Malware Analysis Report

2025-06-15 20:00

Sample ID 240611-wfg3zavgpd
Target 2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk
SHA256 f1d4b51336e5163484316e225cbee095a06fd298c1ad2108bc45fbfaebec389f
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f1d4b51336e5163484316e225cbee095a06fd298c1ad2108bc45fbfaebec389f

Threat Level: Shows suspicious behavior

The file 2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 17:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 17:51

Reported

2024-06-11 17:54

Platform

win7-20240215-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe"

Network

N/A

Files

memory/3000-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 17:51

Reported

2024-06-11 17:54

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\916e3644bb5459c0.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\System32\alg.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-11_4e8415667dbc0fece71985aa204646a0_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 54.157.24.8:80 przvgke.biz tcp
US 54.157.24.8:80 przvgke.biz tcp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 44.221.84.105:80 saytjshyf.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 44.208.124.139:80 fwiwk.biz tcp
US 44.208.124.139:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 139.124.208.44.in-addr.arpa udp
US 8.8.8.8:53 deoci.biz udp
US 18.208.156.248:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 18.208.156.248:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 44.221.84.105:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 18.208.156.248:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 44.221.84.105:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 18.208.156.248:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 18.208.156.248:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 44.221.84.105:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 44.221.84.105:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 18.208.156.248:80 xyrgy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 54.157.24.8:80 htwqzczce.biz tcp
US 54.157.24.8:80 htwqzczce.biz tcp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
US 34.218.204.173:80 qncdaagct.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 18.208.156.248:80 cjvgcl.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 44.221.84.105:80 neazudmrq.biz tcp
US 8.8.8.8:53 pgfsvwx.biz udp
US 18.208.156.248:80 pgfsvwx.biz tcp
US 8.8.8.8:53 aatcwo.biz udp
US 34.218.204.173:80 aatcwo.biz tcp
US 8.8.8.8:53 kcyvxytog.biz udp
US 18.208.156.248:80 kcyvxytog.biz tcp
US 8.8.8.8:53 nwdnxrd.biz udp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 8.8.8.8:53 ereplfx.biz udp
US 44.213.104.86:80 ereplfx.biz tcp
US 8.8.8.8:53 ptrim.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 8.8.8.8:53 znwbniskf.biz udp
US 34.218.204.173:80 znwbniskf.biz tcp
US 8.8.8.8:53 cpclnad.biz udp
US 44.221.84.105:80 cpclnad.biz tcp
US 8.8.8.8:53 mjheo.biz udp
US 44.221.84.105:80 mjheo.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 jifai.biz udp
US 44.221.84.105:80 jifai.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 8.8.8.8:53 uevrpr.biz udp
US 44.213.104.86:80 uevrpr.biz tcp
US 8.8.8.8:53 fgajqjyhr.biz udp
US 34.211.97.45:80 fgajqjyhr.biz tcp
US 8.8.8.8:53 hagujcj.biz udp
US 18.208.156.248:80 hagujcj.biz tcp
US 8.8.8.8:53 sctmku.biz udp
US 35.164.78.200:80 sctmku.biz tcp
US 8.8.8.8:53 cwyfknmwh.biz udp
US 8.8.8.8:53 qcrsp.biz udp
US 34.211.97.45:80 qcrsp.biz tcp
US 8.8.8.8:53 sewlqwcd.biz udp
US 44.221.84.105:80 sewlqwcd.biz tcp
US 8.8.8.8:53 dyjdrp.biz udp
US 54.244.188.177:80 dyjdrp.biz tcp
US 8.8.8.8:53 napws.biz udp
US 35.164.78.200:80 napws.biz tcp
US 8.8.8.8:53 qvuhsaqa.biz udp
US 54.244.188.177:80 qvuhsaqa.biz tcp
US 8.8.8.8:53 apzzls.biz udp
US 34.211.97.45:80 apzzls.biz tcp
US 8.8.8.8:53 krnsmlmvd.biz udp
US 34.218.204.173:80 krnsmlmvd.biz tcp
US 8.8.8.8:53 nlscndwp.biz udp
US 54.244.188.177:80 nlscndwp.biz tcp
US 8.8.8.8:53 bzkysubds.biz udp
US 3.94.10.34:80 bzkysubds.biz tcp
US 8.8.8.8:53 ltpqsnu.biz udp
US 18.208.156.248:80 ltpqsnu.biz tcp
US 8.8.8.8:53 udp
US 44.213.104.86:80 tcp
US 8.8.8.8:53 udp
US 3.94.10.34:80 tcp
US 8.8.8.8:53 udp
US 35.164.78.200:80 tcp

Files

memory/1004-0-0x0000000000510000-0x0000000000570000-memory.dmp

memory/1004-9-0x0000000000510000-0x0000000000570000-memory.dmp

memory/1004-8-0x0000000140000000-0x0000000140248000-memory.dmp

memory/244-13-0x00000000006E0000-0x0000000000740000-memory.dmp

C:\Windows\System32\alg.exe

MD5 85e4f828307fc372fc0e5179498d0eba
SHA1 f704bae649cb0b38f69c5609c758ae1e7c393df9
SHA256 fe9ebbb7aa16dad483a27ef97746e2062eb330993fa99c4737703428e3f7d3e2
SHA512 332829803cb98ea5b46b0266ea70dde85ca72bc0ba78715fa3c3861c8e54b484ea6a926b930deb174cd1505c2c59c8f4dfbdb56ba4936b9153c2ff10a19c864a

memory/244-24-0x00000000006E0000-0x0000000000740000-memory.dmp

memory/1424-33-0x00000000006B0000-0x0000000000710000-memory.dmp

memory/1424-35-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/1424-27-0x00000000006B0000-0x0000000000710000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 8623a8fd9f10497d0ab312b5c92ffdf2
SHA1 ff62fcbda4764c0eda37cd28876fd79e8041ee73
SHA256 7e49d98ab7178b5a8e34d2d169bd8cdfff40accc71d65fa43318793ebc372e96
SHA512 4f8099119cd7d9d0cd4e5b2e4cbc8208358a48532139899a7bfa66daf01a8cbf3d3a9f176305e71d96a16520c8c2a10f4cb71138ecb5ebe366ffa70656226f0b

memory/244-23-0x0000000140000000-0x00000001400AA000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 4e78126035cadd35cdb05b53b62687a7
SHA1 10f7fe27c8ea28f44aac069c9576c671755cd750
SHA256 e04d8582177bcd849d2effba71c7c1cb15d50bd92ba623727670722c303873a4
SHA512 5975a8626147fe3f2df8d3a79e72b86afdf31e41c48943dd88b2c40a5434c82dd9ff852669c99620300034658fe4f4057f7a2f056a86b80e015ee8cb4bc2be11

memory/4780-47-0x0000000000930000-0x0000000000990000-memory.dmp

memory/4780-38-0x0000000000930000-0x0000000000990000-memory.dmp

memory/4780-46-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4780-48-0x0000000000930000-0x0000000000990000-memory.dmp

memory/4780-50-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 a8204c76e843b7d289d440689d0088d8
SHA1 b2750a99b6cc33d5f2de9239a54ae2938f444371
SHA256 1d1ad4040530e11fd1c9ac6c9156f90472742e1e43d9e3ba2325ef19c325c356
SHA512 97e9b571798d4cd79d2b86ee66c1d5c3cbbe5e6ecd6d74f55caf0d193760906320eeb9617ffd50a287b9ac489afeeead4c2405cf3009c1d71ff0b1dc349aca3a

C:\Windows\system32\AppVClient.exe

MD5 e25893916fbde8c7a9f1957ddfc967ca
SHA1 0ef41dfb7aa6b0c52850ca082ea955839fd86c2c
SHA256 51f368df6d67ba6842e9fea3fc30e4ffd0f577effa2d8cd99c95049733f0ffa4
SHA512 875d7ee14cabfdad4650ec3d66c665ef335340e322885736f28253d548f04899e6eaf139bec6c15ba4c5ab9a09e668e2f2e8390d5420eb49fd790b857c55705d

memory/3756-63-0x0000000000510000-0x0000000000570000-memory.dmp

memory/1004-66-0x0000000140000000-0x0000000140248000-memory.dmp

memory/3756-65-0x0000000140000000-0x000000014024B000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 bf9b6010e8d7f511f139de14f9a12728
SHA1 b60ddc4412c5e504bf50ec049ef8e87ed3b67aae
SHA256 9085b8f647c41ca07d8d5a4ccd3160f7c3e383e07d5fe73ae766004d3b03c291
SHA512 8c8fb74eadaa9ee0cf350bf1d48d705bc4f2dc0fb6cf03ec097b70c64e17647194dc7839535142ec51638cfe5e09201968a230f5ac5cb1888af5d55cce6810bb

memory/3100-75-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/3100-78-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3100-69-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 50222534f00ae97325a03946ae8276af
SHA1 a993bc1428a69323e09ab1873c40748221b14f6b
SHA256 6a4b02d08bc6c582b190910718c4515ba172be13d108e684b0d56f2cafe58a38
SHA512 677b9cfbded4728cb2276c044820062eb23dabccb9f4581b8c57c0e2afbd255090b7b16e1c5b40922ac5b328df26261265ec71180ea05aa88b455fd0075d343e

memory/2336-81-0x0000000001D10000-0x0000000001D70000-memory.dmp

memory/2336-87-0x0000000001D10000-0x0000000001D70000-memory.dmp

memory/2336-80-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2336-91-0x0000000001D10000-0x0000000001D70000-memory.dmp

memory/2336-93-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/4648-95-0x00000000007F0000-0x0000000000850000-memory.dmp

memory/4648-103-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 7f3217cdc28183e044998bff06be8fc2
SHA1 f8510a11ccb1d480d5d169f217de79dc8d219f58
SHA256 dd86d29079c229901037d65c4352aeacea80eb65e9d0529b8edfa33039cb01a3
SHA512 8e19a1bf1abf6092ffa259006a852e2ff33fc4194dbc2b62f5497e478b579b21f91727ba1d6600ef74f4b2bd8cca9557660cfc74876e9ee0e7a842953d13e456

memory/244-262-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/3756-265-0x0000000140000000-0x000000014024B000-memory.dmp

memory/3100-266-0x0000000140000000-0x000000014022B000-memory.dmp

memory/4648-267-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7zFM.exe

MD5 cd8c5de2af0782429f174e4ee83fab4a
SHA1 e36791c98488bed0431c2cba5f689f2aeaf336ee
SHA256 07d8c1aba1296ae773b4cf28aaf6d1bf6783f379bc5084ae7a87241bc66bb5b3
SHA512 a67eb0353431b2106f6fe660c16685e1935eb9b1bb434910009be4730928957877f1c2842096a8d275fca886483254dbd097af60c971eb614924660f0f7984ab

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 ea1ad6bf85fe6a78e8dc402574e3e228
SHA1 ae6e7a0b13f949be8926508ea767b14f3c257502
SHA256 95d79c6fafe82bfacc4cf205bb8677273c214810da16da31c65724d8651aa2ae
SHA512 e52eae42d3265beb37b789c63326c59fcc51851e49d9b72b5373c560b09d8ca2a91eb2f1a9e1d644444534720b770c73ea75c249853e3fb0e6acd83ab1281e7b

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 62346ae4cf687ae3572c407a3d4acf08
SHA1 4487cece6f4c42f852e08e8f32e7213108407171
SHA256 756bdcec5ebc604310f614871858202861b842b6a96bb165149195f62aa274b8
SHA512 6e6121714b366497d340a69d1bc396e9b78b4400e9bc2427a47c1c8c7118d318c86d26c1591f631265e5a7d97bd39a524a2c6e371c49676ce85c5dec922792ed

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 e630d0a69aaf4699228b124234465828
SHA1 34eb34097986cb011f13b30c4fcfb666a5b69386
SHA256 9961c92b88212beb77ff3305a035d0c74e5b0d74eb05daa3020e2c3852377f3f
SHA512 ffd949f70c5c5a96ec93e3ae52eb0062eb2147901c425a0493b67685d72a1f5b64783879ff6eda205706875c0521f4aec34eb811e68199c70eed7debf2120231

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 8e9c3f0b48e8cb10eba669f5e52b7047
SHA1 f1b68bfe0b105fa59f6c2d10c88b9cfb607f4eeb
SHA256 a46f7e9e0ff95e07afd4152ead95595c9a2a8ad5699e4229fe2b3066590c79f6
SHA512 96e3372587244e00a08c00de50958a61a3fa91418d1ec66ed0db42fe3aac0e7d167c639d3ef7ebaa541cf1f2824562e2b124c153abb8a1db14e9512b040ea0e3

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 3eb0c8e1e1b3000a18c31ddbef388d60
SHA1 2de23affa51683fbcb36f113cd761a2e7280622a
SHA256 92ce6867a9e6d0a1352e9aaf8bd197576cd027bbf3e2a0fe6de7b343acb20c72
SHA512 d511cd4dc6fb760c3dfeda7f77e7ed607d5a5b1e1d54b9b828dfe2bd30473f2af81e11a015622f1ce9a1406ee91a4dbe98b1bc7f7660b3261c1f9f401e9179e4

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 728db5010992b4d99f84c7d92d824feb
SHA1 fb384eac0639f7d9fdb0d0381c6e28f804ae6d4e
SHA256 c06720f4b34bfd9b47a3a5112deba9f64f9c79ef835abe9a66993dc1d73a1de7
SHA512 0869f1871103fc25b5f076dd723d58ff470373751ef3fc592f7b8d9cde023ae8da2fdc20edb583d1452fc3fc797305826e32dd05736549de9b3805921a49dee6

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 526df1eae3c3c56b1733fffae21f8190
SHA1 d87a968263263c8007b5ebeb2842e33a30731c93
SHA256 24fca20c475699112fba1353bf3f43b99e4382fe95344cc7744a5276158e7e19
SHA512 fa94f2a760dcf478f82c00220a74cfa47662b7dac9cc80a4c91d9d7870b61531179c27de942587714ba1f00ad106e18a722f65a126c2dd89103d5820360a7065

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 ee07e348181a085aafc9f7291cd00261
SHA1 758efd9b65124686da09c4c16405feafd53a3490
SHA256 4bfd37d220e9ded8a62a42ef78fff76456fc3381da46e28b76d11b473ed8159b
SHA512 b73fa5e4cc0993933e05f2a0b78ddbc2747d0d1a0981dc7a921e4162b5249f89091166a320d5b8818c2a56f479332c776a310d1e1b06a5c324970c49f6dabb35

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 b5cfbb4b1b1ab493f6ae7831084f2082
SHA1 ee02c3b486063496d096d34424c34b889c0a689b
SHA256 ddb6f782e60fc5351da112f4ed4d5ad5f21a0842e4d0e25b497bcf245df10cb9
SHA512 bb7598f56831b3f8ecb47c194b21c05ce3480226a90a6bbc710cd509f46a2f69f9645e3cfb90ab41fb2db15369bfe3d2b45b33d6875a58d547bf46dce099cdd1

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 0e035cf3926b2735b8955df01d04fa6b
SHA1 b398f7d2c28d0f0af5dc1becc0f639edd86dcade
SHA256 854e9d8c60858e306d7169ab83c78e0b32f84e9048e6caaaf051350f02835f9c
SHA512 b5eb300afa1d46049c7591299344730e23a5a4fe51725c25b16da4e00b60cdff9fb5de7a50a07169da3d04e9fc941c2a9ac810aef48a5730baf895022a643038

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 c03bbc81c08f7428a7dce2c3aef9f4ae
SHA1 aa2c6a30f8e3a4411e2df6c9f7c4c4fdddb539d2
SHA256 229fa078121bd9923cbaccf008eedbddff2fdaeda05a12502e40404907676833
SHA512 ab0a4613f513ed6b8ce0e33b74c60cf40fb763330c566331d349c0b0ab121dfb64921481f797501f9e4906dc3ab6f518c6b8d09ffc8dde51d25aff915a0196ad

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 13bdb4d4ac92169461b97def09147c41
SHA1 c13bc32bdc394eea6ab63fab1bb7b3fe67b54fff
SHA256 74e0c918057e6291a2eaa845d08cc7624662e7aa3d0c9e73a36cdb2ed23b8ffa
SHA512 e1528190ef67e8cb68bba144cfe2a0ac77eb28c49909ac3e272dc71675bb7b0ab35bfbb385af47b9a2cec9d4eb93148a03371ea3b6d78a1fae9fb2271aa23d4a

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 c6554150967fda93a79f63fbf364e505
SHA1 7b636d305a785dc41ff7cb755b3bb0908819a3f7
SHA256 afdb8e4ed7da15485e44932b78873d0baf03b68268dcb4c110c9365fbab1ef60
SHA512 6eefe1dc5e64e7f2ae326b3879df4e33c43e48943fb084089677c2128bfa3cbed17352a2966f5d0bf83d80811a5bec8e50b34537b4a0c8a17fcea0f2a8931a74

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 8ba192e28c6b7538885eaef18cc3c7e4
SHA1 1a5e25e0b14463869d1b063368edcb43e6a97bd1
SHA256 4c9209c14485c7637a653a6de692328108578c0687a4bd440b60b8742a4505dd
SHA512 e1a08db6e263b98777437d42ac3122526b7dc4684b1c962807d753dbece93857464d83fa79fdfdf3ee29267796f9afd21c209ed5a2191aa86a1f9971f13aae3f

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 adbfbf2b4cfabe0b0628114dd3c6f13f
SHA1 7d108d63c6cf1813d9b96509b8ee34e0fec1f04a
SHA256 c86537c7ab2ca000b9ef507fd7c14d6c737a96e3b7a242af49da29fc1f45cdcf
SHA512 baf43f1fcdd538ec210e5c102fc8d0723b3acfd2882168ba1033604d07dabbd1b178d2b69c28ca5f4291a777d12dac990e3268a905f316d97ba7db58acf83587

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 0f653f07afb4dd311dafdeff74e4a176
SHA1 c74c393dbc7e8aab94b3978a0d29e419f5ae59de
SHA256 bb4c0cfe4bd1d6198efc31eef367710d87ea6b39aee3868286d25d1278733f3d
SHA512 83a87b4dc8add9118aea6fa4f0b5c443e2954a6351f1166e9f2e788d77b7914633384e4acd55830f0fed04784a604ba45e063d04fa602ebab6804bffebfb9eef

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 32f0486af944a2997d31bfcdc47bd58d
SHA1 923134e4b597780006c9bb906c526b0876abf91c
SHA256 5f42aa53182c1b41a9a5bff5d3639fdfb5a5bf0064fe296f0fa2677d5b339d2f
SHA512 e9183cb969d8c0637df90390a0edf9bb6006625f6f553ed226afb37da60947a732d75ab2ab9f7eaa1c2b55614600829b8e44258ff1286b65c1e04e182105fda1

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 6a908c02e2eb9e13ad225650c10d16f2
SHA1 f4bfa6aa24f8bcc2bfd3bad576fdd4069ff88b4d
SHA256 22c17dfdc304027d44e026735cb1b0974da23a6544256e3cb58d28ab1e02b257
SHA512 a1524eec209ac3fb709c3131aa7cf88b5276ac1777fc4fe5d05380c99c6947f5e68f7ab4013ed00429a3467b1a0e067b159fce5a93f782316490a1aeef243d78

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 b44135ddac25d8cc818aa7f595a0c4c9
SHA1 76d76341203d493ab691d02970f8470790ae9531
SHA256 a061a2ed943f38038b951e70e1cc31785639d2e58213e9816be245e77c55dcaf
SHA512 e5af8b21d7e9b7315fe86e508af914ff57396c51839ab103e45a8eec0b0ce51fa491e1105d4d7f63db2c4c3c8b21a3db9f82aa9fef28e0c2eff2eee23cd747b0

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 6326a21347e10c6694fea28dc8df823f
SHA1 6878fa3ebd788aabff322e29a9db25214f7f5619
SHA256 52e11c6a3c578e349dff24450420cccc4c7eae7a37e637b9080a44f5842d295c
SHA512 ccc835a41cab5ce6d1053075c700b3361c69d90108d3a5d6fa131317f72deb1bf909380ee5a03abdd9a74ae33b398573ae85083b1270e202352a1fbdea1477d7

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 756c45eae998b82a319c62ed8aec9b93
SHA1 4a3e9029dbdea225f51d02a4a23a3703df965382
SHA256 eae9d9b728c0f387a58ec0256cebf7aa21f9876a5a8061268213bdaa82176c56
SHA512 14fdf5bfed87fdd8bfe39e338bfb4b5eb7dd5d492ca394630b8712a43eaf42cc68ea20009cd0b0ec7abed038ec6ff478e31690504adb188ecca489ea38755d6e

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 f1a55e9a86dcd5683e0131259229095e
SHA1 35f86a32cd3aa309b95ce070401895bffd355b88
SHA256 c64327cddbff2ebf923d38b4a9062534751a804de867e16d16c686b1cbe6def3
SHA512 45d87840d9325514477642eb2fb5d5e43adf74558c65729ea79c3d0b88891d493a011ab31131e7c2fc3052ff56f293a4769b3635de6d4bdfff023741b7bb3ebc

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 7ce328cb72e073f5eae33bf9bd65c665
SHA1 f2608f6f483ec80500443d0b5934ab28cc2eabad
SHA256 be69c1f9b9f477fdc7c2b3897b1d02e1072b322bd88bf738bf5126bcde7815ec
SHA512 9f2baf8c6b0f4ef198316cbf93af9a8d4edcdcc84525e62ece1792887374c5b2a5802ba54bf06706d9ccc808fd5fded6e68cc8f103d848f971a459b261d1ab89

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 6df8a5b252e2a08ddccdcfe5e808dc47
SHA1 7d8b3f8fd8b73f8dfcd29cf46c697583171e0ada
SHA256 058feb1d28d3b0fa78bda01542803ead155568d3eb0a331954addac50d6777ff
SHA512 3afce09812deab7af998742a25ef04f8b743ef556b4299eeae23394242083b8bec3c5f9b8556955f440f3c22aa4df5c156df6d8f56141f0efd2dfaea6e207e5c

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 0f40f9492f7234f614f7ec636625862f
SHA1 2564fba503b9c468b8b89c6f4be04cf6d7c13340
SHA256 faf553dac28460038c3eb7cce62b6f6f14ead40954b6fc052684d41597719cc6
SHA512 cca6ffea91c7b60a4c200dc3d7e0d9e17efd6da8e1d43f83fba8a1a2bfac384273b9402ea977f22f0d03215413c23a5fda8b3114fa1453d42bb3eb6cb686d089

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 5dbdb8a59309d855ab88a5847f8f5e96
SHA1 1923e1618cacce346e1a51a538d321e237e611e3
SHA256 5e928fd4cdaf50027e289b218997b843bad34040d863e44580002dd6b82c0778
SHA512 9521d67439b51e035837c34355f0000c505ea724d89baacf3808103b8964bf1f18f1b50746d44b5c0375f57b4eeacb888f7f97132677f1becd667f2fcec9ed22

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 c274f26b91b047f00359d05d3fd90da1
SHA1 a9bcc22673dde08e16a99dfe9fa524516ae2d487
SHA256 78df83a59ae91af2a7a117811e7d05849f3072fb21347ef1c84a700936200e58
SHA512 32ca41338981863a9c9167f08f8f14c7efc34d84c951ff5dd4466608f765567e287c43d3e6f0a2665da7dfd2481d76dec5d48db243c9febdfe2494d328fa31ce

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 49731208e491166d19c6df73c208550b
SHA1 b9264cc97ce4444c93cbe6d2cb34278c56747321
SHA256 46268af062b84f6e4143f8e0c694d801d9caf054698e63f09c77011d5c9ec699
SHA512 d708e115e8634a88b3f27d47a32fe75344658c4ba973aae1154b63720cb3874972849ef288c8701f3415355a94809afaa9f92c326436b799fe43e5153e978fc2

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 7285563484eec81e2a236b0d864bac33
SHA1 a7eeacdbf56173b6849e59739f99ea36522b0a72
SHA256 e793b37c0d8b7626eeb01bc583ba0947f443fe7e88035cf9fa8460ed519033cd
SHA512 11bf3ef1a75c0d5a2bc312c8b8f48eeb98fe5c40b3a2927567b64431456a786b5c695939cccef1c28ccfdc86a4064056016ed24e9d4f0d842ba18ca347d6d109

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 251829e6a42ee0cd229aab2efb143552
SHA1 7a1108e9e063224ef4579273fd7398d1044c4433
SHA256 78e60ccb08b3999e85c88330a1f6666d9fc545383b70be99759f1b06510e532a
SHA512 856dbd01817099e94337cd1a37f9fcce8931ed272b7a42f59949ed2fbaf60bf6d46f8d5d4f592394f05ebcfd4bafd98099d25065d31e2b4758f2946dbe568698

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 8725b7fd999c9f254ae8bcd092cf89fb
SHA1 bc97be374060c21ff94c5a613bd7886402e9763a
SHA256 d9e3d907de2ddc3d458d1eb46335469c34880a3992cb340504870a32334bcb35
SHA512 3e7c89529284a09c4c92bf03559dfa1b24400f34eafeb4e426e0440e2f956c6045918bc9fd486fb4c2f5d86b5aefa35bb0108b0676ee596018b8b9e52a845f22

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 3b6adf27654821fbbdec85209fd4c704
SHA1 2dd99414e62401f3dc2fd3ebc5429608463b654a
SHA256 444583c965600af675ee70d80f409f0431991553bde060a1e54c08b500566034
SHA512 96501241a862a4ec91c84e60874246e265f691cc6e99fa247ca7c44b9baa0f3e120b679d62c51d1f3960bf8e6064c6fc758d8fca2c87feb0b77cd52b4e73f9a6

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 70f4f81ad5b9bac26036dbd45cc4b7f0
SHA1 7e5fcc638eeb74fb18eaf9d3ff7dfdd39d08989b
SHA256 cf509b88203e2273930339741fece61a3ff7c2fa113968be0001821c17c441ae
SHA512 10283cb84882d471b11a270fd152e0666e974a62cfe05bcd6a67a802c1d0afa95eaf8b806fa9dd021d73c6927c05932d31a878b25c756ed13d27321ab842ecec

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 e52dbba46ff27af616ca4b9900a56db1
SHA1 75711e72991ba9ab889bc0a4cb837d763ad2ff50
SHA256 9ad9d8c0ab12b057cecc69b0a8eb765c909dcee70f4eaaf834630583d4857f49
SHA512 e6308710a1e9741917bbacc0d38adb293dab395bad1916db80af41bb25c23927e7cee22c4a0484ea57be88566ffb909f7a15c68e788b029c1f9a11d889e9ae87

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 6de0d0686fdf704f651e21848b48399a
SHA1 f71b7608ccee41c7e55235c33eb6b3938d8b3e86
SHA256 aa38a79d492b2a49ddee4c759b1c8191e4f18fb04d2f936ac2a4359fd92e70e0
SHA512 1177419c5237d9baa8744cca8d09d8a9aa017f901584ae0a421b18c331fd7201bc7865d07d678d2eabadf3854ee3dc4e234caef11e0281140509e7f6639d736d

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 de352bd94068b3c0208fb675e4c47532
SHA1 a1a6170dfa0d1065aa5adb14bb9d6e369b1a032a
SHA256 a7dbf2275495724b4d82a56d87ed8aacd32feba8e5caf09ae5ac20bd81a318d3
SHA512 97da5a2f18dc9ff094ff66eec8cf1da48d8d4b03e1fa8fb3a48678fb6c6e1b1d04c7e9f6e2b7c4ed28800c31e7212fc3314207fc1c2133cf8e04f8541da3c931

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 0ca07516fc0529896f2b0fb2ea4ee3a9
SHA1 8d5b1f49dd78c0ce735ed6ac9ac9f0f5dce15a47
SHA256 777ae0b443de0fc817afbd8017aa8e908537e55d2d7d86e98204739848b2f76e
SHA512 4b8ae6896d02c79755aa27b2e145a679d2ebd303ada7dd7634ae6f286ef1431d445f0ddfe37088dfedf41b1acb70ccb66ea685d207f5095ea7712d2360c0d940

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 e266d7722c1b7b3a996f8a13817d8531
SHA1 0dcc98c221cac681c800725d4534cd2518243b6e
SHA256 27af39543ed327fed35751ee1c948870cbcd070c57fcbdc09955d145bf1f8231
SHA512 897953bc0346b57b740641592715481523b15a772bf0ebd1c4f083d92c670d09148918c615cb840fc260bca0402b14a98067f22138fffe13c6c35800b4afccb8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 ac05c449d55de930b9e58d72f96c172c
SHA1 3a6094a08bbfe2db2e4e336133bb038bf3a89533
SHA256 deb91137eff930e8195ac101d675dca02f678ae83260ff60fc34c959d4722f4b
SHA512 8c5d54a04aacd13cfec698d74a2b8bfd647dbddbb901c8746f50a4f3eb67f5a7f1a66cb9c5b07b5f61cf6f6457300b0c450c478612dadcb46e8c94ae3f17141f

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 c4bb77c15c83868b582f0349ad83ff25
SHA1 e7ffb32857e22b3bd7c900f8799328a3ca0157a7
SHA256 79be571904a4672f7b46d588004c4f45c3147ce41e28b2f91671ee569f42089f
SHA512 78f09d0e3ef5d195f9bb33254c281394891a1d07e7415750c9fcf0b3a987d8034876d09d3a9e640cc4c49bcd3ebba51dce73356f3fbaf22d4695eb9daa75785d

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 0226795af748d6e14010c0f2b8fc44a8
SHA1 16b80ad81f60e446d019bdd99831474e653fa16d
SHA256 b94865e8836770b61fa148926d96cb9cdea46e9884d63e6c4f4bf2e4c9128b65
SHA512 c9803ee093fa4fcfd7f8b06342026802249088ab0c8cf391101ed0a12bd5a2a12aaaa5bbbf7f629e224417ddf820d00169340d16141a94dce2d8bee8998dd2e5

C:\Program Files\dotnet\dotnet.exe

MD5 a9c8c275f46e6756c1468e36896a19ae
SHA1 ae4b029059910e94a999e016795f015e9de6d76f
SHA256 cdf9b506104764a48ee057167abff179368f9fd53186e0b58c715ed1ee32418c
SHA512 279c191cb3c1019fadc973bd8196476195e6fbd4be82e52e329058cbb488485cf712f907eb14901ba1f1f2b750220c48eae8ee28f877a244caa62df9d48a1905

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 0a1c807f0ebd0de60bbdd4aa2983e60f
SHA1 a912ca0e7de9606166edbf1c436b58f6d0d015b0
SHA256 173601b0f4c6afff507569ae06053eb68afcabc7c892003b47aa4c6528a6edb1
SHA512 30fa47422b6303c58fc89a0f0ef64a5e5d8b42d671c5ef45c4678f9c36a74d47a2f4391960151838cf3d2ef1d1cea60e4cf455b1a7e4a20f051c38e5060ed168

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 e28c02761fdb19317e00da9bd6c69891
SHA1 876dd4124e611edb2022e8d351518052f93a7b4f
SHA256 df3c7647b6eae501603c562acbf931d4de3c8378260294e1a116b20e11e2638b
SHA512 73044345c2c37db0ef01c317b9c3f630f80c1b1822020042845b6592585b474b4c96ceebbdc11d947e8d8ea53d1c57a53d8f157fc7ac2a0b76a6ef1fbcbca966

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 62451e815ebcbb79e2f43353a4ff15cd
SHA1 99cefca0e1564af0b7b645d5ffec95a3d7b86f4f
SHA256 d45941c1200a59c74f9a2f1f2fc7a6a2f3ee5e6f67e2bb8e4299af50b993a472
SHA512 276693d5356b82d2ddca34449c091bea7c312d12d1b3cb637900cbc54f45fac5ac5f2f6c54c090513fda30b5d4f3ba33b762a161870db3862f2ec5807c85ee21

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 8a8969fe632143476435160eccaacbaa
SHA1 3217dbe8c49f8943d401e613f946ee4242397988
SHA256 8a903fc25d9001aee3ad281de1c076e60672faf5ac34c8677b713d29a76df6e0
SHA512 e6ac08be06a6529017fdf7d4e8132596103fe82f2b8f5a9aa59c2eb5219929b418567566c9dddb8e787468009090ea40ee9c8847cd53a21c17490aa1bbf5dedb

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 d971cd9218d7813c20a8ecf7e0b4f172
SHA1 eac12c90535d5e4fcffbd26809d0582afe01a8a2
SHA256 32034c3300b899cfa73a2b219ccfbdb6bbc8e1b313d5668bea9510e5e79b1892
SHA512 e5c65d48917560c5cd51ae93fceba8b9dc5a3f2c6f3df3252885d50755f02dd31b2a0da67ee9e4310f354d6d2d234b91d3bd21c1b73c2b2024f3d096a7a04568

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 e2c05eae8d045bada385486b275766bf
SHA1 8eeb59d0281361b26a0a1fb926f4399b2e72c9f2
SHA256 2bbb093f685b8a9dcf51f3a5cca8384344a65130cc491130071d5cebb81a2a8c
SHA512 31ae10a04f04b989a8d76778f0fc1b26566142908873bb56bd756776d697d77e8d40f426bda7b2f7f8a851a5892fa14b6c9ff08f304d6f6d050708ec7312dead

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 faa8610fc440eefa3dc34d9e23989be4
SHA1 2dff7fe2f28b2785e9555dc9bcbbf4665b8df61d
SHA256 f500fcfadd65d8c191b9056b28010acd5f8f3a78c03323daccd90221ff77c18b
SHA512 43f9940766872f1908f9fbd942605d8a71ad201699b461a9eebd0bbd099c06aaa758d7e75a3ac49c35dd92db5ca9820e480b00a6b77ec0fd1cb4621031c4c284

C:\Program Files\7-Zip\Uninstall.exe

MD5 a330b02b79a430cb2d1b77613bc7e2b6
SHA1 e3ca2e3bdf6c1904b41a713ccdedf046bbf3ade9
SHA256 e8c8efd6d921fbdcfcdea89f900e7ae46feb292ce9aa2e2d4a336f9a11a3686f
SHA512 2de991ec05982705384bd925b4751105300aad49baadd9c84f58ef5a13a164615f74405e38c7c7efe80896886d56a2dd0f8f953da4e386ddb0e2caa9ab2bde4c

C:\Program Files\7-Zip\7zG.exe

MD5 4ff7a988e341f4835b1b0396b1f27d58
SHA1 7883b24fb5ca0a3b46f626e8639d3089340a5070
SHA256 4b6696b83192b3e0ddc65992c3ac794d50c2ed8d6db0147984a38961a79ac012
SHA512 dfa0b1abbd56aa98658eacb452f128b00d491d1f4ae213217cd2a5c737dd10a55241e8d86419a3382c83886bc0fd503f6f59000e46b0910818d236c3f10e690f

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 84985467f3c2513e90ff3e4ad5725036
SHA1 6a8a3d844db45fa4d3c29460dcf2db8fa5511130
SHA256 024d66124308015988a9e6e65d27e9787f96584f4fc3ebd1e109b8dbdce3614c
SHA512 35041075f4628d9294bc2d7decaa55803af938cb52e5df6b9059e34ab41b51a5d64a37fc1b624dda4fae014799ee6c3f8a245d4b81d714079fe6aced8550c274

C:\Program Files\7-Zip\7z.exe

MD5 2a7b9c072fd19a6bbc81e8c13f344503
SHA1 ce27e2a18889f3b5ab86486341fc571d5460d6d4
SHA256 2e8e70d6ba7cf3e4202d1f81e1edec9930cb6dfb292cfcc0866a159c4962b62c
SHA512 dd0fc7713974e5d10841c9cef350d932599029ab65d752a08e4ae18a7046551df6ff5290aa7602ec34c5009428d94007079ed233f1e0e80be265076e6eb7fc35