Malware Analysis Report

2024-11-13 14:28

Sample ID 240604-ap4gnsfd46
Target 2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk
SHA256 edf569872f03988bc1792d3c3327e4b317c9f65e708a4139ef2dfec2e43aefe7
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

edf569872f03988bc1792d3c3327e4b317c9f65e708a4139ef2dfec2e43aefe7

Threat Level: Shows suspicious behavior

The file 2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 00:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 00:24

Reported

2024-06-04 00:26

Platform

win7-20240221-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe"

Network

N/A

Files

memory/1464-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 00:24

Reported

2024-06-04 00:26

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\3af64be98beeeac9.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_93484\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_93484\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_93484\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_93484\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-04_49f612d948cea580eddefb13ca5aa0e3_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 54.157.24.8:80 przvgke.biz tcp
US 54.157.24.8:80 przvgke.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 197.86.237.3.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 34.193.97.35:80 fwiwk.biz tcp
US 34.193.97.35:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 35.97.193.34.in-addr.arpa udp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 23.154.80.54.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 3.237.86.197:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 54.80.154.23:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 54.80.154.23:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 3.237.86.197:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 3.237.86.197:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 54.80.154.23:80 xyrgy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 34.193.97.35:80 htwqzczce.biz tcp
US 34.193.97.35:80 htwqzczce.biz tcp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 tcp

Files

memory/3800-0-0x00000000007E0000-0x0000000000840000-memory.dmp

memory/3800-9-0x00000000007E0000-0x0000000000840000-memory.dmp

memory/3800-8-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Windows\System32\alg.exe

MD5 0ee3c21da529626a4a9fcb79e0d2c58c
SHA1 d971c1aa04395832ad9594b502553939a39ca10c
SHA256 f0744e811294b1da1994d1cb3771111ea19f264791aee51c20f880f776764e50
SHA512 34bc6860f958be1a04aa8b51ab80aa6a343199b8c8977686d4ace779bd4a8cff19a7c5001a23ebca89aff02cc32fc17e3fc40172049ce6f464f793017789a016

memory/4436-22-0x0000000000530000-0x0000000000590000-memory.dmp

memory/4436-21-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/4436-13-0x0000000000530000-0x0000000000590000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 2754e461596e6398c9ef13c534dd726b
SHA1 69e441aa22d3c847798c4fcf94c0375e59289a0a
SHA256 97c88e35db2630f74345b163fb26e449b3bc6f1d855971ca46fce1baaec5e8ab
SHA512 a1f65fd26e58e026dfa948f127242a54d51ee16110fe8650b01f9b774dde614fa2cf8fc240ee1fad240c152151ebf125fb86f2701408c58b741ead567b45842f

memory/4944-27-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/4944-28-0x0000000000700000-0x0000000000760000-memory.dmp

memory/4944-36-0x0000000000700000-0x0000000000760000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 d9a48daabbc2765a7d90323807b09fba
SHA1 ef211adec7e83afd295ff59470838fa8279948fe
SHA256 8db5fd8ef46fc65cc821cb39ab6743584ea12cbfa6b615e10bfb90fd0eece31e
SHA512 c1af9a696ba8969e8d2af4f150c862a6bffbdd9e67c9f49703889d7d806b2721260c5166291835702ce9ea66afd91476800fdf567d2b51a7861b4402cf4ec82c

memory/3800-42-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 681502e79f95d25d4299eff60d96db0a
SHA1 08b0850656686bf628212d4725d623bda3415266
SHA256 8fe0cf28bc25d8dd10ae8d60d1094189c8e6699dc8d16f51f8dd13026bbeb622
SHA512 8c6d9060264fc43d560570a28726388b50f8beda166845f9f89b4416b95109803d7195879cd36d9afd5d4d1e0c8875edaca88f9998464fa6318745802d889ae4

memory/5044-51-0x00000000008E0000-0x0000000000940000-memory.dmp

memory/5044-53-0x00000000008E0000-0x0000000000940000-memory.dmp

memory/5044-44-0x00000000008E0000-0x0000000000940000-memory.dmp

memory/5044-50-0x0000000140000000-0x000000014024B000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 06877e735b94dc5c9974acf91ba20da1
SHA1 b8ed539b18c3bfdaaf42b6eff9604ab0cce72788
SHA256 085753209935adeed149f04fa24d80fa8aaede3d52c9b1024075282738e34935
SHA512 d14c2cda5e8ff9aa1a3109cc5fd6b4168d2b9733105c573b6c11fd76f8be3dc45c08462c117a05ceae71ad15f98204c3addd8a3fa5214722998b2ff18f29e34d

memory/5004-56-0x0000000140000000-0x0000000140135000-memory.dmp

memory/3148-64-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 d9ae8d645af7943b37979a3cedbe321b
SHA1 f18a2c669c6bd695203e6547786837ee9149f5b0
SHA256 f89df31f12964ccc74890b79ea09421683bae34995e7167f631b32cd4f09b5fb
SHA512 be457f1170b23bab16e2e8a54cd0bc2b703cac29148cbfe505f3dc29ab5bb62a26673f2abd88b34db4824ede484d2c5e901e4406916544abaf9cd40e48f987f3

memory/1072-74-0x0000000001A60000-0x0000000001AC0000-memory.dmp

memory/3148-78-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1828-97-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1072-96-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/5004-88-0x0000000000D90000-0x0000000000DF0000-memory.dmp

memory/1828-86-0x0000000000420000-0x0000000000480000-memory.dmp

memory/1828-80-0x0000000000420000-0x0000000000480000-memory.dmp

memory/5004-110-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 a73a1156566b98f847dee2eae95dab28
SHA1 f96a69efe8f6030253cb91d6a042757c53623d70
SHA256 d55dfcea8c23e160b4be73ca5df42fdad3510cd0e0efcd3b083d70803c57c77c
SHA512 fbdc608ef0ddc193546651a945c934b98d6774f5c929b6394be1b46657633e83577a65a1e8a63cd5c8a62791817ff8789cab59becdc5fd15019f0405618b2190

memory/1072-68-0x0000000001A60000-0x0000000001AC0000-memory.dmp

memory/3148-58-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 10bf2c0a63cbced99b6763f3fd19e6e2
SHA1 013b1b6070e51d058735651aa8f7a90bc09892ef
SHA256 15b5775eacdc4abd60c96277eb02b8c43b1cac69febc6a4348c8db934871e8b1
SHA512 6ebfd3033c933adbd6d4af9076bea19e06207586c05a45cd112508d9a3ea46e84a983ea65d57215f4c31e589b355789b9d3fde8525ad1678b3c656bc6bfd5fe1

memory/4436-261-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/4944-262-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/5044-263-0x0000000140000000-0x000000014024B000-memory.dmp

memory/3148-266-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1828-267-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7zG.exe

MD5 27700c3ca53ae532df9c40278829b8dd
SHA1 5032d674431616d8b0a259b1d3b66f3defe4bc8d
SHA256 e73b3332c807f20f5e7b506741743aa10ca42566ae4e0ca137387dacc52209d4
SHA512 8e3a4ce049a5a59f9f9e75cf0a61c2e34c4a4eee34a0d5b696862071ba6303482319a6e0b05a3f9e1676f9cb295df384fad215452ecf5160c6ff5b5fc0633412

C:\Program Files\7-Zip\7zFM.exe

MD5 5634e90c1320c8111b1843759946c7df
SHA1 edcc8c5bbaf107397bdae92be8e0fb307559198e
SHA256 c20c72ec6b40f847c0bc046867decc2456628024a34f65f68f61a3c984eb1d40
SHA512 55473ae646e6ae87d792b243afb820cd4f81cd664a62f72464fb514357c9e49f1ebc81b1df1f3d410b0cab80cc9f6ee6a49f8245b63de3380a530d6b1b65499b

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 7142396c98889c199462f939fcefe51a
SHA1 edb19e86f3534a0530d703f26d0eb4239fb298f0
SHA256 078c4dac0d9b37acce221056c0955c988b3ba4908225bdb69046dccf6e30b79d
SHA512 95a139916fa7e9d538a36a3eea3f2111ee32838b859516d4820dac4376bdd2c0198bc2201042e67e40cc8fb7c5328e198ea7adcd0e3a45621a61b57506498262

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 dff63e8308ee8f3e12fdbd292af4639e
SHA1 6099192138cad6f9ec6f1f1f641d2514b9ad7aac
SHA256 a898a7d6f114f8fddb56aa052769f376bcc56247cc5fb06dfb3d2cbe5943a74e
SHA512 3a9a7564be661d83f3bf6135e38485fea1654dafd2590dd9f19e40374aba404f0c9a442ad8c76574c2bae3981e1f451b7b64ebf59a8498d9a94e8c5a1f11aeec

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 c6fbdfa077c3f86b1881bae8ade1d1ae
SHA1 d67e03de00e20f376b8bf5deb4294d846d5d7a9b
SHA256 8ad6318605157128bacd9bb05c57ccd784ff63934120817fe0b084803d3d1132
SHA512 6cc9af17755034c4a1998932b3aeed9dc8098013c98e5a276bba493ea579a4f1a907808d7bec0ab9188147a4e58c419673de543241f3b494d8ddf0a578675de9

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 cd3c657e6a8249ebca3e452f183124d3
SHA1 f37d353378ab4f5213263eba42ec70a400f94a8e
SHA256 cc19e2255c5786e8da2898c5fcb389601707bb4c26a6e08f03f98c0ebe8a1f45
SHA512 620f47280d8c94d070e89c9ff80e2bc5f6d68148c8471ec587611ffa6479be8e201e06e21ad1bec8481a5b3b1b5e6451f3458e6934ec4cd21e1b41d899124123

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 52dfd11e08ab1e2abdc18c76599725ff
SHA1 866fe7a2304d5e1426b8d51df7e64e79a5d771c2
SHA256 0d5d57f0e4863da205e1dd43c0520fef56603c9b2ced903d5b4bfbd2feed6af0
SHA512 863de43772cbf0b9b9da62e1cf0ebd6c2aae0bd14ba8e3e2c7a32d2efa54153c5294ec85ed084a14f09dd82fcad71b86ba5f71af47bd21a60398d61aea62ea06

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 fcc3e3473ff5d7f6bf8344bc9db6d0bd
SHA1 df8489474c8da917364d931d802e2aba79530f8a
SHA256 0c838756c44ae1642775a2199cc1dd8ee0be78863daf1ad7275be8bce3ab7f6e
SHA512 f4deec422b2410c8906219cc65f1106fb6e28e436d3f655e03309a0e2d9ba8ede7d9e0b8a8eeabcf53ded36c28ceb3c88426e7ee7f608aab2c82021da49ea44e

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 118338b4b4f4a964207dcbdfb161a92a
SHA1 5cc6702a0eac6f9c39c25e6d640ef85ff483b8b2
SHA256 feee6760f25c7979546dc70f45eeeb15f39349176d4ff5a2c30fec527c80a790
SHA512 37c418d879b0501819b74cf670bf3d4e890d70992499eedd30f30f2bfe4dda0c4f600037fab94a83484a3368d51cb57d26a1c6297176e5ae09c6f52b1dc81884

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 c7f2397deb5a2695a7a994d33538712d
SHA1 54bcd02467a2d78a8b391721ef3edfbb56f555a4
SHA256 612be123ef743d967ce0099acbba3661f2531b15269c8498ab3023fa084a4653
SHA512 d3635d2702d8614cd2f68b38828092bcb5b1585ff8f02c632f52b4ed4ff33ccb43e67b7d3e55abc260d831b31a81af6fd6809f6822d5db913b93d822217f7c4a

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 9a97c9b15f36bf6aba8a56ae05df5289
SHA1 94f5ee414f1a1a40ddfaa1928ec5794b73a05888
SHA256 a60baabbaf05ef41ad3293dd0d556be3cc90b20c6adfd89d9c392292629eedb3
SHA512 c2154cdb14cb9128c201464676a45e226c742e28c4af2adcb3c3c468cfdab3982395e086f55606459d7f5611e396eef527aa62dfa5daa41b4846479b71d80d70

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 c0aceee7b85e423d08d4592fa8dc3f08
SHA1 c8098267849d50e81e52531646c52bbc91821f75
SHA256 026e16ec2558789939d1bcd1d558dd8fe21fc2307d500037fc27ff4d19df897d
SHA512 8c71412efa92d840c1f0af107dbe634840e7133fd4107ed92dfccbefb927577bead414bdae1e344bc0121534979d98a80d6aa9821afa29d55538b66c364ac2c2

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 8b534a8def658da5502aa1483a49c235
SHA1 dec2b5e04474ddc1b5ed7a561712f1e3ab5971f0
SHA256 b0b8b776cc80589e192e2d2e28f8e0b44a39e2c322281be9ecd22a198bd87fa2
SHA512 680805726cf472cc0142ff372287a81765a4a79e872d8fd084726450c9724526cd3ac1c48b750fca4741fcfe01d1114cfd100eb79b22f3919ce854a33e9189a0

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 50c070bdfcd13102626c316ab3226673
SHA1 4ed8d7a3bae95d68e5f0662f2cb43e07c8426824
SHA256 c4895b58b0ca6d608cf5393d4bc2ea9275c85a268a0c5e8f7423a09bd6a767ea
SHA512 a8583bba1cb3a35ec3202191c03505d5907f7edf3ed62582510ee7ea6aeaba14c3dd7f9116b01bf23b94e5b644d0494d218746e25438952177b0b7224b203aa5

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 e5f9136e1b79805d1b959754cce4a21c
SHA1 ff6cee9d1a9ff117ff5690f3dfa306781a486f1d
SHA256 a6a7b69e86d67474249ddc0120a30be68f80c71445313716c32cf85af8b2c803
SHA512 21786e1d5af8d588a9d47ad0b2a54fa4fd83179d837db280d4f9e48d49f0e88d6165fbe8853a210463a0cf5aa7edc39392dbd8900a654d00610657289d4a390c

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 867d063a7bc38ce344bf7428dd867738
SHA1 5933401c72a56b76af35c2dbb0cbb5dae2fa21ef
SHA256 d2b618e9bf92a51156eba54cb9efe0da5211e55a8993dd41d130d560c41b1973
SHA512 a12d0359d76850ca0412c274f54c64155fd3f6f7ce68ae9b6506de5b62b8b4ad85a44fb9eb1d1c8619839f5d69000f111cba5cc313c3232806ffa20f184068ff

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 3ef67f31967fc20296750c69c18121c0
SHA1 264b8eefec7eb0fedf68e1095be7898b3f464c56
SHA256 2a0d8c455ce547867e3a39ddbaaf065d95872d02b1ea3b8bf2ae234561c90d4f
SHA512 203978824b28f218af01fa8d026fc5e1769c219074648f455ee0acc19ec80736f4485c7be7f131f56f5eef400a2eab48563a9f7f7e8b828242deb5d17729d097

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 e79734d35401c7b57735016c4ed438a4
SHA1 81e3681d722de3b61ef93e6e5b0c562bc473a7f0
SHA256 66083cb3eea21c47487bf5d41c7c0c4751db1f6a4c0de91d34bd2d9218ea5c40
SHA512 12666c50457e6096dbfa40cd099069203b21d5db8d48bc900b33aa1ff267816b103e1dfef0159cbb2b37f0a63cedeb6f441b57460afa605d06ba29dc397b8fe5

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 c7cc827b2654f53dcf08434a601a53e3
SHA1 632786d673598ca074e58302857e3f125c132d04
SHA256 f0cfaee5f5ac17a8d2e0517893be432d6be82d0c3026dbf11e7315cc34a04d26
SHA512 ee8dc0190005fa0c368e20ebfbd55b3500edb2262dcf7c4563f0d1319b8c5f2028e9bf485924372a58dd9896619d6d4381f26dc9357015c685d03f8d423269d2

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 cb2a04b157547546f4b301b5e93db788
SHA1 6322cc6112af464fafd49a1414aad9e0e5217f2f
SHA256 b4a01fef971e7ab6a6a273fec7bcfdf0191386eb85a8e2bd65fcc359b166e8ac
SHA512 e19f62f5dca681c1697cf3dfc3563953c76465bc7f2fe21079ad5bf9cbc6a783ba70083b2094d8fbf868971a392fc0ed25ffdbbcb8a897a84ed0ec6b006669d3

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 928929a5384c7183916df65ccd595cf6
SHA1 fbe8260a90ab808f7cded13114efc47b082732c7
SHA256 53ff89662413499e20620ee6d9dc2c9bda5dc4c266370c51b11291bf7a2cb54b
SHA512 5fb0802b36c606cd93454b671702bf1bf4456d441fa10d5dd0db56e719c31662ca8db42817f274509ebb9669eb52d635750239b3f92140fb42512b091fbd0e78

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 e93f00d144c08690ff5e5632b2827b0f
SHA1 fdda616ea0cc64e1686e6473905ff97617a9d870
SHA256 f7dd0c8a2171de965d6c014a85e7164a9aa6d5a1e27cc002a82088984c41806e
SHA512 fccedb6c7bc4187f0bc20077a182de22fead483d07eaa8fe629b4b27d2f4a13d23a246bc6f8acc569164c18ce89594b4f3537d3474bc2d8ace383aa70d3c294c

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 d670835d485129392b185aa0b8567dfa
SHA1 5300372976400970829f4c1667aded5ddde3c2c1
SHA256 c96caee7bad2eee743ae00df44176754b4db976a84d8517baeead9cff286ba61
SHA512 a05cd5ca1d6cd00332b068da731f17a0070360bf181e149b6c5303e2776e0cb20bff54f04656f93eeaf8b4b04b6bf3505f72cd8fd536322e30b57fef3d89fc0a

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 148b427df7174c158402b2b5ee2266c0
SHA1 a147162bff8d713091887b7f32810e5a41c9b4f1
SHA256 83bfcbe5018dd21ed00f11de1b7995ff143bd7d4ab49b4757d33adf7fb9fe995
SHA512 19b7943c4a12ff64ba14fe3ac84885663dfedc388bf34eb7b971306ff60599a61b5440eb7938555609dba0327778880d401131b62622f7cc8bb1f2df2eccff6a

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 c7a6ff15a29f5ea9b19ab29955c42743
SHA1 95229defa3cc9f5b09754b749ffc36772a26b3a5
SHA256 c38ac1ec1bd838a02fe2850ed3e6cf9613597123c5eb077de397e9091848a905
SHA512 5ddcddcba2195375f58a00f96c0073721f794933958712df5af7f9a3ac7322971cb7f39a7721d0d375d77377d687d42b92e57ce76e16e973a487133cec507ab6

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 8b89955646db58a6d90b8cc159823b2f
SHA1 bb951ce17feca9d4abce807112e558c2969b9f70
SHA256 cbd626fac72126646edc50b349df6c912ff868bf2a9adc465a326dfe5233be7f
SHA512 733b0003f4ad2befb87641b0312fb114de714e684f864604bd6bcdf5395862732b24e2989f5cec9a86c8db062ad4d1c20190870c353960a0bffd93a6d2850f96

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 af39beb9daa6d0cc0db161194297519a
SHA1 3bd9f7bad03e19b19c01875e60925d609a86bd35
SHA256 0df470f6690e9b4594849d4b32e5572c8c85e29806e0caab97115d28fc817e6d
SHA512 1388a3b781c24c52e7bf6c10cf083fadabafac9cd268d1bce9eef8801c781df56f27bc6576524e4a9e9b5d533c73cabc98c9e1cf09c1e3dbcdecee22753dc7ca

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 4ba3addf8c9615d82c3ae2cc5c1b4dac
SHA1 9cc44de70739ca50bdd92b5a9604986f0aabb5f5
SHA256 557585e237fbcef5c8150a1521b6136b4d202d98dea7931dadc5841babf5957f
SHA512 bd93ab3a6a9568ee6f56f45df645d8c88dd97a1009cc25f7a367acd8adc9e99521dce48337e5406eb4ea0074f796a3c5b456b623d1edb41ed966182d77d98c64

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 0a0b9a2e4b904345b0870b4f03d2c67a
SHA1 e51ce31830ccf6cbc546683e0deb161d2ffb4102
SHA256 cfc7a80d8c6674214fc4dae19b42df5ab676e74add739623eaf8eb431c1b214f
SHA512 55e0aa3a77dcbf37733552a0fef5ecd7120b951ec9b50643429250752e87bcfca8dddfbae85ccdd5fc245f700222c48cf854ebdf623bf70c8f8456d9d6a22de5

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 5ea31671f0c96795a067ed5127cf796a
SHA1 9c319d287f5ea409b6825c1701cfa007277e0d30
SHA256 8bbbd89fda1d61971fc5734d72fcddf116efa27fe083758c175d563ca77416ab
SHA512 6c83585790abb1a2782ea9520936bae49196a54b8c28109bb5e8c5949ef78a6c5646799845e5d8e8e3c9bf0e46d8c5a81cd2cf398eb586b7ab04ad03838da8bf

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 931b08241caa6bdc1c7626eb343f2552
SHA1 38191378fc9b67da69d7ad973d51ae72db9b0c5f
SHA256 2bd026d37e32a45732a4460e853ba2acdf1273992eec2113372589883b7a3f7b
SHA512 d7dfb901785b7bde853b211955f627184a925d67cab78d17472af19f40e7021cca091749535e086166f7b4b904c86c45156bd06b5b0694b0ddffd6ae8fe491ab

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 0e951ddb37c65410eb163931f3e6f437
SHA1 7fbc4980fb297a1036233fd5d1f42030c58d40d3
SHA256 04bd5587d80ee752f0cafa02d06bea2cbf85f3f02d6fd88afef1f935520be5a0
SHA512 04727dea878477daf3f1507bb5b797afc7bdb8cdbe3693f4117d2fffde2bb31937cd2a517cadc1a5256cd06ab5a2c7f2aa1cf60dd7cb3b078da8295567547ab9

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 25b586b8dcc4f37cbf243db97a2e7f2a
SHA1 01fef6e3f47411f0075c7bacf00d7b3beed57b8d
SHA256 d2d42c03ee8b6cef8faddbc9509e16e2b95150414ac63ee200b251dff2f9c94a
SHA512 1c8da1227f95f244437f312fa81272d55010ed427fefae88d23d37209dbfbca9a108d9c8e24330a8eb8806cd82ec6352755c3db26f328945473137a7da9d52a9

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 a40ba14c6fa17285854ed9c73228bca8
SHA1 53115d33dcf90d41b75516f7978f29b5c1c3b1fb
SHA256 e42977feeb64a2aedd98b0cd32f710125d4f39d59e47ce5bca0f9b677d7d294f
SHA512 9f6afbafccfd7795624c51c7289e9654de5667f96f4f55b275c75b4295269ad0cf9388f80ee0712d10a862fa4189ed1ca35f7b4dd30ebf8885c295c5d2ae36de

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 15542388caf349e61149407005e47a5f
SHA1 5ac801768b40c57280d3afa3b96377d8e2aef406
SHA256 794cca843cae518f6581e9b2b40567590fcd28d97a53082230e0842f06290d2d
SHA512 f317cb6a1375ff05c3c91ebdac72ece256d292dba07e0c92f71acdd5ee27d92910bc26845d19c3b283ff1509655df696279fcf9b7183f70fca5c2dd8fec57518

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 e49e5b5b962194449f1efcd2daee872a
SHA1 3136390a86849375b527b4ddb3f5418cb4bb13de
SHA256 807c1ac7229278e6fe3295a9792385dc51e69a74958f27a7d4fcb3be6361f35f
SHA512 3a3c046991b9a87c930b9d9e47af4bd28de69448a45dcd6810b5f4312db26d27da1d49eaad5b53bdcfa267ce77c374ff256890ba3eefed076732458df59a1405

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 2125c13c21f81fa565a91f031a36b94f
SHA1 b92a0f395f0d1fb6e434b35e22aaceaccb37a500
SHA256 a88ae11fb7f9df83476a32ff012961b4137cd1047ea5ca9387707b4181bafe93
SHA512 9d8a1f290ebf40d9fc9d145d3118f9d2e25470d268ceee8c16d0276edc137a54d7e708675cb83110aaf148765b0afd4d14ea1d60a19780d31ebaa130db003691

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 cd82a7d51d8934dc94a83e94ff3e63dc
SHA1 7d3c82bba798c8d089de99c1391c672ebf1fca8e
SHA256 928df8370b2733f1459960383729af4c5d75573f923190f27fc3377fd287b2ff
SHA512 8c33a79965017608ea83f6b0be466c1abb2a606b7f72bfc47138fa115991be6fc3e961b5e9244a2df8d78dee403e8ca5d13d6224b2f835e86011049e5070ddf8

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 5d016f567f28239a3238a5dde7808670
SHA1 ec2995ac5ab92cdae9e70fb412d5cf36df44b49d
SHA256 4bb9e1f653187da7047daed059b24948849a7eb76d61d93a22fa7db09a9b0900
SHA512 2263977890e8103e9415d5ec4d11f0e2ac4d316d03dff9c028c39cc3a6f2dea07f4a36e1fcb137d5fcc975c2a299338c608a1915680634d30d0e3d3df5a167f3

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 e8efc4a2f147cc8a8d799e6102776758
SHA1 e081cf5dc071421a19f85fe4fc2201aefd936ef7
SHA256 f54e0f25adc7bb880c936df37f3a6473ad50fe4a9819b5d77132e46f6f430e9d
SHA512 26f7a68974d587c4c5b8d367225d288cd644e61109a054614628f60112187db9cca54f9bf4a15fa2a62de492497e73b41305e93f6010aeeb7b998e43ec3835cb

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 a36ac2c520b3cf18f4367c3882fcfc71
SHA1 c56021acbdcfbc2f307ed4d3bd02cbff4fc0c778
SHA256 9510c616c30836243c56f9bbad4497aa6bfb9871cf0639592b439b12dcb093c3
SHA512 74a27075d9217e4ca941784675138f7d11672ac00e2e8817373d3200730f42e3f1037e94166411c0a31005339c00ba7171c2ea990bdcf8036240935a1ade6aa2

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 53ddac023b441b8706fc223794e0d588
SHA1 229f1e278a8a57ba8ce639ef68e4c422cf670ce6
SHA256 e4601a9e84e24d48040168d5f0807c9839f9bc8b32dc7c70d06d9f7c9dd47b4a
SHA512 292e5545dd7c5952f6599a3b76b2ac770454b1ae3a97df1b3514c6d11de7ca45f01eacc4e6e80f5e2fbd69be850a2271af785053f376a064269c38f24dd1eec7

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 c16ddfc8bf25f02702889519e9635ab4
SHA1 413a5eb8708157bea80f1f05596edb07d0fabe8d
SHA256 d42749e9ce91ccf086bd06e6e7dd64c93ba6d96e41c514e2364a96e72a5e9b5c
SHA512 45f6972277c7e5cc42b3062f59c6d36af2bd6b89ee241cb82964de501e81d52d547a0790f117f2498d8d5ef301585211ad133918c30862e56b723d194b17aa78

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 5666247961c8df58b26709eb88f9edcf
SHA1 25bee3187086e88e34bdbebe73cf6c5850daf3fa
SHA256 9e4111eac4301e39185574237fa7b468251190b07b09e37da5bd02952531ed8d
SHA512 c29519c714eb0c074435dc9ed87d37f9508981eac96156653bc591a6cbd1cf878c35ef540ef21c8ecb519f9e8edaef26d9f63972ad1936fbe67834b52cc133f0

C:\Program Files\dotnet\dotnet.exe

MD5 cabf47872fdaf2c12ae93eb0e1615350
SHA1 3b5566c00c85b390361aff28b0599da914ca13d9
SHA256 ddc360be8c4efb0abd3d14358363dec76f329e8af9ad19b6a29c5fb811ba57d4
SHA512 fe956ce7f91b5bfa15bd6de58310013b8baa0023558c55a24782e236b3f38631fd3b7c00b339342154838f6269d8dfb53482d144a508abe5020cf507d5f620df

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 f9ca9662dc303b1bc539334ae8b6be0f
SHA1 932f761337b916d7ee351dadd448e7663cbf7847
SHA256 60a2c869e52f4e42b9fa0036aa9e1b9b30c34276658d3f4cc03e8b3984c3d081
SHA512 8ecb544abd86789293cd13dbd8bc61b9e51b60c49b3f2281abc1f91746d290615a7436e460349299de1e78bd745cd702ed2c69ca588771436889e768a8421e0c

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 29301cc122a58cbf9f425b6765c166c8
SHA1 cf6d740f82a742066204f02cb48a8b0bc667e7be
SHA256 9ab45891abf42c01dab77534d4bce4c8464f0036d026330acf485326b2c7355c
SHA512 e15a27f69c1c54872451241ffe1fcca5ccb043451ec3069b5f72676745b8b78c20d2ee1d70d03edfa59bd282e7e1407d930d2ba0d396ec5ab425d7b4e08e23fa

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 4e4ac9596174f209caf2a75f4ac2a3d3
SHA1 fef7eca775adf5f902c3db90c73378d9cb0884be
SHA256 37b42a6b0c73c3d885c2a1f0bebcec1ccba922c7d3bb1d0942834457d032ccbb
SHA512 e0570cb688ca899ed0f16e09dd6fe2d8abae33aa1bfc6dbd5779668fa81241021baeaac2841c5070e598475498db23ade00515bc67c55fe9f2a6f28183977fc7

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 a878de79fa9abe47d567fece90878feb
SHA1 c3bc83c44663298c174e8cfcb17583adf9cdaedb
SHA256 462d01b13c824597a9a1e9c1dba1a1ab0e311a84ad5be7ccd5db63f9b658c2b8
SHA512 50462f02157a11feccedf05c27bdabf50ddceefbd2b047b108bfe82183510cf3f3d765cedf2b7d69737e2e776aa9ead65a428ff008635262e52539852e1dd6da

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 fb9a9443b9246a7c69328c1afc0ac6e4
SHA1 dee6789f4b3c9a5bee3708306f97c022c7bb7b9f
SHA256 e021731a295f8b009b8dc296d4ce260f34f5e03bc39188d5c6458d94f8f77d58
SHA512 463b93b8c58b3798e100b4bca311a655df8d59d0eb4eb17d6976df502fd3bc98fb2bb99043f772fa8fce02fed007ba70c9250fc5c58668b12fea05a11c36f80c

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 b9923c85c6b646924c3f0df528367607
SHA1 5c83618c8071efe7d26c4a5ac98703397140db4c
SHA256 7e1ba0480110b7014f656fe9c45b543d1c46db6458c9eaf3d8f8120a16a878e9
SHA512 de65340ddab0e08643388173d3afd5b9fc7a697175c89d4dd6db4d0f8a7ef957ea97803269e1870c6d72cec6e014d6661485d6c479c334c312e6c0753513355c

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 6d8a1659a53ade85d964af10f421d2b7
SHA1 b1e3b0f5077909db849ef6d8062a8cb7bb799282
SHA256 9fc2c7210dc95d6c5bee91732d0e277a6c8f998bafc37790e7bf5aa34215e484
SHA512 9af5e11e45f1275df3d57a11662e6f574b25f4092fd80df6733307a219253fd6fc8fd5093264231fcc0e28bbe824314a4d241590888a06f7bea558b722a7cf45

C:\Program Files\7-Zip\Uninstall.exe

MD5 b954d5d091debb37458ac2cd066915ab
SHA1 38f54a1847aa3d0a0b5b31745b1b72168d884e78
SHA256 1599fade065c9399210ab6ccda9726f3a8f003ee2d87cfc3d7ddd24cc89c7840
SHA512 5507d523ea99775f9dfce5f88ecea2ffafb107603c850d65405d709e5f011032edcedc3276b2a9e8adeb826bee00bd5cb61887b85d7a53e5585b518d7d1765c4

C:\Program Files\7-Zip\7z.exe

MD5 db1415e9dc47142badfeb1c62b9390df
SHA1 d9931eb35aa1b178addd8754494d9de349f27837
SHA256 cbcd5396be91b4a900b117907dd9f6c527042c14f61bf979b5b4894387aa66aa
SHA512 4bd9770b77f76c2f6ede75a3656ea2ce6ca30b53a0031454a66a5b0e1b53799d3d124eb51e807cae9b50e556a67751033e0301f39fb7039c495964e551dd1fca