2cbd3fa2ebc4192 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 260dc28b8ca88484fb959c634d7be19c |
| SHA1 | 8d267bac168a57770b81cfea99dd3b515f3f6e1b |
| SHA256 | fa54922620b505958622cf9ad6455bfc1eb6679cb3bbbad3fc81064393bc8d68 |
| SHA512 | 6fcde3909d987390754ca4c15544c144bde2281f90a5104729639e3e494b2b9c482c573afc59c43880265d762fc4be393b53e4411b609c3ef8682b120e985651 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 2cd634553378a18e047e2aff7faa74f1 |
| SHA1 | a16b048c480f89e0f9ef5def5bf62b2e7c0c6cc7 |
| SHA256 | fa60e1428c9803f679d32ba83f83e32412742f5ba619eb00b1100fed232f39e1 |
| SHA512 | 6a28feb571a1acef66770a2dd9ebf7f867a8b3beae17b4d3e9f2235a5087d086a695fd154cb95e9c437d1fbe1d602415fbc3736077a1438fd3087928acf1dab5 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 1b05b09efdc320a155bfb790e0837ce9 |
| SHA1 | cf768773d2014b77a78ca06352819f0bb6590ae3 |
| SHA256 | 2b03238da38821af02ba61ad919a155c2bbb95e06030dfaaee23f4b2a31cecf3 |
| SHA512 | b06aa1ea8dd4a8795dcea568decad47057b532a0b074c057bda656a24f4499d0e929f0e276cebe2ec4efb5bbda07aafe9a6b726a10d2e999bf9cc24c876db65f |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 6b87f1f2bc564fa337706a5d1857d91f |
| SHA1 | b5afca914bdbe7629cca25347bb616bed7e75792 |
| SHA256 | 569ada296172e5bbfa6a9d1bfb6e409acea77d677b4aa09ecaa1c6d5fc21ab3d |
| SHA512 | 34b93860ed9f58c7ac13260c801218bee502368ddebe519b66b26f43f68eb34e7301647ea24d0866b502e1816cdd851f4ae1eef0198ed44daf2265a960068e81 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 84eebd1ca750245f9b7c0376c430622b |
| SHA1 | 86d4ac9bb8f45aba3534d0c83d9825ddc2d1cfa9 |
| SHA256 | 43928e3b8fbe5887ff1dfa54cfee65df06ef0bf1690288d235478391ba51762d |
| SHA512 | 5a6c8bb00f52da29cefa44978ce8ef725a1fe21b0df5d5d1e1e641c54b99147ee1a131c904fce0f0dbb5ae01a0c2fc91ab7a18d5bcdc57070c33d55cd249fb2c |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 3bbe07f9d6ed9975d0d9650750f74f2c |
| SHA1 | b19def25b638734db3b895b296681bb7a972ad9f |
| SHA256 | ff20678ffef5e8933b03fc739da9a1d80d76599fb46c857a54c611ce08a28837 |
| SHA512 | 36fe649cbfcd9dbf08a06ca4805009ce85a1673fd5a52166df4b713d975976c755093b3e53e2358a9a4e86dd3cb2fe389bdb10763d0d6f5cfb07efc79d2bf18d |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | b1d8c7a4f7efdeb03d99b9918537f738 |
| SHA1 | 2a9d724f023bd9bdbb755aee238817135799f7de |
| SHA256 | d816b1d8d0ed7b4a76557ab67ad89402a8c0b78e95842b84c500de559bb9b214 |
| SHA512 | 43b799b9841e6caf69ca9184610c0ddb4c834c0415ed449b9a55952356fd47dca0326dc801da14321898eed414b20be41024a319fdbabfdf1e7d00f58fd13ad1 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | da1442979cf094a1d3845c3ccef8b711 |
| SHA1 | 11123267369e03d394971187152ecdc7a91e2ca9 |
| SHA256 | db2e1b00017dd2b6b4199c84f6559f78e40a303b5f1b6a6487ec9d992a2911e3 |
| SHA512 | 5ecafed93624077383f3cc9896861bf07d34bcdf4d4d91ebd4bea6fcab3fe44a38c4f07e9c1ad5e7c405c6d8a3f743a655c937911b8f9f19a93e85e04e9d6a66 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | f592d7a4ce03dd9aa76b89bb162d75b1 |
| SHA1 | aeb853bc0e776ecd81384ff6216b4a34058cfebb |
| SHA256 | b8308c7a245fdaf7dd4f06b2c51bd0c053a7fc1e6d9e301288bd54b622371276 |
| SHA512 | 303080893a23f37eee79fe8a934c5a5eb1f0dc4f655447f22de9eda35e6a177eacc80e53db07a9527594fb904eb5999f0a12454445db9bdfe349d374755fe062 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 45b3d47484e3420df7e974dcf5e7602a |
| SHA1 | 8a12e4caddbf01922f1bb29f400707effbf009f0 |
| SHA256 | 1d3903e23038a81874464e10b78c288a85d9fcab430bf39e1758b9e2d07667b2 |
| SHA512 | ba77be43bd10232056bd444cb458f5bb099e6a51280e8b4a265d50d27d74485e0e86dfa3ed02d22538e54e71d84400e5f92668c4cded3da5cf6d263425de16a0 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | ca512c995348827baaf581a455f94b50 |
| SHA1 | 1d069890903e8b2ee3479ceb0337123adecf3843 |
| SHA256 | fc3d61298b8741fe242aaac08f96850989b143545d91378febe9c4e0e4d577be |
| SHA512 | 0b74a59644dff05c24b151e7040d720fa1af4f72c4ab0a579962499581fff4e9a6891d6549140b9d12ac7d39c15297f46c5da813fafa4941b8f7ebcf83fa782b |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | def6b9260f349d338231cef8fa5b4fc9 |
| SHA1 | 5f09c4da8bfe8ce474c6eb84c82565e1baa4e006 |
| SHA256 | 4bf0f324ed7be0c2703e492d6bf67073e804867cfc808d8d044a16ac64ef3633 |
| SHA512 | 36b4f246e3e30969f75d845f5dcbf1ab3644446347854248150674f56ac121679972549a29db3989ffab21d0880cc66ee986a38b31c162b74dcad16ebbe1abdc |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 4e7b5c1225b6835f15998dc456230605 |
| SHA1 | e31b4f26d5ae0e8dc9c9fc760cef996c479e2b30 |
| SHA256 | fbf1aaaab7606b13bcf6962acfefe94f715f279bb3cd41e492ca135332eb1eda |
| SHA512 | b1f8263e6239c38c0acf38b9ffe5c66156f9fd959b91587a23aa6b3f43e1cbd59b34512236b81530b11464f54e2da1d64ea70e2b7799c78b89e62b43b00a220a |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 62180776a7636f5ac4dae38185717fce |
| SHA1 | c119503beee47a009cc2d78518e5329481b4b91f |
| SHA256 | d89f570bdd367ecd2ecbec2010f0b41d4202888f64ff072ba31b950763dce74d |
| SHA512 | b0b347d4011605e8f2c737aa6d0deec60a095e474ee3df8ed9d9aee9f5f3edbb0dc997c010d4cb7e81b0c3bb1b13af2cc4dd7b6e96bc5133d31fd42594126257 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | ca662d99ad9b0e7cdb67e8202c75720e |
| SHA1 | 91cfe73719c81f769e1646d4ee0db112f34fcf75 |
| SHA256 | 45e6be809d3fe8401334d8656b73ef870d9da344b9aceed213c6e2dd8a02dc10 |
| SHA512 | d03423ef0c85637f5ef4a564172da5e4e35ad82448b95f762ddf9133be9e7dac462460b4e5e24f2d8162ab5c6d8c378ad599c3c76bc3728f89b3ac109c6f0766 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | e5e3a4082300c8cb94950173281a0ec8 |
| SHA1 | 419f91618999384aa5532563db4eb841280c658d |
| SHA256 | 8e8b6b30b726f469a6bc0b0c2ddd580bb8dd594d0d198933ae8b2329671e7bdf |
| SHA512 | d0f9c4f8d3699f1da993c17f08e47f9bdc2bceaea54258604492d90ea5d3e4c42f276633225c334ca63310e66cd3222e3d657e73f650b72196b873886f479ee5 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | eee479f68eaeda43e33d5228358fe748 |
| SHA1 | 236cca9cb03f5519b5729b45a2f8826bc14fad2c |
| SHA256 | 0b15fe240a1c88643f0771926fa0b4098763f20265b44056f0ab65870c7388f0 |
| SHA512 | e89a685a7c92f57da843f5d9e60fa4cb2d04a14a620cc13fe62dbc288b5743d8aa7e28cd7d475974daac1d43b8b472e8de1d9a440d4ca8fb2c307e0f483b3a17 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | db864cc16250e7c12855d4a6e31a533d |
| SHA1 | 5818cee6b07d237ca3a28a14e1aabbcd3018af29 |
| SHA256 | 0823d7c1cf5bb9783bf9ab94aecd37ad6adf8b6509a00e6a033749aef5998bc7 |
| SHA512 | 6be6d7716505b2ad2c69d931656d75b0b52eee536dc9a344233905f8564226e201120727759e67cb6a41039273337ba2e80b7ec0e26f65d078482e0b38c5b968 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 95b094035700b29b3adf3b13dfab9228 |
| SHA1 | 653da5288740fb87b1dc1ee953e960f4c317b33f |
| SHA256 | 53a27605fe661ffab418c0dc7148d3ecd22da70bf27282eddfaf6a36e11cffe0 |
| SHA512 | 82c859e622ae5e612769aa499fcd4ba62e8e418b1f5aa2fbdca3d40d9cdc4adc5cfe925b36052680bac5ed633d363386d64f17085ab839d9a54313ae4510eb71 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | 684a6f5976750152dd3cdfda3bec12b0 |
| SHA1 | 1e1d9074170dfb272459032be98df77cefd209aa |
| SHA256 | ed854565811efe4583013a356028ffbcd8fc535dcd24e51a072e9ccf6b52ad48 |
| SHA512 | f313ccc624066f764aeda346dab319aa58fd4fe77b288f71a589afe99447746e29b0ff4117eab4ad9ccfcf362b44e5a7a0ab2f34f1d4896be92f7f12f0dc13a1 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | 171d43ee897abedccd890514c81940f6 |
| SHA1 | e98625a5b978b2e2d2ba941dc808b5fee0d7cb3a |
| SHA256 | 3798638d3216397223cb1735563f1e3d1396cf008b6c49f86e5f643597620a39 |
| SHA512 | f4e2b12a1371ced7a9a3e1f8f153601e1d06f4148f162dbff0c3dfc284f860b0c9b2aa65ede774ec494931ca9286eeff7258c019825371201d0234550759660f |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 86ecd53fb8caf3841ec01ba399877c89 |
| SHA1 | aa832f60c04578d6e6044c4c1cd6396b9c562157 |
| SHA256 | 0935e0bac262819eae51855855740d7bd8442672e2a7318922735b6e2f5aaa7e |
| SHA512 | 028975089a5ffa91f59f06d67b05d5f6654e019016516b2c3d54cf1e8898daa8560315d936669b78de6a0701a229468e402c2258f54e7a26d3fcfc75035a1514 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | e261df64874ff7103f216f6b7ca917c7 |
| SHA1 | 34aa4d51a2d839d6a75070555a155616f263ef62 |
| SHA256 | 1b471d5d9fb42c59a70135d3f7540f381b94671e919806fc27821c88723f05ea |
| SHA512 | 1462774b913548e5ae9ced38d72d9debce6fdfbc540ee6a39209217861bc8f927daeb62003d6b882350cdf1309e49c766f7df85ec54e0b79b24972561c750b96 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 0c07e47fd9ca2c967cd393e15391dd00 |
| SHA1 | 7db075c7956b32adc3e7dc0d629fb26fa62c2169 |
| SHA256 | d70531e1715bb458b59f9ca1b2c51bfa0938e53ff784e5422ccac918c62769a0 |
| SHA512 | ec3c2947359a28263610f63c2862bf7b5ec6489bd1b9d0098d72c848d0005e5555f0677a618c6bc5f550b29e97dac4d57b1f8514c95ce959c70326067ea863c4 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 89f27316c6634c53e4692944bd0a4e25 |
| SHA1 | c9f9fe74c74050083defe976fcf1095c8d07c335 |
| SHA256 | 11eb0a1cc010904cdad46baf78ee0e7c8999b58f54b722ae6a8fad29f03c63da |
| SHA512 | 58fb3c59cf6067a900df922ecf434d25c694b029ced596a38414141189db847760ada6f987f43b60be5bb0f697b3cbd492f6fc37c031b65fd667c378f6d77a5e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | c1d0da3925e57459874de0e46a6e2f74 |
| SHA1 | ebcfdbf4365ea81ea0c2066748227ab52a89f47b |
| SHA256 | d07808be8af5185a19a1cadaa13d8f16bced02fe02718aa2f42dab1cbc7ae102 |
| SHA512 | ae0c0cce28fd42cf3512ccb0b9d88c021d10fdd0ab22a17e6c20dc1591380c0c612be8ce7083d734ac243d36f2543fb47f89dc21dd54dba9b36742fb3f5cc764 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | ed729cdee8570f6632bd813b8f09a894 |
| SHA1 | 8fddfc7e0fc777b1a8e29bc0637e9a28e29754d4 |
| SHA256 | f927fb460fe6c06e94c5cea7858ecc6a12e20ae4be67b1b4b1d680fb46156c97 |
| SHA512 | 13d3aee6060afd6a3b020c0733d4666741d2a9373dff8b1a03b5d5c5bc1bf659761342ffa12c3685f4a8f62d496ba0a43d20a31c18d248eadca98a1415ac5579 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 1e16ad42466b45273e1eab677d4132e4 |
| SHA1 | ef791b0894e9e5f77b11fdad23f38f40e328e9b9 |
| SHA256 | 455f4830b9f350281fc054cc4488217149f50f867f394494c3e198d003205a37 |
| SHA512 | a65d3a517c89e9686886f2ff62264b087376038e4a0d767283cfa33cecae5af9613c6cd253cfcf9cbbd4c7ebbcbd1fd083a70e8fe584db7affc55fb7aeee9d37 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | bc1bae1eb9f37c707280a32fad7045b7 |
| SHA1 | ade980af41ce6dc6d39117dd878a40b059519926 |
| SHA256 | 26aeb4c997f92fbfb4f61edae74a7bfe439bcb3fb3204686391a0579d7a23d68 |
| SHA512 | 98f8077a2419b50247c9dc2a0c74de905a61923e783fffc8204454a99f3a931fd6d6fdf3903519dd8534f6214810714e8454154dc8b3d4b0c94f245f5719cdc2 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | d7229192654a3115d020dd8353ff2cdb |
| SHA1 | 0ae7623a6559f4404a82f2cd758e7e6faf747e3d |
| SHA256 | c55f0ccdd88373bae1ab84a02b6bcb6bc2dc4340450a656df58da3ab90ed07bf |
| SHA512 | e08b2427f1a75a4993848bd75569817a6a6a52b7e7681a6034edb2c29b40fdbb5d2483ee48c08b894eda8a433f456c3d7abae54e9c46b481705c7315d64927d2 |
C:\Program Files\7-Zip\7z.exe
| MD5 | d587ddc65e3b4638975cb5adb30669c0 |
| SHA1 | 92a04b3d496c05d941e6e3346c006900df43a4fc |
| SHA256 | 49fa38e5f5201072a866e73bca725d3d88c82a43a1472e4556d839161f53a0e1 |
| SHA512 | 6310cf7780cec2a2708c4d86a045bda8a5e256a00de85ba5f298a0be67e4915af4f180843e4178d4050238a11f57379b1c55d46a699cd374699183cd639e9bbb |
C:\odt\office2016setup.exe
| MD5 | ffb1163423655438f0616a62e6995e78 |
| SHA1 | fd361ce7127375da678d0e56403b0df4d4c7e88c |
| SHA256 | 9f8d90fb3f21a4c4733241e89b920743c3dbc386d60129b2300b76d99660dd8c |
| SHA512 | eb8c5f347f825e8dcb4861d0ee31772b619bf47c90d6c816823ae619b2114d009f067172d3ac78589abf519d119ed60d34977e831faa95e4343d36a04771ba70 |