Malware Analysis Report

2024-11-15 06:40

Sample ID 240603-km65wsaf66
Target 2024-06-03_3abd248a781722084d41e920e6030da5_ryuk
SHA256 51e202b16fcdba0b624dbba6118b0e7c785e90c5aea0f50b45e6c37633d3c338
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

51e202b16fcdba0b624dbba6118b0e7c785e90c5aea0f50b45e6c37633d3c338

Threat Level: Shows suspicious behavior

The file 2024-06-03_3abd248a781722084d41e920e6030da5_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:44

Reported

2024-06-03 08:46

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\bb43ca6ac3136770.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_104468\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_104468\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_3abd248a781722084d41e920e6030da5_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 88.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 34.193.97.35:80 przvgke.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 34.193.97.35:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 35.97.193.34.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 44.208.124.139:80 fwiwk.biz tcp
US 8.8.8.8:53 197.86.237.3.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 44.208.124.139:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 139.124.208.44.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 23.154.80.54.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 104.155.138.21:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 21.138.155.104.in-addr.arpa udp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 3.237.86.197:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 54.80.154.23:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 54.80.154.23:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 3.237.86.197:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 3.237.86.197:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 54.80.154.23:80 xyrgy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 54.157.24.8:80 htwqzczce.biz tcp
US 54.157.24.8:80 htwqzczce.biz tcp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
US 34.218.204.173:80 qncdaagct.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 54.80.154.23:80 cjvgcl.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 3.237.86.197:80 neazudmrq.biz tcp
US 8.8.8.8:53 pgfsvwx.biz udp
US 54.80.154.23:80 pgfsvwx.biz tcp
US 8.8.8.8:53 aatcwo.biz udp
US 34.218.204.173:80 aatcwo.biz tcp
US 8.8.8.8:53 kcyvxytog.biz udp
US 18.208.156.248:80 kcyvxytog.biz tcp
US 8.8.8.8:53 nwdnxrd.biz udp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 8.8.8.8:53 ereplfx.biz udp
US 44.213.104.86:80 ereplfx.biz tcp
US 8.8.8.8:53 ptrim.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 8.8.8.8:53 znwbniskf.biz udp
US 34.218.204.173:80 znwbniskf.biz tcp
US 8.8.8.8:53 cpclnad.biz udp
US 3.237.86.197:80 cpclnad.biz tcp
US 8.8.8.8:53 mjheo.biz udp
US 3.237.86.197:80 mjheo.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 jifai.biz udp
US 44.221.84.105:80 jifai.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 8.8.8.8:53 uevrpr.biz udp
US 44.213.104.86:80 uevrpr.biz tcp
US 8.8.8.8:53 fgajqjyhr.biz udp
US 34.211.97.45:80 fgajqjyhr.biz tcp
US 8.8.8.8:53 hagujcj.biz udp
US 18.208.156.248:80 hagujcj.biz tcp
US 8.8.8.8:53 sctmku.biz udp
US 35.164.78.200:80 sctmku.biz tcp
US 8.8.8.8:53 cwyfknmwh.biz udp
US 8.8.8.8:53 qcrsp.biz udp
US 34.211.97.45:80 qcrsp.biz tcp
US 8.8.8.8:53 sewlqwcd.biz udp
US 3.237.86.197:80 sewlqwcd.biz tcp
US 8.8.8.8:53 dyjdrp.biz udp
US 54.244.188.177:80 dyjdrp.biz tcp

Files

memory/4560-0-0x0000000000510000-0x0000000000570000-memory.dmp

memory/4560-9-0x0000000000510000-0x0000000000570000-memory.dmp

memory/4560-8-0x0000000140000000-0x00000001401F0000-memory.dmp

memory/2864-13-0x0000000000600000-0x0000000000660000-memory.dmp

memory/2864-19-0x0000000000600000-0x0000000000660000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 7de1c098ca235ed6db290b685b31e10d
SHA1 c2516a60ba150064b4ab3858511b079553068aa7
SHA256 a14d6f33f81351e013a026fdfca5e70bd2ff1db41330cee85ad47a993c626a48
SHA512 756fce27f17d2c5420e2ce028168250217282fd4e6d0164de98cc413abffe370fb818e23507a2e5c0980e9f8d8bb74a80709f7d7a9bc99e5dcb54fdbb2bf1efd

memory/4904-31-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/4904-35-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/2864-33-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/4904-25-0x00000000006A0000-0x0000000000700000-memory.dmp

C:\Windows\System32\alg.exe

MD5 081ec2482e9ac6f1c378452ad6a28015
SHA1 d5b228b0c79c74b3845fa9ac709e176c5a2d13e3
SHA256 8d16e9069597698bd10da743c0d08e83d857630834cff2e8bf60b5d270ac5f20
SHA512 e326480402d60587016cfbf9737c1a401f51f4f24de6c691c8a0ce04a4f6d41e79fe0a3d99810971067e20e443834d49b0ce8105e867d99976ce9c154006ee98

C:\Windows\System32\FXSSVC.exe

MD5 81357faabb6b7e70c84b4457978b563e
SHA1 b470c4b0ad696212b514780c2739ccbdb60dcd48
SHA256 f76f63052eb794c3d771695ba9c919be8bdef9485fb9fee533fc6f15cd1469d5
SHA512 401d31c8e86877235bfcbfd1c751edb5078429d6c51800a7b45e904140c82bf6accdc99219525617823dcca26423a6c30f3789faa9943f397e9eba9650bef2e9

memory/4684-37-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4684-44-0x0000000000840000-0x00000000008A0000-memory.dmp

memory/4684-38-0x0000000000840000-0x00000000008A0000-memory.dmp

memory/4684-47-0x0000000000840000-0x00000000008A0000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 80c95f41ae8650713b79163ec50cd942
SHA1 813a1770e00a2343411286c6e07c60a9eedf0a95
SHA256 1ae7b3516649d5b54c32d900607c5ece8ac2fa75ee16b176e97878755664412d
SHA512 8f6b7ae651468d6cb249e288b6c27c36ba9f753ed2cef47f20f59e4ad1bd66461d87a8b5920641f573f338cbcfc56335c41b18c6d9a3c7fa5718ea2e0bd16977

memory/2020-51-0x0000000140000000-0x000000014024B000-memory.dmp

memory/4684-50-0x0000000140000000-0x0000000140135000-memory.dmp

memory/2020-58-0x0000000000C80000-0x0000000000CE0000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 04b11c3ae82494fb3527ed70d34a0fc0
SHA1 5a2aca36c7398e9762aa34f4d9fe6667e14ea989
SHA256 585de2a57bfd669914be71a18d65c05fda50ccb508a53543fd4367c2d4a2c851
SHA512 0a574ebd0e91037f241bc521456ccd2c3d0c3d2f84be0a2a1580db31802c77d61f53f441acf0b83c24c89845c6f7d9d484e09bc4871d73c8c4715faf347e5b11

memory/2020-52-0x0000000000C80000-0x0000000000CE0000-memory.dmp

memory/4560-74-0x0000000140000000-0x00000001401F0000-memory.dmp

memory/1184-72-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1184-76-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 b08623afd3441fda3bd649633fc02700
SHA1 99b32b21174649381eca5929983c24c890e24af0
SHA256 c58d234ccea887eceb0ba5825c7f93a195d1ee75f0be190067c322000a435366
SHA512 1ee802174de11ba6705cda89ff71f9e10ccdfa1bd47e0e56d59038fd788835f4c63cba86fd2ebf2a61822f40c659488c617682917643fb54cf7c373a5b16027c

memory/3996-79-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1184-66-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 30afcadc4338208af7333cd67df62753
SHA1 5445b1e5e5add83e8a09990806a073503df589df
SHA256 c653bc3f1501c542aa0c8e8b8e1ddcc83e33e446f5beda8b00afde83d4b08393
SHA512 ea4b6589096a72a640c434e2aa92596973f465ebad4b5d936a3bf42f62cdbb838f37194f31df07d977f563be33ea9d7d6b8457d62c17333e950c36aac1f9d787

memory/3996-85-0x0000000001A60000-0x0000000001AC0000-memory.dmp

memory/3996-78-0x0000000001A60000-0x0000000001AC0000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 6d648fcdee0adb76e6dc3c81e872a316
SHA1 3eabfc004bfc0210037005751bca8d173435c471
SHA256 13319ebbe808b49209866e1edc613cc993b0c1246ef0281c3544c726c2805316
SHA512 502cc9f7ac804e9d285df7b64b0c78fc92e061d2cafec51dda94f872dcbde22af12bb151af3bfd2808522128c193c2477a89b09878995cb0e8b6e1066b828abe

memory/3996-90-0x0000000001A60000-0x0000000001AC0000-memory.dmp

memory/3996-100-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/5036-101-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/5036-93-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/2864-260-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/2020-263-0x0000000140000000-0x000000014024B000-memory.dmp

memory/1184-264-0x0000000140000000-0x000000014022B000-memory.dmp

memory/5036-265-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 089ab911b041580bb1d9ed865383c66c
SHA1 7c5fa29840e048863fda2860ab8ce9e8c6d50020
SHA256 e5f2ade71b96bdc24eed177a008c90cd6b60a86aeb60a1ec606673638dd829b3
SHA512 1f383f015096f9806143223236a6ed33733a386be3ca091248682ba9c59707537d6b2b36e875a8fbacf999e3cfaf76d704f152474511314c273c89c6725b54a6

C:\Program Files\7-Zip\7zFM.exe

MD5 9c082ecdf146e96bc7cbc208ef179612
SHA1 aca8b7e51348f5fc4b0c46cd1639b85ff893cc92
SHA256 b22ed2df90494b5ba46e775800bb681ce504a685966114edc74e36ba1ebc08cb
SHA512 005f06c5d5c91d0633739763cefd21a8b4d2967f67c61623dd887f8160878d4b342ae4e98e124ab3befa65d5dee935b15bd425b9b2b2e9c253f88e866e246c0b

C:\Program Files\7-Zip\7zG.exe

MD5 eaa944f2b1c0ceb52d85bf1a39ca044e
SHA1 a6302a7c5ac68a6ef2902716ab014ba491f24770
SHA256 7839b9002df041e14095db9b4d6287e3a9b5426b0441093785fec3cb9a76c0ee
SHA512 0496ac36bd6475e88cb2a6384c184b4aea37f9bff22a0a3384e9c384a094512b5a106717cb61247a1255f9a48b810aeb33048c74206fa8040eee460915364350

C:\Program Files\7-Zip\Uninstall.exe

MD5 0bc25118df5f914e5b013cd6b277ec37
SHA1 b3a55235b56aa0c6a3c0de91995897b24e8aa7d2
SHA256 2c4bb67d6b7849ef3c94dee857faba96dd55bfa22c35ce3e3446a24a8dad1c49
SHA512 048b2b3b03876145b144c2a078f03dfa3b5594257d33ca138cffd8d339e74aac7d16948f5ae0ae69deeea3bf873da9ca17b9d68f817c0edf266fe535c55be0fb

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 060ce5445f9bf51eb4795ce1972841d5
SHA1 3fe0f004426ad50c2126fb891ea1e9de3582f43f
SHA256 e3f35994e7e96f3a20e0ed4eb089aabc14a9e577ab9412cd0a489ae7ba5a6f62
SHA512 cee96cd5ed4a684292fed62ae498e4944a0a7aa743178c2e49b9cc1edde028798486bfcb305bf62678708da446b117344b3f892e98eaee94ec7da47671d6632c

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 7e7b9f707d34cdd27a52fc03d1e4c615
SHA1 c9255114373adcfb47b2c215eb11668debb8d1ce
SHA256 f9fd26b2a604dddf7e63b2211d942506fd5dc47734d4312381f9211d08cf4435
SHA512 142fe986f994f082df2bcad6b52db68fca7edc7d541679fd5ed061dbcc1322f990eee0f235bcb4970c470d3888f00b7dc89c02bba042eaa58f684530a4a350a9

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 9b2a607751924fcb865b3a8a37d3e26c
SHA1 f36c40d6e8a940118ed78cfc90c97d3d9591c38f
SHA256 07ae427717678213fed791d61c2568ba1e4410541423395e632cc2648ba1ea3d
SHA512 9c2f8c1d94cae78abd760cb029a115d137fe2b69123ebca21c98f07d7a3d2e00bee2b3f2499b3b7f4a2b632352cd8913567686ce1e98a95388b69751b59f056c

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 ba19ff829fe2bf18a182936e8cc1725f
SHA1 4392010a03d0b3549ee0bbc50aed330b388184f5
SHA256 8c9b16019a0ac78f26925bd13e55ea0444b87e6d10b0241e34ff33aed87bc77a
SHA512 a79a8576a8ff16c2ef0ef2f62cf5c7c69a3f0be83db713631ce4834806dee730be8bf94215636ebaed845b64670672ed03090ddb4cae7cc618958f9c24e30d3e

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 9c15dfcceae298d246354263ba608915
SHA1 25b7be276ca66a1438a871052ad80b904112b4f2
SHA256 b42dd61b44d1c4eddfb3bac7ef9bc0639de1aab317c314dc8aec4e3d2b28190d
SHA512 870180b61c37ffe9fe9a468486bff3c63eb439b70fab53946c9dec2441c499201c65f5743b5de58cae179eaadecb13901c86523c96cf1d371c28359a9b27e986

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 61fe637c8dd7fa3787ed51426bf3cc4a
SHA1 98ab2f57bb34232abe945107f6f835505b9dc45a
SHA256 e72a7c09eaa17a06f8f718ab6f30a41d8aa6dbb750a3ba665edfb685a47fb1c2
SHA512 d6add966bcefb202057763e74264fb654e231356828ffe9a07736549945a5d1f2778b7147e49cc001ba53496b6e92491de28f9718f5ce5b311d019a138805bb3

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 cf76299fabe26cbaebbd611cb90854c6
SHA1 b9c45a44e21700fd2ca64238cc8b27c2988065a1
SHA256 3ccda16c5197c8510765e80e0b94a81d573e2b156947d03314e194f71b393f67
SHA512 ea5c8d7cc981be4f73b555cd93a08826904becfb8ce37eaf939e5f86da021d4bb06b3ca4575509a083130052531bc46d09f429fc6410ae7d2cfdce695af56938

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 aafe0afd0a0fb82ccb848aa67d96d648
SHA1 3966014106e22d04515c23ec84bf9385be132c9e
SHA256 d51c6beea4c739ab8a20d95bc48d852222cac5a941c555583ddb8425c5fb2232
SHA512 2cc1f8e061657968c6b300ee0d904ba6a15923a7bc7d7bfde1c1652be0a5289fcf7d1e57bf693301218cfbd9d7ba9aef1f90eb0c3c8b3b2c50f72f46bd4b2a64

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 da7e68eeb5e4421d42888704366d57f7
SHA1 8ba432da1ae7a3616c665a479ff59d813e341288
SHA256 75909c508d74f6f31d648af4f8ca88e38e5a92befc66a2d79c0cee887f0f9154
SHA512 a4e7e26adb78e0b7cd710bcd46b41e888fea48110a4abc6353eb2d9dce5d0559ae176266afebeaba6f823bb10f843a44ccb7505b59f6d6ad67e895a887d8e067

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 c0181a4348782e47b1a8876dc044af9b
SHA1 047ed97de2c724ce615381a7da368bf6c85146f7
SHA256 86b7d4c90e72ea4d4fe28a27b5b7b2117df67ad6690bbbdc69b2bbd5103f8c88
SHA512 f266fd2d33065a7e67a6cc1ad99244ba238fb882bb288ef7d0169d375b7ee4463ab10a3ed955c15b7b7e9f0f9e3409a44040746eb4ea3a00649a5053a0d0faf1

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 5baaaa6bb7f647fec7a5ef6f58dc5256
SHA1 333e1e3e4f356505607fdb4b9a5920f005792de6
SHA256 b1e7598ebc2b7c46c8578ecc0292c82994b3f174faf21eec2237583dfa38a92f
SHA512 0d3f6fa20a4ce0399dfa68e54616640beab8b05e52f20f9582e285d97e9b5f419fbf0dac3f1e0af7ce0ed05fdb4ae82a41cb24a9059945bedea9cabaae6c7038

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 fffca8f005b88a00238a205bda6c32da
SHA1 f2412b95177a1d74bf28dfff1c69bb6281a736d3
SHA256 9235e78b5bb9caf1cf56127d6fbeb87401c9c4a24202cfb662ff1a1572ce278b
SHA512 58622c4ffafd3412a206d6edad929daa19172cb513d330ed64e42c13e75c3d5b2758140041ff439ef85db4a1cd0d9e6dc01a3bbc8102dc81347d90066b64d6b1

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 66bb64e2b2326ca8d4096e07529046de
SHA1 69a56f080bda494135371adda881d40135cec641
SHA256 790578a868f0042c148ee63bf697122500b6624b1dbec44f030047a7458c56ff
SHA512 d54eff0546a674414c16e5ac1e0f953bba67fba6a94cbfae6ef0786baf7ff05bc9807bedbb4ac884c68947491c071da762d70d6c8e209e02a22a6d1b0637eba9

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 08a78e2cccacf9ce1bbf7cebde495d6a
SHA1 07ac7f62323937b99044ccfae0c788e3bb77a0be
SHA256 78088c3b143fdf178058674b99ccd908f8511eac87f8e06b7c51d1566f6fed15
SHA512 d6fa8dbbb54041c504d6a2c01e587de50eb018f2cd1f1401a3d31414e861bda485f391ed8f8eb469d7a4082149027f01d8485fa103e6d291924730b41f03b8a0

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 b7f3825f8a7d053381d07890ff939459
SHA1 896f4c97d74a786b866ec70d06adb2da0502df8c
SHA256 0718047294c39cfdde6516af43bc2dfffefe66f93a880a6a1c22951423df4da0
SHA512 27ef40e4db9793b76be72bd63e6b24ae4062219208b3a68d2ae0daf2b0b41519797b3807f509751fc5f403a971db55de61170dc5ec29a53c352b0ef0a22653f3

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 a0998be9686ce3b03be0448d0d081a75
SHA1 9a698e747cda5c15a1f70f1127d8f00894104ffd
SHA256 20cc17f36860eee00c4e102162544ef9d0e1d675ed9e2a19d6fe9ee503c24fc2
SHA512 f7bf6c952a7bb4069c4c31cc2597ca9729c9a2c2138e5008e7765f1b56e259bb7b058605d8ad1bd7bc47b1bfb21b29be695c739e945b7e4d16e4be83c2e551b0

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 95291c11578e66ee9ae3bdfea9c30b97
SHA1 3ccb254baafc5f2fcb65075f51a18d9699a99693
SHA256 0c196c3daee2f8dd4d3a92ad60cd3f0d50cb950474cd5dcf6b03be02e4faac9e
SHA512 4b6660f98b1730f0b3ec63b58cf9742c93422a4d0c95c3b85157c4e151ed1d8cf0b3479e0e915cbbad4a5a91e66ec6cb096b9c6b1638d61286460d243660f35a

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 f694eaa27bf636c531603300bbb72440
SHA1 884d0aceb9ec36ee1a15411f514675f88a5cee6c
SHA256 bdab7a2e5cb98fa3ed9710d0db7222d2a9e61719bea699aeb498a8a45b88c528
SHA512 38885e5f1a041233f35f6b613c594ff4467fe9658f1413085c32ae5f6d54ba5e3d9d338e9b86dcb761f9aeacb6e0403a53c18ccf1b25b2df94c753616bcd4f5a

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 cf2691d33333715fddaaa17cf430d0dc
SHA1 ad3eec680128b60573144251ee0f6c89fac1b629
SHA256 52aa77c517f1c633f28130da838f9f041441e8fcba11efff49c0bcdb08e6c082
SHA512 9cdd56356246d1987650cbe1d1d6b09a6d7e65a3e463fa96144413c019f6e791c3f4a882e8b74ddcda41695c20e286d5d2d250ad79aadfdc422488b34c77ebe1

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 a831d78a599e05ef415b1375e8cdbe2d
SHA1 d4aba6c95cd8db70720e3edbf329eb0b238dd1c3
SHA256 2ad084ebba61d67ee9faf61caad956195accd99960a194d6d331627444a814d7
SHA512 6595e5f3d2951d910da5f13af9c896ddef5282f65503c5a9054324604a6b94b6c4c0729d6315ef4c5a8f5118bc44e956b3e16cd02ced562601bd4223b6ed6c0b

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 86db1276b7f4e7d24537d74be543d6dd
SHA1 2baeb300e68a0ad01e46b63cba96d94439b8d849
SHA256 5a26fd49c46a5f6c87c372599ca7b14e104911bbb9b8eceb7329c25b456f89c9
SHA512 6b919fbb3cb4a5aa19628e811bfbd8340d8f20239c505690a3244daceb834e12973e674f2f2b8e775534c087d5faa0646e26e596122ef19e96cfc30747d11f49

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 3a28d07cfe7529982302e3230357d459
SHA1 46b9374e0d56d6a810f5d5d872d71dddf7e5dadd
SHA256 b924cffbc9ebd424a409d60acb9c6fb1337c5a1ce1ce7b637f1b403b427e66c3
SHA512 f75a39222e10f86dec358ea81c0f82cd33a91035740cbace702669376d2aea1de1ece1a83f4273282fe5294d0d16a4929d8fc51a0a07a1d4d5161a92666c5b98

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 a56cc7cde328d18fb74ab3fe348bb678
SHA1 fe2740e9decdf9fafdf8075f5be1916d8c8d6975
SHA256 49399146271bf1626c5be30ab590fcd0a3c77c5e0afd664973727915c8a42ec7
SHA512 81479a70de55d41dba4c651b51e7e301b8b05927e52929ea9a122e60024cbae13d690b8450e94317d92eb5f79d4416bb4738fa2383ddc3b72b707cba581af920

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 46518a701149174d5b038797a42a7bd9
SHA1 9413f48c7c9e44d5c4bdf534ebae8ede15db5f45
SHA256 28217e98280436c0deac6b2795f9ed9a875646cddcc09af1f59d92e5b5ccc13f
SHA512 c95d13d1846bfc915d2015b7609a34d4d29cac8b227d28cc1dbf99584b2c2087b2ea2d6dc51c2241fffcd6a6e7d8e1cd1ecfae1cf037c33d353c1e551bc99a9b

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 f332730cd12adbc30a0f48572f40ddde
SHA1 5741f4f81a03a1b84f3929084cbd423c9dc732c0
SHA256 87fcc7b8e6d47add670aa5ab13c82cc8f22a7be7722505c238ee1353b11b9846
SHA512 b0b0a8f5a57fba85678974d048c54914d5de5bfef390cb196e11ee72a576109273eed962022e40a478d1a14fa39ecf08368bc9fc515d9e782fae6d567f52e84b

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 4b357a2be228372a7a6b00f3fc7488e4
SHA1 8879c5f43e8b5bb7cbcf06f81d24a19730b470f4
SHA256 f4c8ee125197446d187fe9088a00c9b2aaaf0a53ba3c6a284c903eefe536bda7
SHA512 fb08a5cac9080924584beedcb8755c34ce9d12175702e2993538f8b18c043dd5edabc1079c32476a814947ae924a9a18f638ea7a622b33ef5ef6418e6bca6524

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 85be63c2e1f9a08a8d8bf76bc89822d6
SHA1 2103287a7171580eb386410c6b2294142183a136
SHA256 13b4941dae595635870edc8b51ea4aa7ebb77874d48fc5a57f972318376cf9b0
SHA512 ae23970644ae2b63f3a5e6aa13d08e915f55b4a2d3766285525d0c6313db5f34705c8dd8211b0a2143fca30ecc30170f6cc1dfd3b783fc7187835f9989866183

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 f9d91da1b5d4f009e4e8aad4661cfb1c
SHA1 1d9c08ea08a1559480159039f394265171b6d138
SHA256 c819e7337dd2516d99e84e4ba80b22b5b2fd63a5ad82a9ca5f8237eead86e2fd
SHA512 1ad30184c7a2910cec8d57e4b1d3eb655b343fb03a33524c68a6fe156fc246833faf586ac051b917b1782e73b0d6e02dc29491808d196829db9251f2980ed92f

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 e9c6489565171e875cdf2b89bd0b0199
SHA1 21b70dc3b49f85bcc56748ac8601e4267d7fc87e
SHA256 7cb1d20c24a3b34012000148dcc717f3070a709ba3cdf6a261ab61ab03c441d6
SHA512 04695644aa423ed5453552c70826dc6d3af1eec18e67df8e6ba9a2b512d704d4f032b391d77790a6de4ca71de6e49283a9a76dd38a0138a53ce57be769772585

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 c206461de1debd71b2b72ff666e091a0
SHA1 5c90caca62efa66af2f37052a9b331381a13c896
SHA256 b4d5b249c68e7fffd4f31189ae3bda436dfb8255a0562befaf690131e38a1f6f
SHA512 a73b30147eaa4eaa0dc714cb74ad583e7d0cb787e9ea55d1d1137a93511fe8c745d1cd769da7c645ec26061fb66b9d0682271fdd8d4219279cb3504276cb8a38

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 b73a25bf5d5b2d87e0620d080b01ef79
SHA1 23726671ff34dad1dbb2ff15b5a9b0ea8366ba8f
SHA256 3bd2cca87dca2983a78039cff578de746cde6220526d6537f0ad082d2f6635f6
SHA512 2e0dcf6b61067bdeab3c3798a90f2b7026ef72ec72a1a826e7e2b8cb5a962a0400e730c27a761e249fec367677c1e8ea7bbf58b9cace41bc5d1ba079dca5924e

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 878f7ea9409173af05a09c8a46dae05c
SHA1 e9a077f056c2fea9d0c91299b49cd4eab771b6ab
SHA256 31d7ab6ce648eeba5e5eb0e7042b887555004b5afc6fe3aad07a394d31ec092d
SHA512 671b17c67237ef6f1eb6439f9c5e170aa65fbca4c368673faca19834751cc5f390caabb1a583ae759dbd24c6d41146dac1c6dd5f3f93e51908c4559774aec83d

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 3d5031e4c797420a81ad2549b91f67a8
SHA1 1b81ee8d189c859d6cbfa0e6abc9eb24b783394f
SHA256 dbc427cd4c703f670e989e875d2eca6be9898e0f3dd4cef17294dcf692ec1929
SHA512 389bc0aa498410b05354ba7d8729b9b02abe5dcc623c3120562cf486ae1aef77edbc9762557b45bebfe905e39034e6ee84ef5475938e30840e683f77c6a10463

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 36e95a4f7e26ea5be015ca6da89eb388
SHA1 afc15c54463abb78f6612b1c5368173c3aa36bcb
SHA256 4ffae7f961b782f8abbcda20ab6f06ece594bd60548f33cbd3e2c519810fccf6
SHA512 ef3940c573a39409af2de17874a49adf0ad8eee56b2a76408e39589f27f10815b8201e56d54a8965132e5790618c83489bc17fb3112e296935a30c0cd6df3fe5

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 79ee9394dc1f4d5f48b6a59598703799
SHA1 3616dd23656d43986d7a7437c82381c927ef6a25
SHA256 4e72c6276808d15e16d511be7bab42abfc0adf9430a96e9ab5b7ed3b39584ae7
SHA512 d80d9a66314e8315d4c7bd95a3003b74ed432be4181bf5a97a373e8391d6004fb6bff1dbf4de7667327141ff729bdf701b4d0280190f1a70b1b85503c7948f20

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 9014d174319a819c8e9780171b35e47f
SHA1 17d50b8bb1578bd1b0a58678a863d0ef56bac400
SHA256 885c0cde688d6ab154dadc974417c8d00e3540a9a6b119d28f29393fb340ad70
SHA512 942a2fbb1cc005ad8f3fc088cf6a80360b623a36e8b75e67c3a70bd59c4468cabca1e5535c5217732481de71dfa33f4310ee1efd41121a54483fb9d9bb44b185

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 390bf6e6c2671e154d4d028afc1b063c
SHA1 16c2a29cd003eeda9fe9838a272afc5067ee9bdf
SHA256 165862a457d43bcb12a24f0244fa0af939a9953ef71b5b9e32da0b16692cf62e
SHA512 a15b8900437640861fe3199411459257f3b0d36ad9c645a8fba1dc3aec25474156de575b2f72cc2697764806cfd0c8a41a55675d41865894510f5e16d6b5a654

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 2ce25f4fd71e77033f5f486a7514d625
SHA1 34f054119d1a72efac957727eff1c33bcd47db3d
SHA256 80ce18b073ae1c7a493f92ddd4ab2202493ea6cb7f3d72955854dc5234615d7c
SHA512 5a909d1009d40e389f63d030ecd2b20dbfa762e09ed7393cf819d170f4644900997ca085f03a980d73e21d1768f5230a0c42d648625811793238d7193e84a609

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 6a1a904f5e04d03e52ad9960334e2de6
SHA1 3931890b2d65eb6465750cd8acd11f1961d29b87
SHA256 8b3be08d935db1011ee24f483b7ef2d998da3c0db71922b3af019a49987479dc
SHA512 a9a1ffec1976c26b381586e860dacd6e518a1c99287ebff2eb58e8c68198a26431773781893c2390a54c1df9054f81377beec25bc46a871d803aef4ef8ab0241

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 ec9ffa594b30196d1683860a41bb5087
SHA1 ec32218c57dc6e198bc392c8695250c08c72b2e8
SHA256 72fb215b0a4d4b0a394fc2d6e86da95c15bc7618976c941db2e656464ce92f2f
SHA512 5dcb584a68a7ca6486b5e1ef13df68ea4f05466dbf1da73144a8e5016f8667434b5545a62ea6fa6ce93449a8e7a7b1b32e9b6b39f9b6efd07c23241f31c81d53

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 5fa028df6572e8826e3073165fc7bbde
SHA1 2a0d7f24959a3ee492390879b110863d8664d12d
SHA256 00d56d3e625274155e0a93696f74f1bf753427a7519af0c51a68b3b461076c53
SHA512 953c717ae315198ef3212bf3c8523ef6781d0569cad0c1052bd0f83f99fc372faeb570f99c4a43af1829962688efdba1c54031974c62f14b24b957857d3f35ee

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 f700fb1c0d831c861838cf28098a0beb
SHA1 a16cd489c4025b678eb8cade972e017973a9129f
SHA256 e5fb91fe057fa3ea0a8e6e61b59ff6b15d7b393766913734aa5b4011866f2197
SHA512 ed3c98dbf07797f79b1ff0c855373c9a40df631f361e2a9d661bbaf35868112cc879a8ff5df7eadd1152ae50ab15c7048cde98f2d134a78e58ecc27ae74b37dc

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 d1bebc41fe59152fd2e20b72e3dd9182
SHA1 e1187178345256b1822f94af22daec4345c82c2d
SHA256 033dc72c0fefd6e2247105d24893d901b92111cc3f2406dce6f035cf4d1e4ebb
SHA512 c160c7039aab250d13ed46dbfd62230b2901a54d77e7d4e168789e97d530e7ec11009db6979fb82894308566cf2a92c033f7b34e9d08e1ff22e7e43fb9e3d220

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 4af50998b6bc3aab3c11a8e6013b8282
SHA1 fb707a56725191d49e387da09a92748449b05a16
SHA256 579e09a76b915e72fcee068b6d45acf07f8a8797792e283f5d37437fc88b6d2a
SHA512 1fc9eb39cb24dde37e9696fa5d2ea2d6a7065cbfd34e56464ae3e80aff8e31043edb3378d384830c28a952e3023076bf3e3142ba13cd9c531590e8e9832f6e7b

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 fe1d8d8294b81d67c37875884a4560a3
SHA1 16eb3f1b0c6c536f15286063c47e41ec3f562a4d
SHA256 6ff38bd925d84a2a01a14e587beb3532dbffc80a12222d957005ade35c917450
SHA512 5466a8bc01d63a387c5d8e6e78908720d91c4a6079a70db996eb2495197cee38737b5d05a1b37c90420372755ff7cacb4dbc2e278ffc03a3f1e5599e2ef95c03

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 4b7e1ea5ad216d50fc8279d9774c0145
SHA1 c26ca92378aceb7beac6b7f716929d4a554b5922
SHA256 c23cdc8187976c340044836deeed8e6e61aa70639e07402f0ab8d46aab9fbe91
SHA512 1835e3945ff9b429d8d9183616997ac7260a8fd7a97ce436c8cda8e694d1c2bf4d5d32736ea48c10f0c09ec9bf854ab3813c3dc9415ce8b707e27ae1af447592

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 7f7452ff4c15c14dceecd422c2f71fc2
SHA1 340cbe4ab510bc6c1fca4330c2c55f4ff05d94f2
SHA256 d9d7ba0ad08b235fc94a329510177d6563bac587e617da42e8d4337f565a004e
SHA512 0da996bf6fa21cc9596d4301e7fcecac5b6e8b6d06a82ccdffc9fbcc1d4c6daf4635dcf120bcb3fbacb7ba3b037e43fd1f01e1adcff2f0cb8ece0c0af3e223c0

C:\Program Files\dotnet\dotnet.exe

MD5 7c4116fd394bd9995e64eaf58196e0d7
SHA1 bbafe376720bddf373f87768bdffce7a92582eca
SHA256 c08149ad1388cc241feef452ea5ea6abd849cc070bcc8cc7277b26474298cd03
SHA512 90ea2b996fd9c457c80e72657f2a0f51f3564b8915854804de95e79fe97d1a9281fcda7aa8cdc3900b442d0fda1ab0f513ac5dae0e62f4ab5763354483c6ec57

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 e2f489cfea9b3e2ae399fd679890c034
SHA1 e29d3b420190f59be2dafea01b4d8b021ba1ec39
SHA256 c87a35497c36e1ff64135b959ea93accff7326b5b67180abc6893ed1258b2804
SHA512 ddbe987aed243464ea1df8031d27af28ac8842e0891778bb7681c840cf1a6d30bc53f9bcf7062f30a472957e40ecc48e968ef19d1f8c8845df85cc3b756b8857