Malware Analysis Report

2024-11-30 06:14

Sample ID 240612-r1w1eaydpb
Target 2024-06-12_5590290e913615fa18e44cf746698af8_ryuk
SHA256 28593b3e1550e40b05b4e1587383bcf7b0f747eff411e62c74bfcd0f36879cde
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

28593b3e1550e40b05b4e1587383bcf7b0f747eff411e62c74bfcd0f36879cde

Threat Level: Shows suspicious behavior

The file 2024-06-12_5590290e913615fa18e44cf746698af8_ryuk was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 14:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 14:40

Reported

2024-06-12 14:42

Platform

win7-20240611-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe"

Network

N/A

Files

memory/2944-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 14:40

Reported

2024-06-12 14:42

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\cbe0edc71ed82f9f.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{38ACDD0D-FF02-4A34-B36C-7A103582B8C1}\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\System32\alg.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_5590290e913615fa18e44cf746698af8_ryuk.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 ssbzmoy.biz udp
US 8.8.8.8:53 cvgrf.biz udp
US 8.8.8.8:53 npukfztj.biz udp
US 8.8.8.8:53 przvgke.biz udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
US 8.8.8.8:53 vjaxhpbji.biz udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 8.8.8.8:53 ifsaia.biz udp

Files

memory/3564-0-0x00000000020C0000-0x0000000002120000-memory.dmp

memory/3564-9-0x00000000020C0000-0x0000000002120000-memory.dmp

memory/3564-8-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Windows\System32\alg.exe

MD5 fad8a3903e8918ac48bbc84ed12081a2
SHA1 70814648be5b948cedd1506fb6bc8728aa54f36f
SHA256 867a9dfb4c6304344dcf01c494ce462d6e461f01e7fd063c336c66431745727a
SHA512 7ac9ce1ac2000b857501be1c1d4c316d96b42caec697e2c919618181938bb0456e5e3358ba3e5778d588da514b7a753383d1c66dc22e310108b8a18cd92ece50

memory/400-13-0x0000000000500000-0x0000000000560000-memory.dmp

memory/400-24-0x0000000000500000-0x0000000000560000-memory.dmp

memory/400-23-0x0000000140000000-0x000000014018A000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 e74a72f814d7839bbf264910f7fa651e
SHA1 d710772d4d1099f1dd37087a0f0e8484eedebcee
SHA256 e112bdf3d9d4fbcb07197d9476e36a80552e7a32148056bf58096539b38d4486
SHA512 ec524bd1bb447bc3903c798199006967bd1ab3becd234f4a6425798b00a9b8eb3e95d56f29920dea45457f8558c39f771f0d513200ccf74a463acda59289e5b2

memory/4348-33-0x0000000000690000-0x00000000006F0000-memory.dmp

memory/4348-28-0x0000000000690000-0x00000000006F0000-memory.dmp

memory/4348-35-0x0000000140000000-0x0000000140189000-memory.dmp

memory/3564-40-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 c59c3aa8ae34e4683a93d69e4814ec89
SHA1 d7d1491da492e2a9a891b4a61e425478591b3d5e
SHA256 2f4c187143d44d8ff1e6dce26a94c9af73d8b0ba2aa264e7b0843f28662786b1
SHA512 17c8da037fd17bee6c9e9d3781a5e98173721e211e8bf215d450543f6dded7ac67270e4f0a89a279c5869bd7a9e6a7cee3146b99f9b0af50b30e1d4d7be2854e

memory/1916-44-0x00000000007F0000-0x0000000000850000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 c2c238892268c8eff1eaf7ce21b5ba1d
SHA1 3ad76d99437e780f79ead4c54c198ed9cc628e90
SHA256 87eac626431e4ef7b3104c7c6683e3f04f90d85ea101d5e5efa1275d2c341824
SHA512 3bd20e0b345caa307a2f18f08261c945c800239281b685be50e49ebb1bb23b5e187511f653fb8e7f46cc4b2bcbdb54d3e60b72f5ff0110bc3bdab1d9ab4dc364

memory/1916-54-0x00000000007F0000-0x0000000000850000-memory.dmp

memory/1336-53-0x0000000140000000-0x0000000140135000-memory.dmp

memory/1916-52-0x0000000140000000-0x000000014024B000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 92247b600869185e56d93b9e211f0849
SHA1 614ae7dfe3cc62aef90719bf702907aa66d950f9
SHA256 1dc7e0175a212f1b576bb30592b2d1eb0fdfaab3238143cab77e5692640d63ad
SHA512 7c00a67615e5259e92027128432e596d5663979b05bfce592b25230b60e2e9c65c81cf898bf1834fda5df67a4a41eb0d705ba6fce7df04e85eda9ddc32c00f3f

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 21d3c4bc1b232658dd66f4f6d75aea88
SHA1 447546ec3cc14e321d1648ca190eef86176a4d56
SHA256 48a1d07bf4148385cf50c4ecfa55be92f3a1ded049a0fc2adf3b9a7bbc97dda1
SHA512 65ab440717836331ca5e0c51e62782bfd99556355ddec027459845b540a11019690f747867c50715ddb1789eb2823d18813fae86382be1c1cf9db3def11194e1

memory/4684-63-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/532-74-0x0000000000C00000-0x0000000000C60000-memory.dmp

memory/532-86-0x0000000140000000-0x00000001401AF000-memory.dmp

memory/4576-88-0x00000000007E0000-0x0000000000840000-memory.dmp

memory/532-99-0x0000000140000000-0x00000001401AF000-memory.dmp

memory/4576-98-0x0000000140000000-0x00000001401AF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 e3dba1ae23fc7e3dd931561f68edeaeb
SHA1 62d884d512fd7b2470bb3d526c70062b806c946e
SHA256 a14543e542a09ff1a944939efe9ef863678309499b10ea1b8e3cced694f6c944
SHA512 1e50506a8bc17d174be4a638326b34fc79efa7167734eff301275f25e25fe537bc0e59ec3bbc5608274ccb95ed359482eae4bab4aaa89d45c2f6dae5113a980a

memory/1336-83-0x0000000000A00000-0x0000000000A60000-memory.dmp

memory/1336-77-0x0000000000A00000-0x0000000000A60000-memory.dmp

memory/532-68-0x0000000000C00000-0x0000000000C60000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 3c84e1a8c432e487fd519d9b99684c03
SHA1 f5605755bc14500518eb40585c3fdf43d9c895ec
SHA256 9d6fc2d2de24e9406a74933f40789e0781bfe0926f0c0b5403624d02bc7cdf75
SHA512 4d6604927190ced64b4f9300fd22ead338e96c6fb4d150ab89722e7a07775a76c90bbdecbcdbd295935c00828673cb0301612d36d681c62bde685860941f404f

memory/4684-66-0x0000000140000000-0x000000014022B000-memory.dmp

memory/4684-57-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1336-105-0x0000000140000000-0x0000000140135000-memory.dmp

memory/400-261-0x0000000140000000-0x000000014018A000-memory.dmp

memory/1916-264-0x0000000140000000-0x000000014024B000-memory.dmp

memory/4684-265-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 650a38cdd7ddd037445aa9d9382dc898
SHA1 bab5e22389af09caecd4487c70c7516e2767ca15
SHA256 bdf95441e469f9959750c19a709983fe30d325d1fb0fd8803c6122095b3d5442
SHA512 e9a76705c75c0bb95dc4b8f21c3a3e864857683f6dccae5dbb03d1d2ff25e67299239de92796f8a04d1e57ae727430898bcfcdf9b86d6562bd6a37ca2d0b26d9

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 d2c1e1129e28944e355fae0be180a5b8
SHA1 8cf26d00d4e18b291d68428efd439c548d04443e
SHA256 559f8d4ed6b9cf7475d6d49678b0aa979846b8d7392bc9e6cb1911db8a3a3c57
SHA512 6e89a920e6411ff99bf35e61ceb01d12b35999348e1d70085eb133f645e261c67782d3aa08ed75b8bf3281c9d0492ac9c51933fcb5dcdc7520153a3c91c693e8

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 66db0599e9ea907e6bb3d91f2100ef4b
SHA1 15277f49ac0bd94b48ab26c9df417adbb754dde6
SHA256 c082d56f193bf68fda0e660c7464216717bb1dc1e6bb36a6fdc7340929f3c271
SHA512 be702fc9c56a7fd4a1bd574bf2f2e19d5ce111f766d994a259b5948262b209fab1dc77b6c646ca2609c87c1d4f69b7da1a582499f5dba0d15395f22ed73eb6d6

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 53182846a9550d603644fb63b2c2a4ce
SHA1 9f46b563da16a508764197b6a003f471ea987c46
SHA256 3514530ddd0588ec7740954258924942695de0febf8f43a1173eb28641f57cb2
SHA512 b0f42b77642a9806b0511e5acd887dd9b94798118f6b1b02ce25b23553a6d70059dc40905affed85410943199d809fbdb8eec416e591e5d12a33abcc11ff512e

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 4b9846545261ed4a0775e4b7d8f443da
SHA1 70286caf224604ef0184ebf42f660d80fca891f2
SHA256 4628bd1bd1f4c19c4955584c84d521f92aa856ce9dc91de5c594b893e8036005
SHA512 7d639e3161a0b4d7fd539699be653430962d5d87b78f1a59c35554943663dc0ae69a0e6612ecba465267450188ef81f6c1954933cc3c6710b71a3f1b6a672393

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 fcdfd659a40b4b054ca82045a0e9edfa
SHA1 7d96cdaf2c7a950bce501c6e7bacd29158d38c0b
SHA256 4a8a8da5d049850cb159cece0b161937ffe7de3db931118151bf4ec6b4a68e28
SHA512 b359b8360d77a68b7d4a4811d768ee43826f481a8b010e64407ff254107707174bb94a392c2f65e223f97db61f37198acfff5f723bfec66cae8b0c9d5b7ffe5e

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 f269325310d2b826c32adf72054b2d46
SHA1 158e624eb10a0138d903ce130eba05b483183dd5
SHA256 637ccb26dc817250a8f9d060fd7c9a2ed2c0efc38931581cfbd93bd921599391
SHA512 e561b77ecf135f5d68ecb33ae95e25ae55941e455ccd828caf469021a639a6ce98396de78ac5d525ec75a01bcc1593a1007fe2a8a9ace484f3f7d67ec432b71d

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 6045f3c722828d25d74120181b6dfaa1
SHA1 4b630b50a1dde23d3941b8c93f238619c5877c0e
SHA256 c31e2b1d453b8bdf83ccbc092aede7ffc3c8d6732ac51ebf98d650655b097e0c
SHA512 ebe7dba7d2ad13f43be650d3fc55e2f2aa5a2e0e052a0e9bd463eda54aad2ee57b04bfaf69b6bbc3040e08787d87ef0bea9ba6f2756f99b01fedcf9e56fc9a4d

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 b1f1598e22139689eca28b05ef046b4e
SHA1 9e1c20ee52a2f76485c0b54c01ed64b52f7b268a
SHA256 ea9b7b3ef25b683b04aae3530e642301c5dde3d7410ef14713373f1e129f16b4
SHA512 2e1d84eb1727bae7fa3d3a35bfb4468fc52015f090babcdfabfaddf9d85c03c85746a0163ca634f6cfe727ea62ad275b81239a20fc175b4ef4cddbae5f1684fa

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 8b07f6dfbbb48878fcd56d98b600589b
SHA1 2330a8c6987cccc3f220223760f458a2bd1dec7e
SHA256 4fcb5b2cf6d6e2cdb19fed77a65b015a6ac22324bd891c69bf4c254a1d835028
SHA512 c930930cb75c752be1b4c4e9eacfca48ca5064e181eb5ea6e7f1ee7fee6f11a1a4926f7093ebbfad5433140bdf723020fc3a872dc2702870b2524246ca6eee45

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 eead46641435441ebb228081abae18ee
SHA1 51088062ba7fc90c90307ad75eee4bac666edc5e
SHA256 2c1f6a0d85eacdcda3854e2b2d973ee95c43375cb452e046eb90ceaabb7a7eb5
SHA512 7ae4faf74a1a6bfcc07457bf9b6ae0b33cf765d5b070fb62bbde78498d36a14407133d67f5ad52986fa0144df8a0678768f84f823f2eb888fc3f48fc63fb9675

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 32c06278b2527b134412b94db6f05595
SHA1 33ff632c3a8860faa74cb5cc54f8c8b12aacf4ec
SHA256 252ebac184778bc8181c4d0fa51bafdee22cde55c8ec4a8b11ebe2349cf075de
SHA512 8fe009139c3f60ec228aef86f29108444c23ba9152a61d5e2c04f34c0e3b35544906b92c658542b28abff20dce709c7313a232e3d7869e9093a5af6a7cad4b9f

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 d79f0c76b0ef5418e6c3d572c1d092ef
SHA1 4695baae9454808c57973ddd9822b73045fcc7a0
SHA256 bd345e3b0bf99c357de6d71d3239a0fe2759f9b512a50dfc8dee14be93c26d42
SHA512 28294f87946af956eb58f01ee1191bf0b3682da793affe55d1b87ab4604998993a61ccee97ea32aa03d7d22ba6662669bc7df439f2528d01896fcab4d7ab3ab7

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 28477aad26b26371e85f95a535e0e350
SHA1 5cfd2fc185511a0c0b81f7277bd0d6d51e1f9d83
SHA256 f6a4a12d65847cc953080ba5a462ebbbf8f0056b58b0cdeb890eee93bb000924
SHA512 07a99d1574cbe9497c4f611b52dc1d368f73f35d2c8eefcb2911f95b6159598aae8d8f84e2a7b4b5d0b7bd5f375a2dd9312386b65308c004ac435ff9973cc3da

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 fbeef84f44439c224d42b09e36872774
SHA1 dcd2efed56a4b4d036ca57d6e4cc1f1fb13ca49a
SHA256 e1e148362c92538edadd8bb60cdbde21048f9ca400e5ac359b0104da7848fa99
SHA512 93c7d488f4cce521a0aecdf43f613d4cd6bf52abd3cf51f45f96ca77d3414e10a0c6df9cab68f5ed3d81a6ccf5b8dfa183dd29e37d1cbe6525e05e570376cba1

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 858f5480acde46f14e32ced86ec66d72
SHA1 f443f041e455519e192f0da647db6b7eb3fe8527
SHA256 0a983f57db3f0b23ab4cc79e7e05cc766bd60ed91064952a6b347621d3edd38e
SHA512 4ee99d09a99784f7e8049efd315ebd511689b96a72aa95f568a5971b0bacf1f51af386b460a2c1db95e0aab131a8686d5669209b89567f89ede439dc397bdc20

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 c9f528abcf0e39b263b3c7d4b0442efa
SHA1 a75316dc4fe92c47a7b64244f5b05ffbbe58b348
SHA256 c97960d9f76d081673fd3f4ef6c42940db1c882a317269870a2b7af5951b55bb
SHA512 59f2065ca78e5f701721fa0e5960a47ab12fca17cdfaef3276a92c5c2f6eb6828051bdf7e4f0a202ce36b257ba7b11878f483bb4a6cc9b49191caf4d16d346a9

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 8af6615dde8bdb2bfe789a04e2017501
SHA1 8376bcce2372cdb24c85d4c4bec307bc8941d52a
SHA256 abbe02d206d7b8b8a9ffbac3a14686da1d28df78b356dc8f651306f7dfc350a1
SHA512 3af094908f3c0b16c49ef95a5445184c1aa984bd5d3d820ac20a7705c330a258f4c603a6ff419c5fb37678f06b1bd1fdca702b6c4dd0eff3d252083bb5430fea

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 6d8c277125045f4e36b8fe156d305f00
SHA1 e6d606f428ccf4fde86caf9f7d80b5cafa8872b7
SHA256 4856205672d472a62179a6f99816a954cac0f2610290cc8b2ee1ddce21e66907
SHA512 5f09ebd0e5063dc8885d1965650ebaf2608e6e37366abf3fd079f058713346497081d660f2eaec4e9a80de2db41f863ea6172a8108283dd76147c75f23ca02b1

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 eddd374a4df76db9797cfa0388eabd5f
SHA1 2d2361b6ea67e529f447fa0dd8d5d1d6e84f2beb
SHA256 4a1f6055fc98a60f8890514937e91ea1d83b73379724f74581562f1efbb86bd3
SHA512 50980a7998012b5b736d45358ab0cc69767b002c786348e7b7ec71ad0edd4662d14bb631a67cef8c7b307a977bb89dbdd2d3a06544d1daa62322252eaf4d9f50

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 8e80ffac9b94748780f5bf6b1b88c108
SHA1 eb96b6374321956909e11b2d1c95d939faa3cb9c
SHA256 c84bc5d4d995ff6882f1375e69a41e71ca311068b1be9bdaa004ae6648ac320f
SHA512 47934de46a07b9c942d60963b5785956e8f6224670724e545e369eff7c000683bded7bb5f33056e6e0ad2525b1c7080fc0de65d9c92ea2920798c59c186781eb

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 3f6e2c4512841c5e96edeeb5e04e3cd4
SHA1 1719e63733420fc1bc924dcc6429fb8365c122b8
SHA256 f3217f5621c84b7eddee7c554c357c2b4b26fca7f6e32e4b95f4440c0b4e8196
SHA512 3f8b3cb5f8b912a43ecf85d0d466f2ba29b31ef842dd77478fba68838f9cc63129a9c40d07ceaf5ea946204421883df52469935a122ac3e326beb06d229bbda4

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 197b187704dca3c0fabe2a05b666ad97
SHA1 3571b9ec93f0873c9bdb5e69877971701c6b3eb9
SHA256 9e8c44c6248735b08e3e5e2d6af8a253b52a1d32aca1d24dd9318a0bffddcc0d
SHA512 acc061ed9cbda53333cec4d02eb55ee9777e9d257487ffff7a966e91c7442e7325974ae5beadae313ed0050e7ace1b0072b8ca062de5bd465cee3814618f4300

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 22386351d65ccff1923961c39544137f
SHA1 27591390c376d7a66fb6ae43bb0f0a6d308b7723
SHA256 b443d716c743b4f2124042f52d1e91e217f6f3ea63a6c6ad4ece2d58e81306e9
SHA512 d839d72d0dad0b1a5e942d59fd60dd8ac95f5cf47b0c74864cc1e864a2c309c24bb6337ecfe3383ba857a49691ebc9e4f6194bb1ec34db1f5222fdd4d0687827

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 df7cb6e4dfd8a8a2cb6bec9deb912075
SHA1 7b367749674e308054f282ac7e100d0344f19c11
SHA256 00de1df7d4293ec67b3d436b874b2e85704203ad595884eb0177b167cd2a4520
SHA512 33e8f0736f49ca2324a3762e8948d5a141813343bbd100ea8176b01fcad87f2d7d87845f154ec710cdbf1ba878c52ac0d3b83105bd8c953c3fca4eb1591ad4d9

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 70e6e659be8d5a7a19bbae2d45da0d06
SHA1 f525be73b5e0c5492e70ca98bdcd26c326336159
SHA256 2eaa3715b865a21c2e4b5104c8c49d2c38bbc929ac7bb397789ea11ca1a4a5d6
SHA512 e81b10fb6e4583885f06a030d54e0c6042be75f897479778e2f735b7ca314c5fd3338c64afd5a6f0efc93fdf699f7762c450db2e32056f64401b499cc1fc9a83

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 1c354c21a22bd9e1837f3b03b010cb52
SHA1 2485a88b8b28a926c01cd258414b50baf0501734
SHA256 417af9e3a4412e4f56e976424b3b600e46503c6dded51af197d9e131ff742fff
SHA512 63d4f8625f25d0abcdcb38ff2ef17d8902b63fb5dda8f02820a1f837523df335ea86baf4816b9ac4ef9e1e780c17adf83330ef2878fc9f2a71ca3eb808232782

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 e5913d590bb5a75ab538d35b11fa76fc
SHA1 47f6f97b46bce3d83ad6e0e9f31d99c8ad153d24
SHA256 5f20e13884372320490f964b8504ebcee9b9bc868e4a2e75f244b38113232af2
SHA512 ac470f4ec829edfa7bf57c5e38b06c8585b8f63618940f83c4652126acf4f3654531b8d07c80607a46eec8d069e580f1e7c1616d810254fa94d963ebbc174fd0

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 5c256d9f863cda3f0361d52e805fbf58
SHA1 26e92b1e7783ddb5a46ffe32cbcca81a19b39f28
SHA256 50e757471fe0d48f0c82b2dd14a6e77be67686d2a6759dba244665cc77bd803c
SHA512 04a66781c91d3dfdce78bba50f8277f1edbc3c55bdea3816413048d1049ec353a256d1cbd7f4c33dfb18a5c030a2b51b4adae6f5fb0328e8aa5df7284ec2c6d0

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 a886e78868e693e5ae286d3a76c59b76
SHA1 58ecbfb6f62bebc51490cfe3ca9d894183f57a87
SHA256 15f397e4ac841726d48126e5b788e0f3efdf7567001157bec3b75a9ed99a2d01
SHA512 eae179536b6fb86d21ecc5de4ebafc4aa7d8c9e42b3b0ce34c181389b9a7c8df03e9fabf4e0050a0ccf03bca4f090a966a19e4128bec004d016b03955e2ca15c

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 5fb060ef420cfdd2f7536000ff1a7871
SHA1 64e4926d3b606600c6c10b5a850b1c106a99cc70
SHA256 972dc46dc460f68bdcaad977831cf2ca48f24b9109fdf2b064d33282415eace4
SHA512 c7ae0def2142506de4f614faae6dcbe8fb4c3e2d7e7cbaf425588f30f051927495d0466a255051e3a56dd31d74aaef9e984cd760042e604738a899452b8101c1

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 de1682d07a0725167211f823aab29d78
SHA1 07a9d0775dec058f5afdc0d0b3635270320caa41
SHA256 627160c6e0fff8d2e7477f22cd39658f8f3192433e0c60e7d1e3a55d7ae6f70b
SHA512 b3847b4b666ce76cf0794a0a6c6afd789195d657a3aad26837ddcff1c008c924b67c2ab84fc227e1d8a70f01b15ec39cf23cc353d5d43aa0f30a49df1d51d3bf

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 7a806c4111eae6eda782508e5522d843
SHA1 b1e15260c079bc38b74b8cff6ba72dc51492cdec
SHA256 84447d6533f3c9863955ad1273ddd72a3f918988765870b41c2c0b20eb5ff897
SHA512 9908a75d73ef6587864e2ea5873020bb5424df7c89855d4ffeeb3a40b8ecc663ee66c634622a8a70bae1208387bca3cf41645d44a823f73622268984990e4cee

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 c8bbacd677d712f6d5edef29c6c26230
SHA1 da32b8441555546a2f2b0e2343c7c299b07912e3
SHA256 fa7444638077de6ff89e91141b2d7451cb6fa2465bea2de94bd852041e99931d
SHA512 62973f20604bc827ae11b039e8831c55ba7cc53081bb3533d6353f15817cc844e32cb80e4656fd75f0b4128f1b9cf2030c396498cdc40491f6996e421cf46c35

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 aa17ab7b005fddb35e35bef1bf6ba386
SHA1 e206a044aee5a6a81be9d015a89c76ae135a37e1
SHA256 d0d5d1421001ca23870a34f71846580b662ba28bee3969a3fe4bfee84d9d806d
SHA512 908abfb0572535093855928c9a7c4576bc9e747d4b78150940d0c0d0ab8d931d998488ff83b69e67d3c1dcbc6aa7d036d25fde4b3031173e0f669dd76e008207

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 3690c208bef2fb49f5908d790b92a8a9
SHA1 0c1b37baf92e1a78b4573bb6613894de54b7eff4
SHA256 caaf20027ae1484eba510c8cb37b80e842bb01f30476f5bfbf6486fa3ab39583
SHA512 5a1960a9ba317077987ee2b865ebed9eb42ab14b5d6d306fd4e0e4a41a29fc0923a84e96b48c50628915a0b6c01e6b444891ee622a6943652734ca81396a0cc7

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 d3109b1e1fd5f30fa64710d3ca960690
SHA1 6c5ad7966d6d2e0fab28df3bceb1e27c53ac5f6a
SHA256 8c0508c211bbf54bb4a759803decacc572ee020c94575b95c3a787270239d952
SHA512 e1c153ec0a2a1db44cf46ab1bcc42d4afe2ef2f6ce538bed164ce39e34c0b3ad1a6a97fba4d67295d3ce838c905a1a1a1beb69bb84ea38e31a12589589507549

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 a6fa35b7231c2496dedd806012509f57
SHA1 46789d1df43ffe46f3865057a734acaff1abd9e2
SHA256 24bca26e4c06550015e10fe079a7bb4d161cc3e5d66f2298824b9cc9cd5cf3d6
SHA512 04923d963fd26bee5d540af1a2f9a893ade5ed7c0479c85a8089d20812d8dc776c0e681b2090c434fca2b28c9dff6f1810427676e841839932b74b085297a8eb

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 cd3049273004d278374856cab91bb9b6
SHA1 242f230d6dc23303f26cb13613530f6d21396296
SHA256 f3b49acb58e7a415cadc302534ccc43b4f9c2bd71c9b97daeaf54a66da108109
SHA512 851c316d7b02d320d0175cab4d7bbf46845c40ff29c77e30070bd1f5422cbf35a33b0043da97b2ead2db08a576257796d026b14fe4e1166c39b04beebe0e8929

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 55d6b0d04b58443159433a6051ee1a0b
SHA1 a8c20a88b929b713ddd5831833e1e8e65b213709
SHA256 7e2e9dc542fd476b1990f51a22015f5dd5d43d4cbfa3e5e6efe4a752fae7f5c9
SHA512 38b3aa628a056c5ab708750e5b50830aeb6e71a4a59a2587d839208ab65878d1611e9b3322bc79ab475dc3355af3f05b9cbdbc0419f72cbe62a9499a8b6cd746

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 b8a5bcf04f42e22367749300e894d5a9
SHA1 163e7e8f4f22e3d1b19051e2f6ce0ab67b8273ec
SHA256 28d4ca087b3bf6d309326f9e4ddea6a7628ad05a0f15009afa7ef402da9bcc39
SHA512 44e0f89169556ac8065b0cc793b8013550c72d9b43fe112da2d90332a1454fbc7b783db428a8a986d2114c4977121ef47a53cf0ac2c13e6db14cef0e145138b9

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 968d8781acc0c84e5d1e460d2f9e8113
SHA1 8c55b49b874f2b153ea54fccff9c48b5c568747e
SHA256 e03d00c5c8af8b7f7668e819aa1951389f4b10ec79c055dd60bce5664855b2a6
SHA512 526c732c04d8c3ef92461a29bdbbfd9fe67c3c9ab879db524abccb71e8ecb8e1d46883594e5b6ebb77b4288ff3691b499e4b15793306b4f0fb4eed861685c1a4

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 7b6dee282a2d4dd4e3422bd6cbcd10c4
SHA1 468f9837d8edfa1a24e6499e0028bd03bb12aaa5
SHA256 62fcedca3cb5c299887898666f89bbb06db83171aba48e4df59821a1637b0765
SHA512 55e4077489625730f6677bc535275c9244ddd12a226708a2cca0658db4ba06e85f55e9498c21a740dcf7802ade8b4d317167cbdf255e8ea770365ae58bc7a0a2

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 21198c5b0f5d5b3ceaf44315b438a4d5
SHA1 33595596533602dd7287aecc949c673fba24a085
SHA256 e70bfa95106e64ec3883642fc4b795cd13e6f2cce03f3e25566fae0cd294cb24
SHA512 8895a5a58e5988f9f9c00a02af790b3950ec4af2b0853ed58569493edac905fda3957520b5f9080e3e310b04619ed3cc11585c67b7234e8ffa28fdcc7f8e6148

C:\Program Files\dotnet\dotnet.exe

MD5 2a50593b3797cb95d1b13c4a3f3b928a
SHA1 13dcea14749b79177fceba975378ec86b4691132
SHA256 87903a9e9c516fb26df6551c391b4e68d452394f1b2201f585e2614ec8f34dbe
SHA512 d8fd035c315482b6888c143e2b84a670747e430612a86c937e242eaef29394016237eaa7ce1064f8fcc270346046a5f7647c060b24ae01e464e61950909d738b

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 a50819ca0c1b64c8303c15d4b018507d
SHA1 d26cc0627dd1aefb051dfc837402977422973c5e
SHA256 c7b062a90a6843e1fac2dc8095a9cad7ee9343a1fec0396dcba795df344044e6
SHA512 5ccfcf884ddd48fd56c422bf708d19033442fe21eced0f46145a1ce9e59a6201913aaf15724608b7e771391eb4e6ec7495254b216e3520173c99b97573542d97

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 bb341c893a1a7106fb8dbc3fc867553d
SHA1 de3673d8d6f0221f4dd2921150fe0502b8f4a282
SHA256 6de986bf79c6c4539129f8fe3a59eedaf421b07bd338373dedd372fccdb3220f
SHA512 d8ba4f9263b5111c979d5c0850c562bda709f135770e2ae21e52c7b56404170779ededcbb3f26886efe10725edc2472dbac7708f5688758cbe865aa43986e829

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 c73e65e06aad8a432f9279b7702d83e0
SHA1 6f8d77282aaba70380a44410dafcfea6dc710362
SHA256 e1a4c8dc4e6f723af4dd9163b65029963b44e74cbd2c606df1ea007a30ab2278
SHA512 433b4fbea58b2e8fae1ccecc757f97c5685ae565d06e18af1042af8a6138d8699e2b9eac0a72b96babdf60dfb6ff482253591929a8afb74b9a6cdba513f43791

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 72cb33505bd62f823a99429f380f65bb
SHA1 c4b11b6a6aff7b05f0482ab8bec9457c2450102d
SHA256 1c3757268fec5b89b6d5ad294c1382ebbcfbcf6c4b04153ed649d09b70dcfac4
SHA512 64653396c9581c74bef1bc56597360818e6bb8e412cffcbda92717f6519d2c7528a5dc158cab85b3fb37b3b008174a00c8e8e7c74f79a2159b219e73b7a99e65

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 da6104f94e5052beb2d3250d85347f68
SHA1 8ed4ad8958efe1333a25d5ad982d2a056b71fe27
SHA256 ae3152bba20b37fb58a9e3066b04c9855421d99e9de3660f2a01441286e71857
SHA512 e0fdc66801aa268f419da179ee855e2786d91bea89da5422a828d0ea82abd741dc0e269312f8e8f3bd4f988897a490646ddc2041d67f69ef175591415705d3b1

C:\Program Files\7-Zip\Uninstall.exe

MD5 05bf2b7852d17dd61be8d9890f34d8bb
SHA1 79f8823100686fa29e6bc30ee2935cdf6f88524b
SHA256 68c64c3e09a5dd972d9d68db658c85b45c95c71f958a6e393dfaba96db6b5547
SHA512 49751633128c0543225d27b48a3ffafb9d803dd24dcee05dd2163bff3df4829fa8f34660f15c9b0ecd4164225e616f96d9ab031b9e034c5347a4b5dba352f252

C:\Program Files\7-Zip\7zG.exe

MD5 23bcbc6bb5d651f03893f306a5cce4c7
SHA1 9c6137d9b43e86e9655cd3dc97d539fc799fe5fc
SHA256 bad6652b1b61fea30fff915c9307090058cffaa56402fe6a817de583a4c3e735
SHA512 aee29b45b53ed32dd6a0a090b328359f8439e138e0585f57b9edc391ee5c165f65a20493cd39cb00c6425c3fd955373912022e38ee56eb9f98708d2fb9938010

C:\Program Files\7-Zip\7zFM.exe

MD5 da7b5a1b17ecee536340b01462bc8546
SHA1 dac5017c64a65880004045babc890d39283185b6
SHA256 d8248c98d30fdce4c5e5ffffccf040063c196c82c3ca3e08eb54600f897c6b8e
SHA512 30e1a6296ba343b8bd17b6ecd092b0a1b76d89e7822d4481bafb8151fb501cb37b6a362339ac838ddb0fa5d6ff70c4c74cb992c1de388c32f05586d338031262

C:\Program Files\7-Zip\7z.exe

MD5 bab6627e5e45ca87ccbe1693c7b460df
SHA1 653343fb1e49bccbebbe37228694b38f0503c24a
SHA256 e22af3f0ef271ec45bda33cf7fdf80487123348dd7f908190da4b9fbce4aed54
SHA512 a020c05232e86d1976b0744cc9028f28791f233d4a37cb9f80cf3b9c4483bf7a992938eecdc19c4620c4eda5e13e21122f9662ed9f94b28ce4ac449a67f70a70