Malware Analysis Report

2024-11-15 06:40

Sample ID 240603-lfazjsbc88
Target 2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk
SHA256 cb50ce08fabb87ac8bb9374661affcd2c6d1d1f5881424363fda50241cdb9178
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

cb50ce08fabb87ac8bb9374661affcd2c6d1d1f5881424363fda50241cdb9178

Threat Level: Shows suspicious behavior

The file 2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 09:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 09:28

Reported

2024-06-03 09:30

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\cb46ec7dc3136770.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 54.157.24.8:80 przvgke.biz tcp
US 54.157.24.8:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 197.86.237.3.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 54.157.24.8:80 fwiwk.biz tcp
US 54.157.24.8:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 23.154.80.54.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 nqwjmb.biz udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 3.237.86.197:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 54.80.154.23:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 54.80.154.23:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 3.237.86.197:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 3.237.86.197:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp

Files

memory/1848-0-0x0000000001FB0000-0x0000000002010000-memory.dmp

memory/1848-8-0x0000000140000000-0x00000001401F0000-memory.dmp

memory/1848-9-0x0000000001FB0000-0x0000000002010000-memory.dmp

C:\Windows\System32\alg.exe

MD5 57c54434f7dcaa64adb8912b5faf9047
SHA1 5d818f01705de2204dfbf71da05adfc462d6c2ce
SHA256 58cc2c3d4e29b084133ca3c357f2d89b2317571ad70567c741885a5df6e96b05
SHA512 151e128640940143b6f2305239fa83867d1049f9d0fda5584fbba838809895749dcd54af27e42d35b8dd350ddb6b684c9227bc557e2e5c2aca426b3463b87465

memory/3248-19-0x00000000006D0000-0x0000000000730000-memory.dmp

memory/3248-22-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/3248-13-0x00000000006D0000-0x0000000000730000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 b6f9f8b0e046e30e08f4e2c02fc2021e
SHA1 41f1701beadbd2184b341f1d9d2b5dc2eb0a8f9b
SHA256 897483823eeff571281454e571157193160685a3ace2d85501b66c13be340c84
SHA512 1cf37802119d8439fba0ad6919d3e781576e186462d9281832115481f12cb4067fee083f1d87126eeb599c498aa12a0806a7c2a2cd740b734ea656df3d35b5d7

memory/4028-27-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/4028-26-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/4028-33-0x00000000006A0000-0x0000000000700000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 fa898442e47d999a8e35245bb4497355
SHA1 19f5d3ec22e7060a3b39f8916f45a69295fb04b9
SHA256 192941b8d0cfbdbcbf58cd08254afb8afb97a9fc45c6fb0b529b9aadbe648bcb
SHA512 19c64ecd5eb19304856f7bab4811dc53ed7ce50124602d8c6cf086a99119834a7e610decd69f571c46a616e2d6371c182a979c2fee691a3bfd6ce88ea4041cfa

memory/1848-38-0x0000000140000000-0x00000001401F0000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 4fa469a8267ce25f14a9feac11c4e867
SHA1 e7baedae9909d8257363ef4cdb5d6770da1f5584
SHA256 b753a8e32ba63483d7c75bc24e309e19c5e2c9c99b9ddb2339d8897422c3a2d9
SHA512 fcd4b088b68e62240924b5b687b33fff6d23907f21b285067bbbbc399a6951d9735e261f745846c8cb581f37496cffba4a25c0a7620242f94bc92b218ceb879e

memory/2260-48-0x0000000000720000-0x0000000000780000-memory.dmp

memory/2260-42-0x0000000000720000-0x0000000000780000-memory.dmp

memory/2260-41-0x0000000140000000-0x000000014024B000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 7bb10bca87cf194c80a79f8d970e0fc8
SHA1 fe971ca141a94a38f25b3697f57ebd8f969d6929
SHA256 1392b8fc2948ced9f3f55edc6065b2f3e753493a1d9ec04a57139a371e7db1d0
SHA512 7fb73fa080eef083dc78d5a9070101d951dd53663523000847cee25306b3db49df175f131ad8eac71f049eca5de1ca3eff3f70ba98c75854ed1cebbd991ba339

memory/4376-60-0x0000000140000000-0x000000014022B000-memory.dmp

memory/4376-61-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/4376-52-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 a09ca3996ae241ffbe9f307fa697a7c3
SHA1 09d6c4468223970db1b5abd9cbadf5d611e5d58a
SHA256 73e2f7caa1e180290e50829cb74c394249b9d4eeae908907d79bf597df7b9fc6
SHA512 dc25b47d77803e61e42ada8e1c3d25425365a550dfe802e0b731fd3287209d61ff2de6b029770b3d7389bc4a2f604c27d41c6941e6b628a1188f54ee1f1d788b

memory/2564-70-0x0000000001690000-0x00000000016F0000-memory.dmp

memory/2564-73-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2564-76-0x0000000001690000-0x00000000016F0000-memory.dmp

memory/2628-86-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/2628-80-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/2564-79-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2628-78-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 0f4ce29cdf046aee138dede690a7da41
SHA1 0b41ca12bc7cb27e9e67a734f3d7a759200e33d5
SHA256 04a94721e62697cb95a7b80d9c2a1e02869e494c3ba09bccbaaefa90528c7841
SHA512 eb829a2bcd4fad688fc3af8b485770fb0bb18c30b5ee77c58c0f95418b9273fd36029ea03f18e3f1fc371a04f49ec606fa01d6baa29fd31cca1e67abe85ef8e7

memory/2564-64-0x0000000001690000-0x00000000016F0000-memory.dmp

memory/3248-246-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/4028-247-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/2260-248-0x0000000140000000-0x000000014024B000-memory.dmp

memory/4376-249-0x0000000140000000-0x000000014022B000-memory.dmp

memory/2628-252-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 4e7d5be917aeb7c949b6e540b7706caf
SHA1 03254f29524f97266978862aa05cc36dce3e8f82
SHA256 6b02649a585974e7003a27ecb4daf3e9ab51d916f19fcfa1dca7761b47e68a55
SHA512 cb93e3a2e2e0fbb2d06d04f6af09994bde0f15f870e48cc3de1c201cd88bebd13e88baf173c4429792a6fd474a87d808b99c52f365f7e1ab4eb896a8d014a32b

C:\Program Files\7-Zip\7zFM.exe

MD5 f5c58b299eda6093e451d6a6448bd489
SHA1 39b47daba8cab7ab65c7300df0432a9461a37b11
SHA256 87f865b516ebff5416cf17a196c8fc982de18d61f05192f47548308e576aff83
SHA512 e7bed42cebc3cf7c53f6867ea385a5f28c433a2a47a6148ac703b426840eac9b1f24df6454745e2c72cd1fabf40960b80f3405b5e9705e1e5dd81f28ec622116

C:\Program Files\7-Zip\7zG.exe

MD5 075d798803ac011d98f0b0cbdc8859ef
SHA1 c840b14002a4ee6da6b7f40056350ec1a68db1f5
SHA256 68d507194a95be8e3b0320eaa2e196bfb4f2ebc9d8929ef8c86c1c943b26fb3d
SHA512 be5eb5927c903604e6f5f658b45fc031f2a1546bd32f7e2011c8869073f1d8d01e7d676fbf059b4203cfe2bd3fd56d00dacfe7fccdaa4c586e640e2ee84ae87a

C:\Program Files\7-Zip\Uninstall.exe

MD5 f4422ff79303de49aad2a2b13e649eec
SHA1 c75ccb5e71bb55eb25f082b6630ad55a2da2fb02
SHA256 8895eaae7045652f41a73a9d62e381cf29073c12e634e9191f1aaa9a8a228f60
SHA512 1fd8fadafb1806194c124b84f0032ee2d88b301965974cf8323b819c8c9a399e4e9e12197402abef37780381b44f9c7e2b72aac3e52fe6489388b4cede096619

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 193c6e5905c3c119abf5150d9f19619f
SHA1 9ce4b9294dc77753438699dbd1b3e2e6392b7d85
SHA256 c5069b146a0e6b5448a8752a301c67b710fe839b620640f0217ebbf161bec4cb
SHA512 9d43183c290b44f0f557d00824483aaa83e792f88d2eba96eb84fe10f892b23467381f7da89397d95425197d70139bfde0b9c5d880a86d0e87360518abea174d

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 a9aed837fb4b08510a6e43d267742f9d
SHA1 fa5666317a7d129c22a87ec154d62726287e6f2b
SHA256 485513f4a74c5157173d457be2dd11a59edd07e6d4aab6da47d2d834c6ba9b79
SHA512 56422d8f5a80a1fe0b4a305997e33048c5cf8872cace0c1c1fd6fd532222834026cfadb3be46af30331ec6dd303f37615ea8b6460f3cfb3d925215a2e85748bb

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 d7b226731a026b5b22b72302b99b7b44
SHA1 0ca208e68384ab8dd6aefedee32adb4fe460b146
SHA256 4c1e27a4a269f175dff92a4aed1167fc271ce7baa86fa32b3fff85eaa8bde1b9
SHA512 273d4cdf5352ce52a82f843355aa6311375926e473a14534e626814313dc5edbc0d972503d69207b0679f741dda865cf5145c6ccdab2ba66379c0ea0eee81c89

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 6cbc36262bebde524a0fe66a7ddfec52
SHA1 dbf97773377bc5ff01910e2814744cfcf55037b9
SHA256 c718fa902658bb24566a7837a69e091764479cd175b8e994f4629291a473ba3b
SHA512 754b3f227e3819f8b5bbaf4592435f91fd6318d45a333d658f2b6245acd90fa379d3942d47104593ada969b048e6b81c21cecd0be4bc00b289cc12e3192608b1

C:\Program Files\dotnet\dotnet.exe

MD5 ba317a6f4fb48972a254ce9a59583046
SHA1 63a1cf405d538787193f5957dbb29887363b949d
SHA256 faa9ba3b584d8d3dcd9cb44a9d5f5894c4788eaf937052acc4a1278c914cb7a5
SHA512 92facc25d18dd585711818fab035a146e16caed5b3d4d0959bc2418f8bbfe0ac2c043870a972ba0c083d02e0ec02ff422d97851d26862158bf8e576ac969f936

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 899732f8c0a2060c42d9dedc4683a26f
SHA1 ede5853742f2923f7c995eacccbf3a6cbeb4203a
SHA256 9a29be85aae457ad3cbf92b6438a351666fb7542a0252134b82e90f1890b6de8
SHA512 36d94e5c14183f01f5ca1901720113cd9d928e3be88453dd680d6eaad5c3cf3005b54b2fd124984bcaf6c9f464055c3a73013a43ba424c92243164d1cc5be9fc

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

MD5 d383400d55e6dd7ad4752f4b6315cf16
SHA1 fbd3ebd0bc9e76824297e22b293bde5ed626f5f3
SHA256 eab565e641ed5654b616bd9228614125a58d452f22ce230eb9358f6b739aa76d
SHA512 1cb239b599dcbfbeb703e3bfefc5eba890cc7549d78959f746f376842f8e0f69e909756b578c08a48914d05e415669b5acdd840053adc930acc0511502debd2b

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

MD5 77c1d650f5818b80a5042c3a487d87c4
SHA1 de8ca42e83865c9ed5de1bdf4b649f2db2cbd32a
SHA256 8ae7125d7f107a1a215d8c0ac3be4e6dd5e8906b9be1ec98455f41ed1698c09e
SHA512 f52ac58899ae5f7634ed492444b2e8d21199e6b0c0c78942ca70343e06576b0f6ebd9b3555a42ecdd42b599145699c7cbe935008e9dc4426d3b5baab443aa41a

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 8b7d457a253fb66a3efd7ace39a2e418
SHA1 9114118bedbee76cf982daa9051b1a533e372ab5
SHA256 df996e79d77eb620cd9c1666d83a83141a3991e7b1663c8fc9166652a6e8f709
SHA512 554c6e131e86282ca7ed3dc0af6f2fc33dfa29a182af04a311f146ca1c933fb66f97296c4befe5cec078c528bbce320469e8388ef28af7fe323fa86cf35acf94

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 1bfb2b4b3ccda97a8f7be110ea4a19e2
SHA1 80cb1489331624d4808433e19f02b2bf64d859f0
SHA256 87543d29b5adc14dd633ac7a7210e904b626ffeaff2f4a58e8ed3bcab68d239b
SHA512 33988efd976d2bfac6b049bdb35a22a5ea29c92a865b3c213cee0d679d28c78e403f9cb9d00d679d280cb83ef4f9931d268d58bcb7074736eb7c41c1487f68f3

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 fabbe5560c9c95759a0bb801111a7a45
SHA1 04e07dd52174ebc5725c93115ca2f638f1e995a7
SHA256 cfecc1771b792dc203d7f9f78dbb554cc3685e96102dbe9b4712c9811ab2fc36
SHA512 34fc701a87e8a1e054bd0cc584f46911d67f329f0e070c885e9188ed9488a3beb7440407ad65dced0b97b333a6d2fec10022ee6661639e8284f8fe2e50add6be

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 a67014e1a9cb47b43c847c7fd2e322b4
SHA1 2b4705daa598059ff842ef039540e56922bc65c9
SHA256 030e7bcac602efa22c4b3bbab29dd547f0833ac7080c567fa31b0a021e4aa179
SHA512 913f273bebc0f0a53de2ec09218efcca22097add5f39a2af699b8ce44ddb3e463636cab149981a0566ce94ef4203855134dcd0ebdeecac9e3e2a7ce3a6461792

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 ac9ce5213494307dec18556ace4e392c
SHA1 b33bbdc870fea11eed43326a339e4b1a5b089dc4
SHA256 64dafb3a00c0cdc49486b2c183cead7f2ce203cc8ab4f13fb26c325a6e3049c2
SHA512 31625856c9f63422cc182628bca5d4aa141700794cf0bb716f786eb8e0bd6b01b3f9c24d4aef058fff32088dbb600db9a1f0bac7a6c9e4240fa1402fc2106e93

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 91cf2a91e37f91f3769f5c2997078962
SHA1 88678242e446e053b7e9ed10487e49b974bc8227
SHA256 50201330e833163ad5e907f66b2124d74787fde397b11939989a7a373916c561
SHA512 6004c506857ee72055dfe3046b5a9d6236a0914da80c400849a128c3e45dff05ff2761282c98dd2d73d1ad17585713494bacf0f37128050188f1f2d2ac34c600

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 d2eec8a612ad843bafa05cd66f049ba5
SHA1 4d8a98db0dfd6e84c42357d757e4b618257b04e4
SHA256 b5c2724a73902259a9b18499de534b118c93e1063da5e2f0e24810ed582034f1
SHA512 97e416ad75e75748cfeeb9ece48963e44b53c7872ceb7e382e1f297cc31851783f97df410d4e2d72c5a62e2047b2bef06ec6daa30cdd7495a1556791c3f71bca

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 f7fac622936d78a99c991b5692499eb0
SHA1 5a2b8dd3ead8f9f7ee4de50bf8ba2b7ead2c319f
SHA256 ba62f9eda55ce3a4b2f8d91de1e1596932b9ba7aac95201c72610f7a2fe6caa2
SHA512 862fdfb5a65523d539e27d26fb5f3679813a6055f2657ee403718dca33ea9899bb4e6dbc27c4347b2098a6519761db1db44bfe7649938c4a35fb9a53d8448be1

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 1ce4481885f1fdd6ca392fce64145cf0
SHA1 938bc19574fa332c91818ace20a918f6e7b76d64
SHA256 cb9aa42c79eec7fe20bb61642616a62c5e1474c2e5fe36dc6bfc41201cc21953
SHA512 6fe857efcc324a5c417e69b3a11128827af40d389071bf8d11794aa8ea9f060e58ca1fcdda1fb8cd0a534d9a04f5c64f40b2a5f34445209473797f6afaff3753

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 7ed9255a6f51cd91945ecf1a06f5361e
SHA1 631b839d61e0832087082d9fb3e5bb8ac57466dc
SHA256 dc34026b007a363078ca7d8924698bf330e6741e8b729d2ec2455ee24374214c
SHA512 27072b16ec38b53b6570a78c5f652ca43a28d42df273298a559cf0c95af7971036f4a47b45930694362548c5a9e9916d02385ff14ce4db807b9084c404c280d2

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 1eb22c8103ab5e7d1305f140a2935834
SHA1 e3156c16a75db8af92c2efdbdc710e86f0d24a51
SHA256 ba86145d40f79cf139b33336a60ccf5c319a7de99740244fc245a001d212f9a0
SHA512 45ab1005526d04edc15527ef6479c8413f909b7c986282b43d6165c43f046e38848461ccac1edb499aa3fb786cfb3acfbd2cb8bde52212923cb404f56f134033

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 251bcb039a23371640473da1551c4836
SHA1 02b299d1ada599f13e561b4171a0f20407cfc1d2
SHA256 dd04488f8d6b33db15a668fe1f50a2c5a6b29339268ea5eb261a7d3b554e8eaa
SHA512 0216fba4144ffa8495723bba447241e742a3ae0c052359e1fa169336d89312eca8a33228b012e74f9463cd944eeeb3278958c39682cc936c3795ce4b7e948059

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 0384d680a58971ca9c0a74af463983ad
SHA1 87e7760e540ce94855d95a9058bfc556b542a382
SHA256 c7d30fe368e89e0c66b9f187fd24280f1f73aa89ef8de2008ce8e44af598cc5b
SHA512 0a7ea15ad22d0b267c74ca2d232738c68cb1cced45704ac6d0639fca71875c46517ce746e514e5a3334b612fc23d86932755703fcd70fb01680643de33458c1a

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 da451d527482bb39698c35dd8fac0664
SHA1 8e811e33abbc72b212e24e3fca550f1542a27f56
SHA256 a3a1511788e8a2bf54e5d339715b2d203028f9fdf81ff0d17b9a7d8b330460b0
SHA512 25a4795e0d5e27e96108acc93013e651e37d3c358039bf18a341a6e6b2f2cf9ced91339608780a088252d3d86d611bd9e332988686d67b031a711a5c7c9c083c

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 973564b6cb6ad3dc15212fb2fc7181d1
SHA1 7574cb4cb3bfd720ca45e16c6d892b958c0f9719
SHA256 57802c4768ff193c0156fca1270efb5d4d9dce47e3285d19e56eb4152780b037
SHA512 420439555366a95be2c91a6f29ac8aea72c6b7ac0f262e7767e1d26a00a6e15060f35c300ea318259c889f6ef871cf3281f1de698642dcb3909e7d52a0cc4a2d

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 36647514d49b2627db99f3178da3a229
SHA1 5491e143a6e69d84002b4ccdd823727d50aa4a96
SHA256 5cc56a52d9a630221416766731210cae5ec8c18ceba5a8c223f9f17d8e82ecad
SHA512 180acfdfb762eb516a342997cc0b7de8726903fd316fbe08dd76fdea742f36d4eeb14f50ef1f4695cee994058d7cb2c936b6186b0f3e9975855dcb983452a881

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 590bf922e572ccff3d71f7a347971cfc
SHA1 b742e0b7223d68336d9703998638202857e7682d
SHA256 1e7b0134e64789f200b10ae356ad58b158bdbd043f3feae88e1a8e40a2b7b1ae
SHA512 ef25f392036ed18c4f37a3a2adfcae04a090afc4da385cbe1c04e853644f1c454b002f9182997b1f94c3b7a60a49995ebe467ffa01a05d4d69c813173608482b

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 d822eea14923f5d34b0839ea37463536
SHA1 c2b73b4d2c7ebca4a848c7877300d2c648199165
SHA256 127b8fe5fd20659039090dd7a2a1a6bc683087f45eae759116280f0a89f09315
SHA512 c144513440bb79aefd40ab796385d1d4956318340e7501966e927595e026f7ed03ed6dffe3223acce0fa7da50b643ac8873b61d4ce7079eeee3a21bb1cf1d823

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 1bfad32f24a40a8301f32e38c0826aa0
SHA1 2bcc6e273324fcfbab9554aa84907593d8236c0e
SHA256 a12a94f1be3eb31d81fd333662de906b79a2720e445aade7a1548c732a5203f3
SHA512 c1b4c913ef11306a2e84721dff9dec17aaebb27ca13de691d4ea674d50b7c10c7822eb59f3bde5a8e57edad699994fcf0adb63f4188a1e1cdd6ab95f5ea1673c

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 247abe9196615462f1051c68d2be1751
SHA1 eaff8884308e231b64dc89c8d2c684ea5988b8cf
SHA256 76bdbe1aec94cc76b8cbc12da4329090b4e5f998b8c67c470df64dce075ba7cd
SHA512 a1e194fc7b9eb3b3db72cfed99c2deefd79267373945644a969d6f4aa3adefa7365ce3fe7d939ec3248c4b4ea1931f4e7ebf28f1e243c7be00f76dd209c08568

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 8eb4fd948a20e5485c7cf52da91d1bbf
SHA1 35b99068038f9ba4fe0694e8e00e8af1390b66d0
SHA256 d17c8e5bab16abae67876480559ecf26d277459334f2393a50590deeba16ddad
SHA512 b7d47ba88fd79e98b714ef9a9a3aab6abba8390a4bddffd420765c63f39400a69851590bbf69b6cbc63c9b80f1d64e861556608bf58b3d3a1f9facd824c3dc8e

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 f5447af303a7e9a9ca98b5d9f67510f1
SHA1 51f5c8a8cc595bd14a92f54057d3236644b1eba3
SHA256 67163ea6f0880745d793cb597e4bcaae6336b1577940c57cce9424641e058e91
SHA512 1cd0b8432f348cb04b190a362481c83ad3c1f4c9e8d64388f1ff25a1ab8ef998e8509c366019f1b7be413880ab7503e5ec2baf3d75b0aaeabef6a30ec9b4fe2f

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 7c4a8b4189708aaef36e35fda0853aef
SHA1 cbc7dd054fa46d251c70d1f8bd252f29b95693b6
SHA256 c67c05e1832f15bca1c1d047f048018b84d92e8ff660634a1718b535b18544ce
SHA512 423589bc60d338fbb6afce51799f81d99bdbb27fc18239db9c99cef9ecd0fa818e81d90be34e713488557147386f7f72f1c3b4ac10b1c624cd2a2315b6b2b698

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 cfda0f4c412ea9570dd676bb770ec6b9
SHA1 c8212dae86813f2edbf101ff576e6be020b11c93
SHA256 110f5fea6fcb7225b1b21a818792303e30ba5181a9d47d025a3c0663e2f0fcb9
SHA512 fc5ad3a7b8a7b3f07bdf35afb8e66a41c5a38e3ddfcac56404c12bc9d189ea5345fb90ec257d80bc328143fcb2dea8acda6f87221e8bcca0bf32a552c60af4f1

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 5139ebc7feeeada1c3c893b5fb27d04e
SHA1 b511c9ce79cd196d278c77b30f88e10aaafe8908
SHA256 710d1171d2c2044fe09583fdf8efd5db0810b3974ef06e56b94507bf99ef7127
SHA512 2d06a6f193397cd6223d0a3e2c330143d3389ae45a8913d5e204e98be813a2d7d1282fef3bc01a1936ca3fff1e327df910194c58332c29373eb2d02f8aaa3737

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 60c9f9f96b32e7db9cb3129e12780eee
SHA1 29e4e0528230ee38d7b7eded1b742fd61994706d
SHA256 a51a90347aa8ee132fab9f907eade978fcf00efa86119e5985ab2ce2e221af50
SHA512 adfa994fb3318bd427330a9956c00d61582a14b5c136b2ca6b87559361dcd70b18314144d4413532412cabf0da62edb03555b49cc9a1f4ec0e632dc738f49295

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 3790a88ad297c0986803387941c150dd
SHA1 d4a063252fc855792ac422b98509eaaa4693d141
SHA256 3e57fdaca9d5b7c81b28fd1da48b71f4fad10206e1900060a08fb90e983bafa4
SHA512 05d098993aa2ebaf419370f297c2725b45f733f284267b06d46420eb58863b25ba6ce7ce528cc7104fa70b20f4b2aac8eec217cb7322fd3fcdcae76fb3d4345c

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 4835f914d84cbf63022e65f3bfee65b3
SHA1 d796e5a8461b9a06257f9254d4c961ae42710fa6
SHA256 a95fa28e5e654c60ca4753ce9d97af679fd49826037a6a25b4a7539ce789e896
SHA512 59aacfe1efff7b98bcf5a213e1c468a1c961298d3e10b40b07e46a565d1c52d040c5336a3afcea1314e19167dfe8c8c59182f1b22fd14fe130db7b30012d58c8

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 e701b5487ce5526c4f399b0f8e69f81f
SHA1 c70ac88cf50334433073ad1fb62daa016396a02f
SHA256 22b7afda5fdf547dc0015c0e9469fc09a46269bdedfcea7f950827439ba82e35
SHA512 9de394bcbfc6fffa7ada1c618cc6c04f8efba365bfa1afedb5f5d313f92d3a236b42f9f31c67a826c9bf2ec977628059a49e0cf0cc9f15e45be76a8a82ba0dee

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 1027001e958ea6c415a2507b91f359e3
SHA1 1e9f839b3e19954cbb1dc6a6caf9a4e8ec8d5f1b
SHA256 29cd4c5483a1cf64240db72e2c906845f56f37bf71ceb0ebec8545b6577bb48d
SHA512 7104615ac606f1e7b19b52475ea59d7ee029380d5b6e7571889f5d15f99f2bb0b2ada90edf5134c401b1db8aed183fecf749f61da42e909fbea3f90ae89468b5

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 734d0c78a5b0998ef64aab6839072843
SHA1 c2fee837cc3a810b4a9740060f56261b24962975
SHA256 92ce681a86ce8bfb2ee701ec8ccb7d4f6fb019d76a3eb5ec4eb8c75789a9f6a2
SHA512 92d78b2ab932886af5ee49780189ac26c83382e9f337db03412cd8c9ed9b2b5bf8edc2fa920fb9bfbf1d4a5f7706250797224d9ec466409a311196a5a1264408

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 450996c663ca5829822c0c84290d5e91
SHA1 676a923fd6e4a30ad53689b2608ebc4795ecc1da
SHA256 a98ab4f75e7cb8feccda9f20d15ff1e4361c955982b0772e760b3b28d63f117b
SHA512 cd691db1b20b17431b827219d769de17ae8d3b133901f0202644f2f91bb217c5fdeb54bf9964972a005fab93e8575eaa36aa00b1cb12271f370f7cd79c1e88c1

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 e1d6358969bd1ad38219a3698739c5c0
SHA1 cdba6f71ca7cbb5823d218248553d05dcd1e952f
SHA256 dff07412b43035a78000f302ed816a51886e3f31b6d694538240f7835ceb3a48
SHA512 3f48cf937c0271792f4b8f79dce18fc8efe2800e8b23634ff4b11b043f76162ae6b5c1c0cc252b6a3c90fe717586b4a52777077e55917bb24863791badecd85b

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 211059008a1da83f28cb37ec3cebb3d8
SHA1 ce113ebcdf68fe73fbc6c6082318a394ae0d8c59
SHA256 90c90d4c4f3eedb80bae87901f5f25c47be6d77515059cc9fa30eb0db4a0c861
SHA512 42c78fb00dd5159b5326e9e87417ade5509735cd3b48713978c2386a714537ff33f5cac2911cf89ca1e06a3f31b076f5f21cb393f20ec3c93a34a2383fc75811

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 e007f277957d4c5c03c371b3e27d9563
SHA1 e841d7e3ac2d9fd29b9d5a5edfa1718374901401
SHA256 47f3ad51ff623bf84af4e64facf8712e5819003ed8e4f7015548e533996daf2b
SHA512 3e2e72f946d191133aac10115f5244859428f25b18eb366c3e0cad0ceb6f6f06ad638f72e9e526c2bbca05628771a0aaacb8d186ac03f00911a32b5ab9e84ef1

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 0c45cfc326ce0f2dee680d6f0ad1e48b
SHA1 50dd4d5e1cba459350dd2c70a5d5550656116193
SHA256 0c8666ab047e38606f94a2211ffd69751fa19b123518cf0298685551709e1191
SHA512 4aa2d534899b46829f6ca16d06d58b6331180feeb375c05c697826a10ce97dd281dd09491e7a9c7812f094b8a1c80dee61e0181a21f7cd3deba46ad45ecb0171

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 476fd988c898a38846031e6642628746
SHA1 dec993cd0b19eb69ea47e744d9381e2d36f2006f
SHA256 b0b9fdaa22b7c038902571b20fbacfc2347510fb015f21ee7dcd269ac0660ef8
SHA512 be81b971470cff2ce0054c4ef7522b9c20cf7d9666dde44d81fde369dd2c440b36d246a4dfca9de6fd8a23842c156932442b9e2066e20577aac3580112710bb7

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 8db9f7cd6f1b81fcc6e50173c53153f8
SHA1 14490a5374db67d234df68a425f30b9eeee47b21
SHA256 13de7a4da305d6017fdd910bbb178f9fb11ef3753dd2ade77c5cfb407f5182fe
SHA512 c74b99c4a8189e78871c58d0ab5a332a62aa5f6b816561b5472deae48f8abdbfe74b9e29e86c5e3285ca30fbb3aa1ce272c7a78ecf947dcff66f3fa1bfbb5ead

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 0367fe56cd374b74b4e4441f1c6e5ac1
SHA1 0fb795c9bda815275d5350005df8d90323c616d3
SHA256 03ba81a8deed010ceb3329fb358f295fc4693919982cc6bd2fee809b1c9f2b89
SHA512 3fa083c22b64ea39f6d61ffc691609e7cb1a4b1b36c187503f23098d99a0c0f9cb66d1c88b99dbd881659f0e90cd2ea814ae3cd4785dc6b535f108c09b01960a

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 92ee58fc294daced8efb11ba3b226311
SHA1 2256889d39eb2a0de25da4370d4f7558f1e68c28
SHA256 5bbf7c405a52b9a5f98fddb3c52bd46a215967cdf447151074aa290ae567157b
SHA512 f07d1b364e2e45ada9ef533c591c18d58e336489e1db5cb6bd62973398b18aea3fc1104e492247404c087cc37871a0e776429a75019a911b190640d32cfe6d38

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 d06762ffebba1954cec445d7c86f0172
SHA1 46363f4ed3a59fca9c91edb17da71b93eeb22da3
SHA256 7435250c422f4fa781340a3eaac3f14745dba98fccdf54389a5eac12826098e1
SHA512 48d09a9a42bcda4897a447b1c41b65263a1bf5176b048accfdad4b2862cfe2a1091ed27841151ae63e88417553b0ed316bf5c887f08abd5ed5691fe831486f9f

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 6a1cb18bc797f4203951bdf857c8eedf
SHA1 e1aaa11655f953b2cb22e73a7f19babd63cdc889
SHA256 571fe573a85791546f5f39616b7ab2af5eb5404cd76a9e797254d507edd6af13
SHA512 c9a1f3de51d96d46a3e3b95b6cf52c98643405ea64f0a399019a101eda7d1daea9ecb7d030437ccbc58f113f3123e92df45e52e5990994c47fd4851f4e64c29d

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 690d2c6bd0c42ce02dbb158f28f3367a
SHA1 76d5d71cce74d2e7ab6f049a7afff04de553d854
SHA256 6013897301dfa90e280d70c9c98a27445e1a9007bf6bdaef2a3f01100a9c93a4
SHA512 6e9068cb75e768c1c00f775da4c08241ce20518dbd8e75d3b0e280ddb43a7c80ea9480cf2ddfbcd983e0f7108e9d31845c69014db9fe79c19f7bc19546b6f33d

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 c728680a0866b1dad6306d01d9a9501a
SHA1 0fc5f444c01e0e24a5416e32aa1b9cf3dac0a95b
SHA256 09e5c3eefdc48c1ca10bf9b8c8db38de8d1267ab57cec251ba77ccbb0e188456
SHA512 42c177c4e5474b842549f30143f04b2f2388829085fdc2796e12a386a076486358dcba9abd2d4b928b71f3f9f9c977a893fa81aacb810c9efffcd7c559d9104d