Malware Analysis Report

2025-06-15 20:03

Sample ID 240530-3de9xsdh7y
Target 2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk
SHA256 c70bbf2d4848219ab56d06a030a693a03dfcf155f9866297b8cdbca9b1c73f38
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c70bbf2d4848219ab56d06a030a693a03dfcf155f9866297b8cdbca9b1c73f38

Threat Level: Shows suspicious behavior

The file 2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 23:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 23:23

Reported

2024-05-30 23:26

Platform

win7-20240419-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe"

Network

N/A

Files

memory/1200-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 23:23

Reported

2024-05-30 23:26

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\acaf261cb4b1389a.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99718\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99718\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Windows\System32\alg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-30_e793f5677e3922f04fbef45b3f9c5c04_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 104.155.138.21:80 npukfztj.biz tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 przvgke.biz udp
US 34.193.97.35:80 przvgke.biz tcp
US 34.193.97.35:80 przvgke.biz tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 21.138.155.104.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 35.97.193.34.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 197.86.237.3.in-addr.arpa udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
CN 112.9.93.0:80 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
CN 112.9.93.0:80 tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 23.154.80.54.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 udp

Files

memory/3924-0-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/3924-9-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/3924-8-0x0000000140000000-0x0000000140248000-memory.dmp

memory/2644-13-0x0000000000500000-0x0000000000560000-memory.dmp

C:\Windows\System32\alg.exe

MD5 20783bef54664e1586e2db174c7246ad
SHA1 595eade712537d296ac1c9b78d6254463ade993a
SHA256 34d841fd3f6a6cd1c5beaffc01223214d426052e8c345ee4970859a03d336e5b
SHA512 92adb536e369414aa175cc1aadb10342fd51d55bd377e69a110fb49bb0d41221894e6ebda85a59ba5b4e080acd2cea9b67d12f05be1585dc1cf9af1ddc7896c9

memory/2644-22-0x0000000000500000-0x0000000000560000-memory.dmp

memory/2644-21-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/2892-33-0x0000000000690000-0x00000000006F0000-memory.dmp

memory/2892-27-0x0000000000690000-0x00000000006F0000-memory.dmp

memory/2892-35-0x0000000140000000-0x00000001400A9000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 ff4cc37ac3e003911b766fbd5659b79f
SHA1 18d80832b37a38ce03c996cbeb962862737d5704
SHA256 ad37158bb85d8ad9ef9c4b15ac51f3f3a0795fe377e8c427f7421e4ea8c71989
SHA512 2fbc89e08eef5954491a1425744ee3b05fbc092c5c30547aa494a7edce40e1260eb745477006f91ad955af7bdee177bc0461f7da558ef599574fe0ba02effc6b

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 9ce8ba964c04a0f4d84ad9de0d95737d
SHA1 f59bb765c2964e84b6d0e6bd8b618dd71b50922c
SHA256 17dd9711717675af2531db3012be61badec916ab5515c8be5b530264751eedb7
SHA512 c9e6ca3ebe405d2cd6ae3a93ae480b4fdb9bcdd6525d56fd6c5c13c8f0a53193a644ca0e9bb3c8753adcfc0dd611fa9e37c3841fce0afc147568b5cc70cd4a1e

memory/2420-46-0x0000000140000000-0x0000000140135000-memory.dmp

memory/2420-47-0x0000000000550000-0x00000000005B0000-memory.dmp

memory/2420-38-0x0000000000550000-0x00000000005B0000-memory.dmp

memory/2420-48-0x0000000000550000-0x00000000005B0000-memory.dmp

memory/2420-50-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 84dfcc2d447d0d6011515791e0a91e23
SHA1 bc6c19c009fd4205a45d626881a9754aa480bfeb
SHA256 1501728273b1184009458925efd99a7367d52c151c859931c00ba0959c851a3e
SHA512 e5f3aadd1e04fd4b851218787c948ffea26f75e3fbce69c3dfce1d220b70dcf97e71bb9a0d90d52473de5f08dd6a505f7c06f6b4d4ab49ba92a08d6627c9ec30

memory/5064-59-0x0000000000CB0000-0x0000000000D10000-memory.dmp

memory/5064-61-0x0000000140000000-0x000000014024B000-memory.dmp

memory/5064-53-0x0000000000CB0000-0x0000000000D10000-memory.dmp

memory/3924-67-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 c0038b4237256f55e574fc9c6cd64c71
SHA1 b5c46b6828b0fd9647087afe2a6b39697622ca9c
SHA256 b3edb3c61311b57f9e9fc765d18d7f8f8d9cb4499baa6afa4310468bd225858f
SHA512 339bbcfdc3ec0ce41713e7e191b236d44810f53915b527764df63d679b5864f5840b2ae308a9fadcba9298d9b100f075ff8a35b4b83ae297989bb33105b1e5cb

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 e626909394227b2531fcb8eef5de8ff5
SHA1 339fcc43c063ce577ada30729a659393fea5724f
SHA256 1c4372cb8df3876567ec3e705f98fe695ed9c4c7e5d29c5c9899e5a8207cc284
SHA512 f22a5022a0c27b6831382c8539e012cdc4f9e517a269edf5cbd0b432a062da04ff872cdca6ae1b8cf36bf1d3cd191af8dc55b69b6f3ab0e50897b25bb8159060

memory/1840-81-0x0000000000C00000-0x0000000000C60000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 e5468e77dd557c7aff4f759d8f103802
SHA1 146a3b25f4fc5137343331789e10c2cb8744d45e
SHA256 10da339a0026828f5e61e7a46ca636e61cc5133d4dc3d388cbb7068d4e83ab69
SHA512 06b706ad41bda090b422914c323ca0562643a74d8736c3a6ace3fd71484b1317f669858679babf77e99e0bdef1349e809f2693a9f5d4d32ddad59a8976d04c49

memory/3248-91-0x0000000000510000-0x0000000000570000-memory.dmp

memory/3248-85-0x0000000000510000-0x0000000000570000-memory.dmp

memory/1840-83-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1840-79-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1840-76-0x0000000000C00000-0x0000000000C60000-memory.dmp

memory/1840-70-0x0000000000C00000-0x0000000000C60000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 76a11d8e1357d62da1306c72f58ac40b
SHA1 5658d48eedffd4abad984716637b994e5fb20f6f
SHA256 4d5803fff0bb78ab00c3ac4f4da680c4f67eda877a4395fc0a2d121bd0fcc179
SHA512 e4aa18db54a7b767ab63cc715a0cdd9a2f00c5e9b5370f4db60fe063ccdd1544a3641a3328377cc22d82f2c20e00f730312ff1753a34334ad60ec72f03c66812

memory/3248-151-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2644-252-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/5064-255-0x0000000140000000-0x000000014024B000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 be0d69a1403e11448f26f4c3b8e7272d
SHA1 336d62d341f3bc3de71aabcaf215d3e94ae2f705
SHA256 6e754ebb019d8eeff8bf6efeca9edf17175f809375818b67814a3f8ae16c2850
SHA512 96566278c3dc108ee59674af2566329282adeb8c011c23fab9fb2538e2f1b43f48f5264d5207283cc60ec31cc5a71f90de41df311e1d1b0038b5163538261478

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 399b40fe0aacf1a730fe79c21362aefe
SHA1 a31d505d413049a0d48c9ddef154ab447a0ceef0
SHA256 9b4a8b39d4594119fabef1b752534df57f7bf894576389e39a685c74ed658810
SHA512 18d804832515ca0f74f5468a98c9fc0dd16ea557f7b3cbe9bc9df7f1ec5886c9cfe320b80c66e2bda889df17c665f4007ef3ba7f708d6a2a23276468dab10884

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 a65572084457cedebbd301963091ee5b
SHA1 727b809187c2f5ba53f6015fca4b639cedfed7db
SHA256 81367db06ceb51d5f98e5741a7cb7bea1a85804a6b9b2ef49c0325f89946970a
SHA512 772cd90c225d47c98555a6ce4cea48752f8af979c1301c71eaa39091a78355e21a81066530fc5bd1d5b34f922aa21a94449dfa9f3ee536db7ed62ee091171790

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 3d84825da00c8f47cbb6e2df53fd225a
SHA1 4ce08d6ed75ca8f4d277b0a5ac667166a2234eed
SHA256 8a58d2bbeadb11f50898cf8818195aef54a00e6124c96755e0a945ac81e35c23
SHA512 89d0a37937fadb406ac96b3947a45f8002ef2bfd5059a7e23f291b83d9381887a66485bd6a9597daf6438e269e14f3ee3a7c7509316598e59f36feab5d820311

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 66a524c0c33299fff13fe9551daf0df9
SHA1 61f787c5fd499674a6255ca800ab0bd4237bda96
SHA256 2b86f2793fadfd620aa457006c1ef231181910f32fde01287ee3685084318b8a
SHA512 135dc6d694fa7439207fbbcf1b44f09ef85bf775f46ff792b557e7a4f65862d462422c6841d7d591b25dbb31d3f70b6e0bd0fd1c93ec51fda3f7240f29b61efd

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 f7dd963c752befc31e5b8a5f79fa32ff
SHA1 5feceb4c411705bf63d2daa04957f5e4ef5729fa
SHA256 2df38506046814c13834126361c68ac81422eb9f86f80cde1d3c6fb25d141cfb
SHA512 e1912807458d6b00fbdb234ee9dc6d513d16060aa4caa459533d930c991c449ffe17d7c75fadc196c59fbaa1ab038f21add61e14c947959ee66774bd02c9172b

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 1535bbb7e89d6ce1fb1463f66e30c519
SHA1 8d8ce9ee061f661cdb3483d79139b4af96c0b27c
SHA256 a692cfe11e5cfc915f109f2695afaea53d107e8eb07d0e893f7a20212c294a23
SHA512 7b6879e7d51617c3cb92317d0e795cb80725dc97bf5ac2d4def16fe0b273a5d1d8f268eb3bdb074bcd40a5a8a04f8f219d3e02c3926ef9b9a55e1320c5c6f603

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 60b1e0d67b6811465264485650705a10
SHA1 53a265cbd4f579854cb0c776888e5b03f2eed005
SHA256 11b1208609d87132f25095eb53d936ac02b897dfd6de291b3d5f93cb6418f679
SHA512 14d74b9a20989af1c006fe4aab3956c3522e4282d18a0de9f5918748142e6ec8ae114b1f242b9e90b1ee62960fa408ded96a4c9b2d115891b2c2071d27519b92

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 ebea02255cf3f0c3d705aa7dad58ca15
SHA1 fa7b2cb2e9bf546fffdb4069d6400333b187f510
SHA256 40a7d16509819061ad7e151c0b5c600cecf45376f50f84bde526a40f1a2869fa
SHA512 21aa45eb9df4d2d05c0974369b0aa58d3bc7e08836dd10cd7cf61b52557d2b4d0ec7184fd896ff806db8b82c41e3216ce9ac841d772207efe5337f5affef3386

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 b38f4b4cbd730333349f68f7eaad000f
SHA1 d7d8061d8f8f38921c4731348e1bb8976446f5ac
SHA256 4a58160c061b913d3dcf4e983614b8d0da5aad070e36506d0bab2dce92902b58
SHA512 4e68dfdb5b943ad35d2bb03a0eec9274e799872d1b2428a3d3174da71cfdce269d9db77ecd29732464c1f7943c3c2092660d676c477503ddfaa94e6e64ebbf86

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 e43083626db5eaaa37d4c7b5903af775
SHA1 3b8811671fddb0e3631df59dc92b2041308765ef
SHA256 f40579dd6b5956e5a27e0f816f4d2b7fd7883d438eb4925e06d50e9681108376
SHA512 487afcbaeb99eb486b981cc96f95883d745e9689e2acaa08eed228463951c60230bc1c855941dd5c4e5b68a2608cf2e275e92563c1e5614cc4ff42f325b672b7

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 38aef605ad29f4bd691690b48cd182e5
SHA1 6b0d672d5eac35dccd0f74ef10a3c45660bcd65c
SHA256 2d75acc2c850cad73351dbd6cde6207b01f37c3c6362af23913dbbcb3a8ac9b4
SHA512 dbda723e646f3940fcfefd33d99ebf4c0466576aa4aa2bdcf89e9e690cb3a3d7d033b54920e9781fa1f3cdd63de827c11573c2a9927be946283c39c6854ec29f

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 c2b2bf8e699cc7971dc4d994e3eb4973
SHA1 29616870db1741d47f9e911793baaeb4e5aa9d20
SHA256 21b93e6c155503bfcf924547fb968014cde9feae91fdab961371b991307c02a3
SHA512 af104ec135609da73b3f42ae2ae032874ec98721dee4cca7b87ad9cf983eac9b41ababbf8e0d5e3e5281cf36cfe0aa8943a9f17e87f01c01216ec2ca281dcf3d

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 53857812a2fe1460a4330c17a735a787
SHA1 74a6913461431b3e53287a2e8a8239e1de457cf7
SHA256 a9462b87b0d86b2c8cc4b612a50e5cd878532dd2f48a59c0dc7a073935e8893f
SHA512 2439178c54d3a0e9c4d58afeb159b6462cdb7b7d636c34b3c94068f652b498d1ad05ea9cead83948553561edbed9e31b6d473d6ba46366b7087713b2a2beb051

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 d6fde33396d95ea335b1c6a857e1e4c6
SHA1 d5d23174d547c11602ee9006f3bef1b05a6aec78
SHA256 4df692e5f7143f5eddadafae492515c18a5a0ff01ef7b492cf7957cd67a7f8e3
SHA512 db2fde8ef17876379fcfdf19701147f2dc0c98c08041c84029a17fe4cf6f43c0744b3928de6f3abf5ca514276eeb38c8f0c88a0f696649ee23a2dd81dd7d56f1

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 cc4fc41c27aa5a24d29cf638d72a28c0
SHA1 50cfa6b04408cc07b8f73a6c70822ee46ec93f50
SHA256 887a9b0f70709dbc8fefd515ae091c7697e415e8458f13572bec3e2b097fb668
SHA512 e59aa0056b674cbcd2fd3228c9679fa43cebb206df33bc5e4983ef548fc97e01108b7ac1e08da0b4526be8264e4a042732754edf5faf612d35a0cab7587fec5c

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 8030287aad2e39c92d3aff7d8a18edac
SHA1 049af3c5b0b02b5ecb15b9cecdc7d72e8a7c5de8
SHA256 9f4316a50cb025cda74cc216c2e66bb345ad8e23e461ecd7d98c5766e4d18a3a
SHA512 d65ef20e324fada9151c66291bb125e176a18d8e2199051ba8e03e95f78e664512d4d5049574a710c872740c3efa760f40ebe8e3c34a4e259d70da395918cc7e

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 806c5b0e6dc3af9b8e7104b234257c82
SHA1 6c8900647e7c1ca91ec2f47d4b5fb9acb58ec944
SHA256 47a676d9289bcde81d2a2ec4eb83a5796175fae826115b9b0204665e047d275e
SHA512 4628f00929302f69c36813668844a65ebe12c5942149121fcc664515bb396ab48b3d08782fe45cd6a14a5d7e6915a968a5262002ec5ef9aeb098324a3805f7e4

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 8a0a523ad532a1acea3e1225778c024a
SHA1 801fd3571a8766ebeb4f67f920643ca0123d0789
SHA256 8375b07356e99a85a25744fece73080d418b477596bd1e519b4c254fd0b6b296
SHA512 dd9a28eff52ad368eefc1b62308f800f53f7873e6153066468f8c30e2a3f3767155982848d9a65ce29163baf8dd0a1578daf86e2e97ca1f8afe90cc65a7b2e75

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 73f96bf06220ef82467316ff1e3c195b
SHA1 8029f4cf35090b7a589cda1609d63ffb8eff23b3
SHA256 61f65676aae45291de484a0847fb35910d59aef867909edeea9fdf54fc70e8a5
SHA512 f2fe57a2c1cc0656f0ef0628be90f6b2ea31bb392cdce1bc8f0c538a7a6430a6b97cba8439c833d248e3762ded91c308a66ceb7a485927685a2c663267cca188

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 576932ce28dfc3b57f783a750ada4afb
SHA1 b3484167c29f4fb17d3024e2802be33869f0bd80
SHA256 8ecbb0dbda18106a2a1d8246099a1eecb2981817afb823f7f54a339074e26b0a
SHA512 62740d9e0992dc472f9770c37278188f710434282593a8622740d1cd14ac7f6bddf44570f43d6859ff32497dd76ed52ecbe44567c5a5b076804302020426fb4a

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 0fb8bd6b611ba23193939365d3ab09b4
SHA1 8550ec810ce7b6de342e94c460f81d2b9242a180
SHA256 11b65bfe48762d670e9c45e16aca96506ebf5f198d93fbea0f41901d32d8fdd4
SHA512 0e2c1318d253e0d11085568e219b9b05eaf3f57a6cf460ba2d5bb8891d0dfc21506392491719cd1eca64338263abf845b9808c3ae0de56f97c9d88cb2dae065e

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 b8b3cbad96a5843aa892fc664d7340bf
SHA1 95fb631fa138548a662b6f4b265199a4c1ee0f06
SHA256 8e0fba31f2bfd928698a875ae9204ac9252ca4bb0c2503facd5eafde974383e5
SHA512 adb8c85809fabe97ca4ec8645f5879c7def64f89f64ec7bc12a99825811ed5d22338a05e0e3664c9e0f05a17c8fa5f5bb6a7fa71a9d5975083076a76cbf77123

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 0024ff8a6fbc3a34cff7b2c7e4dcc4ec
SHA1 237c7d505433ae108ff7c2c18ac0dc53d9711074
SHA256 63240d20a397b3e7e7b1732e0214434db9f9ce6fc7091afbff84a206844e67b9
SHA512 54ea98f78538140a0a363d54604488b670f360ef2e8a2b6fb51596a9fde5299e349ababf1e1430738d42ab88bfb97a2ac5d13a7bc19f50589a33863b954fc4d3

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 004cb477e368c0735279f7bb3b63ff4e
SHA1 fadb26e5dbe16c4575f6cb24bc9c5f583e91f78a
SHA256 c3b3c7ffdae1ee96edaa5c854c2c4254973548f64715e949cf53dfb7e1ca5093
SHA512 65d7d766536e4c221bb700abe39424ee07d24f27f9f10f419b0448e73c9d5fafd93df919f3f43538feedb6d965dbb448f3b375110b0d9f1664658cb275bb2336

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 9e64beecb089011d5f921a23b0455bbe
SHA1 e04270cedc2a67ea1016c76c93def3aec914d964
SHA256 1ebff1f3d127499ec6622c05f35d3aafa94f9280bfa321d366f54b3295477468
SHA512 f9f43916073f471fc1470a4f80f8806b3f4357e6e3f438ccfa8795c24a72dde0aba18e3f27f960ad27af93192a4a4bf114a5becdc9af3a41d6019e8e52b52cb7

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 3c8ce244f255094945d130c558f0cb02
SHA1 4ae903aefb254624dae9c7db614ab92087f5d0fd
SHA256 a95bb8902dc9ca0039468d664fc81922ca7a7cc97e7bae261b4ef41eb2c83acc
SHA512 a452f9f08735058f7d6af4d8d6440e109f3feb687ac7d33171c8c0be1fc1cf377d0b9ba469163855ad5ef10f27c049999ab7d7d17c94466ecc07e3e836f5e7f2

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 8736f0071e5315414e00c1b981d1d456
SHA1 d27d28574c4fe4b800afa940481b8fe3937871fe
SHA256 091098d1bcc34047657022f0b5e3cbf31a5bc525675c0c546ba6169aa688d068
SHA512 fe0fa42740a4aa785f95ceba0231ed3abe16fdd77aa0bfe347efb7a1dfb9423f97d30d59dc51c49f92d02a57f952ceef9d1520a4d1d38d4639450b18d96e8ee4

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 24ab5ce42614cf0067830126ce09fc83
SHA1 dc354df1a8a1506bcf230e1530599dca6bcfd9bf
SHA256 aaaf933cf537e097f8cc16e75fc1a5a94b3cceff0c297b68e60935a76dd550dc
SHA512 f31cf69535a4856a14822e32a9bb40f6a2349287b5351f93029a8dd72611223f84d62b52008ba0a0bdb9b9671f72ae871aac9b74dc70b651055af75c41399c5d

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 95f153d0ee4d407f8fb11e8ceb7cdad6
SHA1 6855bd4792d822c387ed5799c18681c4921c1f59
SHA256 c2866b9f4db6e4cf62f5e3a93ff2ccac6702ee6425db7850be7b45be9b6794b4
SHA512 39dc69a37f8b8915c23a3bc710700abbe7074a3f2f6634bdab5e45a283a71f20e93806aeff8f735f8ebe9885e44b7f2f293d8344b04245367e4038c1d9a8e2cf

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 ea1e512ff9b5b9b2effd846250306f9e
SHA1 72cda7aa07efd3e82a7507a882348bf40150bbd8
SHA256 0755ddc3c7b1c9e63d5cf03d95c4be0610e936dc836dc48ffb8adca00bed2b37
SHA512 d0dd2e3f5a4b42c93c0a439a9b7504db82944e6ce12a9e5a194f64c810dfc29e122f474151a30d2fc77970f97cb86dc5671f86e5a60b8c049d31d0ede574c50f

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 d396b56770df5b1a7dbfffa81929f4a6
SHA1 f3d22901db50bd45aac751ec2fbdf2627d3e91bc
SHA256 201e7d0c40e184b827b893fe9d22325cc5284b5b0a624a8fcec53b40b4b4e4f4
SHA512 4b30509ed78a3170727a44882cc976b3c25b341d7c6bdf254c3bf0812c53712dae81f8ac892141d9dfc234844ce1ef7171f0d3c5865aadab420930bfe0a4900a

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 33b882c9ee31ad4b44d221781671c73c
SHA1 a18c15a0b805ea61914ff3116c712aadd05a9c44
SHA256 6b840f36de34887c42b400fa0a8c8bba61e1cc522a7a278407de4b1daed87321
SHA512 1678229316c6e55e9319f7f1faa278229045e21e557348c384356d5170b57267b571aab80bb78392eeb255f35b7ace6b8d28c95d17b9cffa930203fe53c24420

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 670f78a776452a34022e9e75cc3110fc
SHA1 1235a4d1bcf0871db085d9cc44cc2a752b589347
SHA256 13cc2a02e28732d3d895287db55cb47a5dd21bf5dec96e5bb348aafed3510c62
SHA512 138f3d9b033a3addee6e7c5f5c4a10756133ad586c35433db6731650c00da61500fc9932a55b300d6ff63ce3181ad92bf816f07ad68588873277088fcc78d845

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 e47ea953d6ba4344f279095003aeae30
SHA1 e17fa8ab303ba96609468e7cf9cda37f94488b55
SHA256 9498ec2ef978c5a23616224be863bf72a167ac30f5a495f03d7265cf6588d831
SHA512 92b2197997f33d4aaadd59d874fa4cae6ec736c89b2f752c214bbf344fb3569695062c44cd8b96872685f5b07306547de350eca42e862b5674986c2cdcea6581

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 f7d018dc3cd9d879cdd626404a0890d2
SHA1 fe6677b2baa2b076fec3a6de11d8b7ede36806c3
SHA256 4464a157c3f2e5c36590c1a59833bf5b97b88b88f4f0f42a32958bf890ebfd4a
SHA512 194f331eb94b7a724a08bde020a8fddde3f68abc68cf0fefc0bfe0271563722a22245f098a0b9a6a021525e3a2cd45daf04c21745d380fe9cd222cef5084eabd

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 c3c11e9c0e0ea8ff3c07f5c0b0f60fa7
SHA1 7b43b15d7d0ef4db6f8b0044aaedf7bd481642fc
SHA256 05c4d50e66b164ec39aa4b2e9e50f91d2d4a576d500d740df39a04d33b7ee4ab
SHA512 8cd64834e77946e6ca7ea041c42ab4f1de1a955777675a9c6be0617e4023fdd25b5c63610961be9f447553268da71d1991767ba9d3a1cbef88997fb7ebf1ccb3

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 5750f3829a1c6ab225e31f038ff07b5e
SHA1 297aed7f560aa8ae9aa38ad878f881e47cb43b95
SHA256 755f3338c8754a8116bc60b19739f06c5be84c4d08fd98721c3b5e71b3e259c6
SHA512 8c1957775d9eceae48a4f3046b5e70309340787accdfb84cd0e278e74fe4039c1e6adcfd025cbdcb11643bd8a300b558a1a0e46825f587dc4fb52b208e48e4f1

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 159f0c1b43133a763a1fc4cf85d4603d
SHA1 f77ced36233d85d04bca6310e3ec816c1c09dd33
SHA256 eff0ab302b54c4453b953c2db7ae0967fed7e28b2390d1f46073bbe0578a8c71
SHA512 0a70fd06f4727e3177c74020e3e7fc2188d6a89daad1b3ec27e437f9fba9855e9104ed4fe783c7ee303cd8f948687dd0cd9625451480f76341a97f01cc39eee6

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 defcd168ad2c5acbfbb343c23a53f434
SHA1 e1a14faac016e64e7b23667a2d57fc2ca84a2b9f
SHA256 9f0372e96d02296ae2bb541667d6069c02cba9d6af3c34d1b05a6d116d5f4ce7
SHA512 7bc2309507afd3ae056929fa3e210216bf36dbf7e62b6ab73cd8101f712ccfcd67aaea2f07e4ac4e875f97b39f6e0b77a31d4b94e0a67b3514744428d5d37e8a

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 f33799c6a9fab9939800d41adbbda8e0
SHA1 c705ed4200caaebe3bc01e69788c6a72acd05cb7
SHA256 feaf619eb6ec7a8b6f1050257456558b576aaa4fbe65c04101d1cf5a38d44f8b
SHA512 d9561f94d21f5fa509f3fb080cc6485ecf9cc3daf9ba5e746ff9cf2ae1ba8979643c01532a88eb17fb72d21dfd7fa39e15ff36ecb1a09b34a5e0423d8f80787f

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 90f232dc33cb1965f4ab08f6519257a3
SHA1 617f3cfafc9f259bc5b1e98ba677b675acca48ac
SHA256 da5a47b4f4574fd9e3eeb8a46027c228c42b170b5b4a8bc43bedd508cb7d07bf
SHA512 78528deef52405e6892da240159fa721cc30897d9c5c1592e1007459a8060380399388325912df597b6126d7f36b3df0f97709d73043f80b4b057f1f1f177602

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 6b84dfc7c3b769d710f559627ff08285
SHA1 082aca14988ebc84f90dbb25b8c1fe6a0a7837c0
SHA256 6455fd84b1ff6aa2021d51910135aa88af707cbd062c79667a653f5109d6f4bf
SHA512 370157cadddbfdb49c56a93fce46f290373c1520b65cf672a9adbea9daf90be050d8a34c40b9c1ef5b84d16642fbb170643996a6d80bc491e666f5fc862022d8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 5e79377fb68485a568330617d0f4ee8b
SHA1 3f2923c1060d93c5404387f2b8993e779fab59a8
SHA256 9ae961ef82cc8883b7b65bababbf0dd3f14970fad6d7edede928dd819a0dddfe
SHA512 56b71492c93f8ef0115bd612f1fbf6614cd2bbd1bf9995a7ac836a999d648eac333225fa3a3627a73685a7d9c0d72dd22028d0932f83b9d2d761402ebe78b926

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 441b543ed135520393c051cfe572914d
SHA1 eddeafef380d3dd7ee620c3c486312d349a5d264
SHA256 ee88a467c10a3113b5d3b3cb23c86962ec32c700f624d2916cc970584fdd9070
SHA512 8b995f41294ff529c50cdd72bc48889e6761ddb5199efb10a50d1945a4736002f6978a40219682ff05e357bf96fec9667681a6e642b710a97778e480cf706853

C:\Program Files\dotnet\dotnet.exe

MD5 35f5b8057e9be70dfeed17ce4386fad6
SHA1 31f0f3e63facc2333aaae682b5633e23f0d1619c
SHA256 1ddf515002d7eb7008b473f18fcfc3a1c84cd5c522f436e72c6697160db8a420
SHA512 c86831f0c1cc5ce079d2faecf9d5e35c9b6f31d2e5616b5bae4de26aed6afeb6f6de4a2fd3b474d6b2478ad8645652568e106f63f8f1e4cc89ace1579b5a6475

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 3d41c857414000d132d0cd64595c5850
SHA1 7641ba5367461a4c5727f1cfc8161d1302834fcd
SHA256 a7c2066c8203e5488f9cd57f58b6c88b23c9821a42076de2361b7fd98ac87ad6
SHA512 a3f9304b79733df21b99595769c12cb5e16dcbeb4bbc5b5dde3588f5c6e8024d19f2b15c17a6a7e981657a33ad7d86b1af0b780d9c15b420a0cf28253df6b9c3

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 d2a0c858d1852da8eb334fa49ed918ba
SHA1 1948ff744306d197fca6878b69aa00b229e09017
SHA256 e73116f53c34d03521fd3c8cb5b5a73f1bcc52854719e41bd0a4b890b30fe5f8
SHA512 fa325efe6385a588e62155a10e99f4b9a0fdab41656eeed4ffd67aae1c071dc16d7c1ad1880a33284eddd5a3a7fbb1973c64a2e101ddd5be221674e5f2b87b92

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 b10622494c72c0d267abb45953e49cde
SHA1 70acee4235b960ed8ee5f56ed779ee0e5c45b1ce
SHA256 51a2d579190712281acefb73a8cf9667703aaeda9851ca7ea98f603b7b534e71
SHA512 6cf652ff56f5330410bddb7d86442654879dd28f81fee218617cdae0915fb93572c0c98b598d39a68d2173fd8b5242286f2ba3123b60281fffd77b54548a91bc

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 17c2183041844754b5a79c7b4cd717b9
SHA1 714de2c9b312d9e2ae7601a4996ff408cc0c860c
SHA256 47df9e0419b83e6b526086e364ad4a9ca41f5d19a3e7c57ec79ee334997f1f5c
SHA512 a853ed7b0ad9a19fea89f78d6a8a74c97a06327e5915430c46f401310d789ebaf71e3fd4d55d0eb2e991d01f2002e64cc35a8a3cccc687f7c4f94553732b4c0d

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 9400660ab1a6396f6f0576d8fc8b5953
SHA1 f7a96dffe34208dc693ce20e942f2917d9b3d906
SHA256 0acab6b95622ee60b4bca376203febdf0eecfd63aa5ff798403cdcd0a01e885f
SHA512 43144e3cb864ac332462beaf5b748e8d1ce5ebd79caafa38e9fd69cd71be5e6b0e12d48ccfd43b950b9eb4f2428aaf64ec8cb32d3fe6fe95a485be56ee2d9914

C:\Program Files\7-Zip\Uninstall.exe

MD5 9e48a181fb6c95b13dd2e8ecc189a26f
SHA1 c897533e60fcda12e2da5cb9ab3a3a788daede2a
SHA256 a85fbc7fffd35a941b223f673740961382b89c59453b02386e42b5f3e16d3c45
SHA512 65ba39cd4497f9c7557c16c61abeb50d9d0baabc3b380b0c88592fde65a04689c75a0275b7e073f8af97d597539d60e060d914bd5e04b455eceed4afdd1200a9

C:\Program Files\7-Zip\7zG.exe

MD5 779d5c00165e1b563f0cef0a9542bd46
SHA1 6cef3ffedb99791714b6b021721f5e7addaeeb37
SHA256 0514bf22e71560e121aa839e3c0047bcfdee9ee9e9133b35fa95143b6e6f8613
SHA512 4e5bb12c7a316dc370340f0172cd15b97b50167b7178b302fce632e68504d9f5ba518a2955fdd00ef0e399a4fb4ff540076b9e0ff064eadf51d66b3f54413bf1

C:\Program Files\7-Zip\7zFM.exe

MD5 f9d61b7f52aed3c8a8cc27f9fae0029b
SHA1 0f40969d6f2cdf88ec272f3ba425dec4c8a3da2a
SHA256 397f7ba324656eafa4a4debc75363497d0266ec9def6f1d78db434f5b0fd57ea
SHA512 f61ba65f6377748e85fbefa04d01e8fa6fd3e7c42c3d5b598be959254f4af432d8b0c3200750a029e8bcaedfe1b7b54f74a85fbd8e7bb2b24703c3536797ad8f