Analysis Overview
SHA256
cb50ce08fabb87ac8bb9374661affcd2c6d1d1f5881424363fda50241cdb9178
Threat Level: Shows suspicious behavior
The file 2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 09:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 09:28
Reported
2024-06-03 09:30
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\cb46ec7dc3136770.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\klist.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javac.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\schemagen.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-03_1203184c1d87e47335992bc59a9628ee_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 54.157.24.8:80 | przvgke.biz | tcp |
| US | 54.157.24.8:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.24.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| US | 8.8.8.8:53 | 61.43.200.44.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 197.86.237.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 54.157.24.8:80 | fwiwk.biz | tcp |
| US | 54.157.24.8:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.154.80.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.204.218.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 44.200.43.61:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 3.237.86.197:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 54.80.154.23:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 44.213.104.86:80 | pectx.biz | tcp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 54.80.154.23:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 3.237.86.197:80 | banwyw.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 3.237.86.197:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
Files
memory/1848-0-0x0000000001FB0000-0x0000000002010000-memory.dmp
memory/1848-8-0x0000000140000000-0x00000001401F0000-memory.dmp
memory/1848-9-0x0000000001FB0000-0x0000000002010000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 57c54434f7dcaa64adb8912b5faf9047 |
| SHA1 | 5d818f01705de2204dfbf71da05adfc462d6c2ce |
| SHA256 | 58cc2c3d4e29b084133ca3c357f2d89b2317571ad70567c741885a5df6e96b05 |
| SHA512 | 151e128640940143b6f2305239fa83867d1049f9d0fda5584fbba838809895749dcd54af27e42d35b8dd350ddb6b684c9227bc557e2e5c2aca426b3463b87465 |
memory/3248-19-0x00000000006D0000-0x0000000000730000-memory.dmp
memory/3248-22-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/3248-13-0x00000000006D0000-0x0000000000730000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | b6f9f8b0e046e30e08f4e2c02fc2021e |
| SHA1 | 41f1701beadbd2184b341f1d9d2b5dc2eb0a8f9b |
| SHA256 | 897483823eeff571281454e571157193160685a3ace2d85501b66c13be340c84 |
| SHA512 | 1cf37802119d8439fba0ad6919d3e781576e186462d9281832115481f12cb4067fee083f1d87126eeb599c498aa12a0806a7c2a2cd740b734ea656df3d35b5d7 |
memory/4028-27-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/4028-26-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/4028-33-0x00000000006A0000-0x0000000000700000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | fa898442e47d999a8e35245bb4497355 |
| SHA1 | 19f5d3ec22e7060a3b39f8916f45a69295fb04b9 |
| SHA256 | 192941b8d0cfbdbcbf58cd08254afb8afb97a9fc45c6fb0b529b9aadbe648bcb |
| SHA512 | 19c64ecd5eb19304856f7bab4811dc53ed7ce50124602d8c6cf086a99119834a7e610decd69f571c46a616e2d6371c182a979c2fee691a3bfd6ce88ea4041cfa |
memory/1848-38-0x0000000140000000-0x00000001401F0000-memory.dmp
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
| MD5 | 4fa469a8267ce25f14a9feac11c4e867 |
| SHA1 | e7baedae9909d8257363ef4cdb5d6770da1f5584 |
| SHA256 | b753a8e32ba63483d7c75bc24e309e19c5e2c9c99b9ddb2339d8897422c3a2d9 |
| SHA512 | fcd4b088b68e62240924b5b687b33fff6d23907f21b285067bbbbc399a6951d9735e261f745846c8cb581f37496cffba4a25c0a7620242f94bc92b218ceb879e |
memory/2260-48-0x0000000000720000-0x0000000000780000-memory.dmp
memory/2260-42-0x0000000000720000-0x0000000000780000-memory.dmp
memory/2260-41-0x0000000140000000-0x000000014024B000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 7bb10bca87cf194c80a79f8d970e0fc8 |
| SHA1 | fe971ca141a94a38f25b3697f57ebd8f969d6929 |
| SHA256 | 1392b8fc2948ced9f3f55edc6065b2f3e753493a1d9ec04a57139a371e7db1d0 |
| SHA512 | 7fb73fa080eef083dc78d5a9070101d951dd53663523000847cee25306b3db49df175f131ad8eac71f049eca5de1ca3eff3f70ba98c75854ed1cebbd991ba339 |
memory/4376-60-0x0000000140000000-0x000000014022B000-memory.dmp
memory/4376-61-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/4376-52-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | a09ca3996ae241ffbe9f307fa697a7c3 |
| SHA1 | 09d6c4468223970db1b5abd9cbadf5d611e5d58a |
| SHA256 | 73e2f7caa1e180290e50829cb74c394249b9d4eeae908907d79bf597df7b9fc6 |
| SHA512 | dc25b47d77803e61e42ada8e1c3d25425365a550dfe802e0b731fd3287209d61ff2de6b029770b3d7389bc4a2f604c27d41c6941e6b628a1188f54ee1f1d788b |
memory/2564-70-0x0000000001690000-0x00000000016F0000-memory.dmp
memory/2564-73-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2564-76-0x0000000001690000-0x00000000016F0000-memory.dmp
memory/2628-86-0x00000000007B0000-0x0000000000810000-memory.dmp
memory/2628-80-0x00000000007B0000-0x0000000000810000-memory.dmp
memory/2564-79-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2628-78-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 0f4ce29cdf046aee138dede690a7da41 |
| SHA1 | 0b41ca12bc7cb27e9e67a734f3d7a759200e33d5 |
| SHA256 | 04a94721e62697cb95a7b80d9c2a1e02869e494c3ba09bccbaaefa90528c7841 |
| SHA512 | eb829a2bcd4fad688fc3af8b485770fb0bb18c30b5ee77c58c0f95418b9273fd36029ea03f18e3f1fc371a04f49ec606fa01d6baa29fd31cca1e67abe85ef8e7 |
memory/2564-64-0x0000000001690000-0x00000000016F0000-memory.dmp
memory/3248-246-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/4028-247-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/2260-248-0x0000000140000000-0x000000014024B000-memory.dmp
memory/4376-249-0x0000000140000000-0x000000014022B000-memory.dmp
memory/2628-252-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Program Files\7-Zip\7z.exe
| MD5 | 4e7d5be917aeb7c949b6e540b7706caf |
| SHA1 | 03254f29524f97266978862aa05cc36dce3e8f82 |
| SHA256 | 6b02649a585974e7003a27ecb4daf3e9ab51d916f19fcfa1dca7761b47e68a55 |
| SHA512 | cb93e3a2e2e0fbb2d06d04f6af09994bde0f15f870e48cc3de1c201cd88bebd13e88baf173c4429792a6fd474a87d808b99c52f365f7e1ab4eb896a8d014a32b |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | f5c58b299eda6093e451d6a6448bd489 |
| SHA1 | 39b47daba8cab7ab65c7300df0432a9461a37b11 |
| SHA256 | 87f865b516ebff5416cf17a196c8fc982de18d61f05192f47548308e576aff83 |
| SHA512 | e7bed42cebc3cf7c53f6867ea385a5f28c433a2a47a6148ac703b426840eac9b1f24df6454745e2c72cd1fabf40960b80f3405b5e9705e1e5dd81f28ec622116 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 075d798803ac011d98f0b0cbdc8859ef |
| SHA1 | c840b14002a4ee6da6b7f40056350ec1a68db1f5 |
| SHA256 | 68d507194a95be8e3b0320eaa2e196bfb4f2ebc9d8929ef8c86c1c943b26fb3d |
| SHA512 | be5eb5927c903604e6f5f658b45fc031f2a1546bd32f7e2011c8869073f1d8d01e7d676fbf059b4203cfe2bd3fd56d00dacfe7fccdaa4c586e640e2ee84ae87a |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | f4422ff79303de49aad2a2b13e649eec |
| SHA1 | c75ccb5e71bb55eb25f082b6630ad55a2da2fb02 |
| SHA256 | 8895eaae7045652f41a73a9d62e381cf29073c12e634e9191f1aaa9a8a228f60 |
| SHA512 | 1fd8fadafb1806194c124b84f0032ee2d88b301965974cf8323b819c8c9a399e4e9e12197402abef37780381b44f9c7e2b72aac3e52fe6489388b4cede096619 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 193c6e5905c3c119abf5150d9f19619f |
| SHA1 | 9ce4b9294dc77753438699dbd1b3e2e6392b7d85 |
| SHA256 | c5069b146a0e6b5448a8752a301c67b710fe839b620640f0217ebbf161bec4cb |
| SHA512 | 9d43183c290b44f0f557d00824483aaa83e792f88d2eba96eb84fe10f892b23467381f7da89397d95425197d70139bfde0b9c5d880a86d0e87360518abea174d |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | a9aed837fb4b08510a6e43d267742f9d |
| SHA1 | fa5666317a7d129c22a87ec154d62726287e6f2b |
| SHA256 | 485513f4a74c5157173d457be2dd11a59edd07e6d4aab6da47d2d834c6ba9b79 |
| SHA512 | 56422d8f5a80a1fe0b4a305997e33048c5cf8872cace0c1c1fd6fd532222834026cfadb3be46af30331ec6dd303f37615ea8b6460f3cfb3d925215a2e85748bb |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | d7b226731a026b5b22b72302b99b7b44 |
| SHA1 | 0ca208e68384ab8dd6aefedee32adb4fe460b146 |
| SHA256 | 4c1e27a4a269f175dff92a4aed1167fc271ce7baa86fa32b3fff85eaa8bde1b9 |
| SHA512 | 273d4cdf5352ce52a82f843355aa6311375926e473a14534e626814313dc5edbc0d972503d69207b0679f741dda865cf5145c6ccdab2ba66379c0ea0eee81c89 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 6cbc36262bebde524a0fe66a7ddfec52 |
| SHA1 | dbf97773377bc5ff01910e2814744cfcf55037b9 |
| SHA256 | c718fa902658bb24566a7837a69e091764479cd175b8e994f4629291a473ba3b |
| SHA512 | 754b3f227e3819f8b5bbaf4592435f91fd6318d45a333d658f2b6245acd90fa379d3942d47104593ada969b048e6b81c21cecd0be4bc00b289cc12e3192608b1 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | ba317a6f4fb48972a254ce9a59583046 |
| SHA1 | 63a1cf405d538787193f5957dbb29887363b949d |
| SHA256 | faa9ba3b584d8d3dcd9cb44a9d5f5894c4788eaf937052acc4a1278c914cb7a5 |
| SHA512 | 92facc25d18dd585711818fab035a146e16caed5b3d4d0959bc2418f8bbfe0ac2c043870a972ba0c083d02e0ec02ff422d97851d26862158bf8e576ac969f936 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 899732f8c0a2060c42d9dedc4683a26f |
| SHA1 | ede5853742f2923f7c995eacccbf3a6cbeb4203a |
| SHA256 | 9a29be85aae457ad3cbf92b6438a351666fb7542a0252134b82e90f1890b6de8 |
| SHA512 | 36d94e5c14183f01f5ca1901720113cd9d928e3be88453dd680d6eaad5c3cf3005b54b2fd124984bcaf6c9f464055c3a73013a43ba424c92243164d1cc5be9fc |
C:\Program Files\Java\jdk-1.8\bin\rmic.exe
| MD5 | d383400d55e6dd7ad4752f4b6315cf16 |
| SHA1 | fbd3ebd0bc9e76824297e22b293bde5ed626f5f3 |
| SHA256 | eab565e641ed5654b616bd9228614125a58d452f22ce230eb9358f6b739aa76d |
| SHA512 | 1cb239b599dcbfbeb703e3bfefc5eba890cc7549d78959f746f376842f8e0f69e909756b578c08a48914d05e415669b5acdd840053adc930acc0511502debd2b |
C:\Program Files\Java\jdk-1.8\bin\policytool.exe
| MD5 | 77c1d650f5818b80a5042c3a487d87c4 |
| SHA1 | de8ca42e83865c9ed5de1bdf4b649f2db2cbd32a |
| SHA256 | 8ae7125d7f107a1a215d8c0ac3be4e6dd5e8906b9be1ec98455f41ed1698c09e |
| SHA512 | f52ac58899ae5f7634ed492444b2e8d21199e6b0c0c78942ca70343e06576b0f6ebd9b3555a42ecdd42b599145699c7cbe935008e9dc4426d3b5baab443aa41a |
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
| MD5 | 8b7d457a253fb66a3efd7ace39a2e418 |
| SHA1 | 9114118bedbee76cf982daa9051b1a533e372ab5 |
| SHA256 | df996e79d77eb620cd9c1666d83a83141a3991e7b1663c8fc9166652a6e8f709 |
| SHA512 | 554c6e131e86282ca7ed3dc0af6f2fc33dfa29a182af04a311f146ca1c933fb66f97296c4befe5cec078c528bbce320469e8388ef28af7fe323fa86cf35acf94 |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | 1bfb2b4b3ccda97a8f7be110ea4a19e2 |
| SHA1 | 80cb1489331624d4808433e19f02b2bf64d859f0 |
| SHA256 | 87543d29b5adc14dd633ac7a7210e904b626ffeaff2f4a58e8ed3bcab68d239b |
| SHA512 | 33988efd976d2bfac6b049bdb35a22a5ea29c92a865b3c213cee0d679d28c78e403f9cb9d00d679d280cb83ef4f9931d268d58bcb7074736eb7c41c1487f68f3 |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | fabbe5560c9c95759a0bb801111a7a45 |
| SHA1 | 04e07dd52174ebc5725c93115ca2f638f1e995a7 |
| SHA256 | cfecc1771b792dc203d7f9f78dbb554cc3685e96102dbe9b4712c9811ab2fc36 |
| SHA512 | 34fc701a87e8a1e054bd0cc584f46911d67f329f0e070c885e9188ed9488a3beb7440407ad65dced0b97b333a6d2fec10022ee6661639e8284f8fe2e50add6be |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | a67014e1a9cb47b43c847c7fd2e322b4 |
| SHA1 | 2b4705daa598059ff842ef039540e56922bc65c9 |
| SHA256 | 030e7bcac602efa22c4b3bbab29dd547f0833ac7080c567fa31b0a021e4aa179 |
| SHA512 | 913f273bebc0f0a53de2ec09218efcca22097add5f39a2af699b8ce44ddb3e463636cab149981a0566ce94ef4203855134dcd0ebdeecac9e3e2a7ce3a6461792 |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | ac9ce5213494307dec18556ace4e392c |
| SHA1 | b33bbdc870fea11eed43326a339e4b1a5b089dc4 |
| SHA256 | 64dafb3a00c0cdc49486b2c183cead7f2ce203cc8ab4f13fb26c325a6e3049c2 |
| SHA512 | 31625856c9f63422cc182628bca5d4aa141700794cf0bb716f786eb8e0bd6b01b3f9c24d4aef058fff32088dbb600db9a1f0bac7a6c9e4240fa1402fc2106e93 |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | 91cf2a91e37f91f3769f5c2997078962 |
| SHA1 | 88678242e446e053b7e9ed10487e49b974bc8227 |
| SHA256 | 50201330e833163ad5e907f66b2124d74787fde397b11939989a7a373916c561 |
| SHA512 | 6004c506857ee72055dfe3046b5a9d6236a0914da80c400849a128c3e45dff05ff2761282c98dd2d73d1ad17585713494bacf0f37128050188f1f2d2ac34c600 |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | d2eec8a612ad843bafa05cd66f049ba5 |
| SHA1 | 4d8a98db0dfd6e84c42357d757e4b618257b04e4 |
| SHA256 | b5c2724a73902259a9b18499de534b118c93e1063da5e2f0e24810ed582034f1 |
| SHA512 | 97e416ad75e75748cfeeb9ece48963e44b53c7872ceb7e382e1f297cc31851783f97df410d4e2d72c5a62e2047b2bef06ec6daa30cdd7495a1556791c3f71bca |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | f7fac622936d78a99c991b5692499eb0 |
| SHA1 | 5a2b8dd3ead8f9f7ee4de50bf8ba2b7ead2c319f |
| SHA256 | ba62f9eda55ce3a4b2f8d91de1e1596932b9ba7aac95201c72610f7a2fe6caa2 |
| SHA512 | 862fdfb5a65523d539e27d26fb5f3679813a6055f2657ee403718dca33ea9899bb4e6dbc27c4347b2098a6519761db1db44bfe7649938c4a35fb9a53d8448be1 |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | 1ce4481885f1fdd6ca392fce64145cf0 |
| SHA1 | 938bc19574fa332c91818ace20a918f6e7b76d64 |
| SHA256 | cb9aa42c79eec7fe20bb61642616a62c5e1474c2e5fe36dc6bfc41201cc21953 |
| SHA512 | 6fe857efcc324a5c417e69b3a11128827af40d389071bf8d11794aa8ea9f060e58ca1fcdda1fb8cd0a534d9a04f5c64f40b2a5f34445209473797f6afaff3753 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | 7ed9255a6f51cd91945ecf1a06f5361e |
| SHA1 | 631b839d61e0832087082d9fb3e5bb8ac57466dc |
| SHA256 | dc34026b007a363078ca7d8924698bf330e6741e8b729d2ec2455ee24374214c |
| SHA512 | 27072b16ec38b53b6570a78c5f652ca43a28d42df273298a559cf0c95af7971036f4a47b45930694362548c5a9e9916d02385ff14ce4db807b9084c404c280d2 |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | 1eb22c8103ab5e7d1305f140a2935834 |
| SHA1 | e3156c16a75db8af92c2efdbdc710e86f0d24a51 |
| SHA256 | ba86145d40f79cf139b33336a60ccf5c319a7de99740244fc245a001d212f9a0 |
| SHA512 | 45ab1005526d04edc15527ef6479c8413f909b7c986282b43d6165c43f046e38848461ccac1edb499aa3fb786cfb3acfbd2cb8bde52212923cb404f56f134033 |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | 251bcb039a23371640473da1551c4836 |
| SHA1 | 02b299d1ada599f13e561b4171a0f20407cfc1d2 |
| SHA256 | dd04488f8d6b33db15a668fe1f50a2c5a6b29339268ea5eb261a7d3b554e8eaa |
| SHA512 | 0216fba4144ffa8495723bba447241e742a3ae0c052359e1fa169336d89312eca8a33228b012e74f9463cd944eeeb3278958c39682cc936c3795ce4b7e948059 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | 0384d680a58971ca9c0a74af463983ad |
| SHA1 | 87e7760e540ce94855d95a9058bfc556b542a382 |
| SHA256 | c7d30fe368e89e0c66b9f187fd24280f1f73aa89ef8de2008ce8e44af598cc5b |
| SHA512 | 0a7ea15ad22d0b267c74ca2d232738c68cb1cced45704ac6d0639fca71875c46517ce746e514e5a3334b612fc23d86932755703fcd70fb01680643de33458c1a |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | da451d527482bb39698c35dd8fac0664 |
| SHA1 | 8e811e33abbc72b212e24e3fca550f1542a27f56 |
| SHA256 | a3a1511788e8a2bf54e5d339715b2d203028f9fdf81ff0d17b9a7d8b330460b0 |
| SHA512 | 25a4795e0d5e27e96108acc93013e651e37d3c358039bf18a341a6e6b2f2cf9ced91339608780a088252d3d86d611bd9e332988686d67b031a711a5c7c9c083c |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | 973564b6cb6ad3dc15212fb2fc7181d1 |
| SHA1 | 7574cb4cb3bfd720ca45e16c6d892b958c0f9719 |
| SHA256 | 57802c4768ff193c0156fca1270efb5d4d9dce47e3285d19e56eb4152780b037 |
| SHA512 | 420439555366a95be2c91a6f29ac8aea72c6b7ac0f262e7767e1d26a00a6e15060f35c300ea318259c889f6ef871cf3281f1de698642dcb3909e7d52a0cc4a2d |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 36647514d49b2627db99f3178da3a229 |
| SHA1 | 5491e143a6e69d84002b4ccdd823727d50aa4a96 |
| SHA256 | 5cc56a52d9a630221416766731210cae5ec8c18ceba5a8c223f9f17d8e82ecad |
| SHA512 | 180acfdfb762eb516a342997cc0b7de8726903fd316fbe08dd76fdea742f36d4eeb14f50ef1f4695cee994058d7cb2c936b6186b0f3e9975855dcb983452a881 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 590bf922e572ccff3d71f7a347971cfc |
| SHA1 | b742e0b7223d68336d9703998638202857e7682d |
| SHA256 | 1e7b0134e64789f200b10ae356ad58b158bdbd043f3feae88e1a8e40a2b7b1ae |
| SHA512 | ef25f392036ed18c4f37a3a2adfcae04a090afc4da385cbe1c04e853644f1c454b002f9182997b1f94c3b7a60a49995ebe467ffa01a05d4d69c813173608482b |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | d822eea14923f5d34b0839ea37463536 |
| SHA1 | c2b73b4d2c7ebca4a848c7877300d2c648199165 |
| SHA256 | 127b8fe5fd20659039090dd7a2a1a6bc683087f45eae759116280f0a89f09315 |
| SHA512 | c144513440bb79aefd40ab796385d1d4956318340e7501966e927595e026f7ed03ed6dffe3223acce0fa7da50b643ac8873b61d4ce7079eeee3a21bb1cf1d823 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 1bfad32f24a40a8301f32e38c0826aa0 |
| SHA1 | 2bcc6e273324fcfbab9554aa84907593d8236c0e |
| SHA256 | a12a94f1be3eb31d81fd333662de906b79a2720e445aade7a1548c732a5203f3 |
| SHA512 | c1b4c913ef11306a2e84721dff9dec17aaebb27ca13de691d4ea674d50b7c10c7822eb59f3bde5a8e57edad699994fcf0adb63f4188a1e1cdd6ab95f5ea1673c |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 247abe9196615462f1051c68d2be1751 |
| SHA1 | eaff8884308e231b64dc89c8d2c684ea5988b8cf |
| SHA256 | 76bdbe1aec94cc76b8cbc12da4329090b4e5f998b8c67c470df64dce075ba7cd |
| SHA512 | a1e194fc7b9eb3b3db72cfed99c2deefd79267373945644a969d6f4aa3adefa7365ce3fe7d939ec3248c4b4ea1931f4e7ebf28f1e243c7be00f76dd209c08568 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 8eb4fd948a20e5485c7cf52da91d1bbf |
| SHA1 | 35b99068038f9ba4fe0694e8e00e8af1390b66d0 |
| SHA256 | d17c8e5bab16abae67876480559ecf26d277459334f2393a50590deeba16ddad |
| SHA512 | b7d47ba88fd79e98b714ef9a9a3aab6abba8390a4bddffd420765c63f39400a69851590bbf69b6cbc63c9b80f1d64e861556608bf58b3d3a1f9facd824c3dc8e |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | f5447af303a7e9a9ca98b5d9f67510f1 |
| SHA1 | 51f5c8a8cc595bd14a92f54057d3236644b1eba3 |
| SHA256 | 67163ea6f0880745d793cb597e4bcaae6336b1577940c57cce9424641e058e91 |
| SHA512 | 1cd0b8432f348cb04b190a362481c83ad3c1f4c9e8d64388f1ff25a1ab8ef998e8509c366019f1b7be413880ab7503e5ec2baf3d75b0aaeabef6a30ec9b4fe2f |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 7c4a8b4189708aaef36e35fda0853aef |
| SHA1 | cbc7dd054fa46d251c70d1f8bd252f29b95693b6 |
| SHA256 | c67c05e1832f15bca1c1d047f048018b84d92e8ff660634a1718b535b18544ce |
| SHA512 | 423589bc60d338fbb6afce51799f81d99bdbb27fc18239db9c99cef9ecd0fa818e81d90be34e713488557147386f7f72f1c3b4ac10b1c624cd2a2315b6b2b698 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | cfda0f4c412ea9570dd676bb770ec6b9 |
| SHA1 | c8212dae86813f2edbf101ff576e6be020b11c93 |
| SHA256 | 110f5fea6fcb7225b1b21a818792303e30ba5181a9d47d025a3c0663e2f0fcb9 |
| SHA512 | fc5ad3a7b8a7b3f07bdf35afb8e66a41c5a38e3ddfcac56404c12bc9d189ea5345fb90ec257d80bc328143fcb2dea8acda6f87221e8bcca0bf32a552c60af4f1 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 5139ebc7feeeada1c3c893b5fb27d04e |
| SHA1 | b511c9ce79cd196d278c77b30f88e10aaafe8908 |
| SHA256 | 710d1171d2c2044fe09583fdf8efd5db0810b3974ef06e56b94507bf99ef7127 |
| SHA512 | 2d06a6f193397cd6223d0a3e2c330143d3389ae45a8913d5e204e98be813a2d7d1282fef3bc01a1936ca3fff1e327df910194c58332c29373eb2d02f8aaa3737 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 60c9f9f96b32e7db9cb3129e12780eee |
| SHA1 | 29e4e0528230ee38d7b7eded1b742fd61994706d |
| SHA256 | a51a90347aa8ee132fab9f907eade978fcf00efa86119e5985ab2ce2e221af50 |
| SHA512 | adfa994fb3318bd427330a9956c00d61582a14b5c136b2ca6b87559361dcd70b18314144d4413532412cabf0da62edb03555b49cc9a1f4ec0e632dc738f49295 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 3790a88ad297c0986803387941c150dd |
| SHA1 | d4a063252fc855792ac422b98509eaaa4693d141 |
| SHA256 | 3e57fdaca9d5b7c81b28fd1da48b71f4fad10206e1900060a08fb90e983bafa4 |
| SHA512 | 05d098993aa2ebaf419370f297c2725b45f733f284267b06d46420eb58863b25ba6ce7ce528cc7104fa70b20f4b2aac8eec217cb7322fd3fcdcae76fb3d4345c |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 4835f914d84cbf63022e65f3bfee65b3 |
| SHA1 | d796e5a8461b9a06257f9254d4c961ae42710fa6 |
| SHA256 | a95fa28e5e654c60ca4753ce9d97af679fd49826037a6a25b4a7539ce789e896 |
| SHA512 | 59aacfe1efff7b98bcf5a213e1c468a1c961298d3e10b40b07e46a565d1c52d040c5336a3afcea1314e19167dfe8c8c59182f1b22fd14fe130db7b30012d58c8 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | e701b5487ce5526c4f399b0f8e69f81f |
| SHA1 | c70ac88cf50334433073ad1fb62daa016396a02f |
| SHA256 | 22b7afda5fdf547dc0015c0e9469fc09a46269bdedfcea7f950827439ba82e35 |
| SHA512 | 9de394bcbfc6fffa7ada1c618cc6c04f8efba365bfa1afedb5f5d313f92d3a236b42f9f31c67a826c9bf2ec977628059a49e0cf0cc9f15e45be76a8a82ba0dee |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 1027001e958ea6c415a2507b91f359e3 |
| SHA1 | 1e9f839b3e19954cbb1dc6a6caf9a4e8ec8d5f1b |
| SHA256 | 29cd4c5483a1cf64240db72e2c906845f56f37bf71ceb0ebec8545b6577bb48d |
| SHA512 | 7104615ac606f1e7b19b52475ea59d7ee029380d5b6e7571889f5d15f99f2bb0b2ada90edf5134c401b1db8aed183fecf749f61da42e909fbea3f90ae89468b5 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 734d0c78a5b0998ef64aab6839072843 |
| SHA1 | c2fee837cc3a810b4a9740060f56261b24962975 |
| SHA256 | 92ce681a86ce8bfb2ee701ec8ccb7d4f6fb019d76a3eb5ec4eb8c75789a9f6a2 |
| SHA512 | 92d78b2ab932886af5ee49780189ac26c83382e9f337db03412cd8c9ed9b2b5bf8edc2fa920fb9bfbf1d4a5f7706250797224d9ec466409a311196a5a1264408 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 450996c663ca5829822c0c84290d5e91 |
| SHA1 | 676a923fd6e4a30ad53689b2608ebc4795ecc1da |
| SHA256 | a98ab4f75e7cb8feccda9f20d15ff1e4361c955982b0772e760b3b28d63f117b |
| SHA512 | cd691db1b20b17431b827219d769de17ae8d3b133901f0202644f2f91bb217c5fdeb54bf9964972a005fab93e8575eaa36aa00b1cb12271f370f7cd79c1e88c1 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | e1d6358969bd1ad38219a3698739c5c0 |
| SHA1 | cdba6f71ca7cbb5823d218248553d05dcd1e952f |
| SHA256 | dff07412b43035a78000f302ed816a51886e3f31b6d694538240f7835ceb3a48 |
| SHA512 | 3f48cf937c0271792f4b8f79dce18fc8efe2800e8b23634ff4b11b043f76162ae6b5c1c0cc252b6a3c90fe717586b4a52777077e55917bb24863791badecd85b |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 211059008a1da83f28cb37ec3cebb3d8 |
| SHA1 | ce113ebcdf68fe73fbc6c6082318a394ae0d8c59 |
| SHA256 | 90c90d4c4f3eedb80bae87901f5f25c47be6d77515059cc9fa30eb0db4a0c861 |
| SHA512 | 42c78fb00dd5159b5326e9e87417ade5509735cd3b48713978c2386a714537ff33f5cac2911cf89ca1e06a3f31b076f5f21cb393f20ec3c93a34a2383fc75811 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | e007f277957d4c5c03c371b3e27d9563 |
| SHA1 | e841d7e3ac2d9fd29b9d5a5edfa1718374901401 |
| SHA256 | 47f3ad51ff623bf84af4e64facf8712e5819003ed8e4f7015548e533996daf2b |
| SHA512 | 3e2e72f946d191133aac10115f5244859428f25b18eb366c3e0cad0ceb6f6f06ad638f72e9e526c2bbca05628771a0aaacb8d186ac03f00911a32b5ab9e84ef1 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 0c45cfc326ce0f2dee680d6f0ad1e48b |
| SHA1 | 50dd4d5e1cba459350dd2c70a5d5550656116193 |
| SHA256 | 0c8666ab047e38606f94a2211ffd69751fa19b123518cf0298685551709e1191 |
| SHA512 | 4aa2d534899b46829f6ca16d06d58b6331180feeb375c05c697826a10ce97dd281dd09491e7a9c7812f094b8a1c80dee61e0181a21f7cd3deba46ad45ecb0171 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 476fd988c898a38846031e6642628746 |
| SHA1 | dec993cd0b19eb69ea47e744d9381e2d36f2006f |
| SHA256 | b0b9fdaa22b7c038902571b20fbacfc2347510fb015f21ee7dcd269ac0660ef8 |
| SHA512 | be81b971470cff2ce0054c4ef7522b9c20cf7d9666dde44d81fde369dd2c440b36d246a4dfca9de6fd8a23842c156932442b9e2066e20577aac3580112710bb7 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe
| MD5 | 8db9f7cd6f1b81fcc6e50173c53153f8 |
| SHA1 | 14490a5374db67d234df68a425f30b9eeee47b21 |
| SHA256 | 13de7a4da305d6017fdd910bbb178f9fb11ef3753dd2ade77c5cfb407f5182fe |
| SHA512 | c74b99c4a8189e78871c58d0ab5a332a62aa5f6b816561b5472deae48f8abdbfe74b9e29e86c5e3285ca30fbb3aa1ce272c7a78ecf947dcff66f3fa1bfbb5ead |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
| MD5 | 0367fe56cd374b74b4e4441f1c6e5ac1 |
| SHA1 | 0fb795c9bda815275d5350005df8d90323c616d3 |
| SHA256 | 03ba81a8deed010ceb3329fb358f295fc4693919982cc6bd2fee809b1c9f2b89 |
| SHA512 | 3fa083c22b64ea39f6d61ffc691609e7cb1a4b1b36c187503f23098d99a0c0f9cb66d1c88b99dbd881659f0e90cd2ea814ae3cd4785dc6b535f108c09b01960a |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 92ee58fc294daced8efb11ba3b226311 |
| SHA1 | 2256889d39eb2a0de25da4370d4f7558f1e68c28 |
| SHA256 | 5bbf7c405a52b9a5f98fddb3c52bd46a215967cdf447151074aa290ae567157b |
| SHA512 | f07d1b364e2e45ada9ef533c591c18d58e336489e1db5cb6bd62973398b18aea3fc1104e492247404c087cc37871a0e776429a75019a911b190640d32cfe6d38 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | d06762ffebba1954cec445d7c86f0172 |
| SHA1 | 46363f4ed3a59fca9c91edb17da71b93eeb22da3 |
| SHA256 | 7435250c422f4fa781340a3eaac3f14745dba98fccdf54389a5eac12826098e1 |
| SHA512 | 48d09a9a42bcda4897a447b1c41b65263a1bf5176b048accfdad4b2862cfe2a1091ed27841151ae63e88417553b0ed316bf5c887f08abd5ed5691fe831486f9f |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 6a1cb18bc797f4203951bdf857c8eedf |
| SHA1 | e1aaa11655f953b2cb22e73a7f19babd63cdc889 |
| SHA256 | 571fe573a85791546f5f39616b7ab2af5eb5404cd76a9e797254d507edd6af13 |
| SHA512 | c9a1f3de51d96d46a3e3b95b6cf52c98643405ea64f0a399019a101eda7d1daea9ecb7d030437ccbc58f113f3123e92df45e52e5990994c47fd4851f4e64c29d |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
| MD5 | 690d2c6bd0c42ce02dbb158f28f3367a |
| SHA1 | 76d5d71cce74d2e7ab6f049a7afff04de553d854 |
| SHA256 | 6013897301dfa90e280d70c9c98a27445e1a9007bf6bdaef2a3f01100a9c93a4 |
| SHA512 | 6e9068cb75e768c1c00f775da4c08241ce20518dbd8e75d3b0e280ddb43a7c80ea9480cf2ddfbcd983e0f7108e9d31845c69014db9fe79c19f7bc19546b6f33d |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
| MD5 | c728680a0866b1dad6306d01d9a9501a |
| SHA1 | 0fc5f444c01e0e24a5416e32aa1b9cf3dac0a95b |
| SHA256 | 09e5c3eefdc48c1ca10bf9b8c8db38de8d1267ab57cec251ba77ccbb0e188456 |
| SHA512 | 42c177c4e5474b842549f30143f04b2f2388829085fdc2796e12a386a076486358dcba9abd2d4b928b71f3f9f9c977a893fa81aacb810c9efffcd7c559d9104d |