Analysis Overview
SHA256
e47e4f2a8d46e313d9dc8c9b9b6253bb6e88ede4816cc3728d93688d039c6596
Threat Level: Shows suspicious behavior
The file 2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Executes dropped EXE
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:50
Reported
2024-06-13 01:53
Platform
win7-20231129-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 2388 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | C:\Windows\system32\WerFault.exe |
| PID 2380 wrote to memory of 2388 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | C:\Windows\system32\WerFault.exe |
| PID 2380 wrote to memory of 2388 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2380 -s 220
Network
Files
memory/2380-0-0x00000000001D0000-0x0000000000230000-memory.dmp
memory/2380-9-0x00000000001D0000-0x0000000000230000-memory.dmp
memory/2380-3-0x0000000140000000-0x00000001401CF000-memory.dmp
memory/2380-12-0x0000000140000000-0x00000001401CF000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:50
Reported
2024-06-13 01:53
Platform
win10v2004-20240611-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| N/A | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\50a2c23a4ba38143.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jmap.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_baac63a93f0c0750f0346cc11f7acb28_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 54.157.24.8:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.24.157.54.in-addr.arpa | udp |
| US | 54.157.24.8:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 8.8.8.8:53 | 61.43.200.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 139.124.208.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
Files
memory/4688-9-0x00000000020D0000-0x0000000002130000-memory.dmp
memory/4688-8-0x0000000140000000-0x00000001401CF000-memory.dmp
memory/4688-1-0x00000000020D0000-0x0000000002130000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 4e602b6d1dd4c88541a77e3a9be636ca |
| SHA1 | 90cb1129807f8c56e257f18e045c76aab8a1efc7 |
| SHA256 | ceb9d2b0acb5a5ab9e71c6334570c02a603f4e8225d9fe2e256724f0a8eb1182 |
| SHA512 | cfe667830bc4c0241620f42f645a731ee2179ed8bf6b19a6cfb24065fd83e9510ab1893c55dfb274c36796f5c91597360c7b9b1f37b8bd137d3dfbee2c170e99 |
memory/2180-23-0x0000000000730000-0x0000000000790000-memory.dmp
memory/2180-22-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/2180-13-0x0000000000730000-0x0000000000790000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 54f765b4e9b4f4d23b1e789c9b014c22 |
| SHA1 | 34cace2a8dc428ff80bbed0805b5e2046f509755 |
| SHA256 | 07a7a4f0df93f77a303dfe77b191bdc5522b4cc5cadba8866bac3d83215787cf |
| SHA512 | bf0b35b673a69f6b5cf7283118cdf41b74c564cba578074405b82a9fb33bdd93b6b754b1f5c142ccd8507382d9dda02ccadc9dcb13c95de0d2b53e13575595e5 |
memory/1780-27-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/1780-28-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/1780-35-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/1780-34-0x00000000004C0000-0x0000000000520000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 5912b0b66cc3db321f41f64589e70ae4 |
| SHA1 | f2babfeb3ad21edbbaad82b4f155365a46b13bb5 |
| SHA256 | 9499219f5f467b368ba6e64c4de888954484ce7ea8e50085fb6a50b4010f3865 |
| SHA512 | 07b71fce8bc532c51b15440daf2dbd850f96f4772201cf4f003b94d2ea3be3933a3c5c645b4cedf96765534b3b8330fc2d8a45050a02eea9c11f2bab57d869f1 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
| MD5 | 462493d445cb3f04c41c63d4dea235a6 |
| SHA1 | d3e0cd9aeebff2169d56e96d6dca80db35424598 |
| SHA256 | b111dc2f28ae8abead11709cbe010a662fed590430028c82c3234b280dd7742d |
| SHA512 | bbb6be3ad0a2836decebc46cab686b5ccfb276def25450a36dee6f9178d89f7dfd1aed5d99e1073708ec2980d93812b2bfaa25e15c16d9d82f7e3188d1a45696 |
memory/620-57-0x0000000000730000-0x0000000000790000-memory.dmp
memory/620-62-0x0000000140000000-0x0000000140135000-memory.dmp
memory/3992-61-0x0000000140000000-0x000000014024B000-memory.dmp
memory/3992-59-0x0000000000C60000-0x0000000000CC0000-memory.dmp
memory/3992-51-0x0000000000C60000-0x0000000000CC0000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 26df24aed7c5f074f23eaf78abc50f18 |
| SHA1 | 07749dbd3b24ccc1c65bfcb1cd5116580ce957a4 |
| SHA256 | ac2ba0d6f2a9b637fabb8490007fad9d1aaf4442ca85d2dcb5575c297b86109a |
| SHA512 | 5cc8b5d8bf945b9f824b4aed7ec2d34c9512a49a9970c60ef712888e981db7da52827dd37f6e74bf02f61aa9a201f4332437647a0abdc2b1919ec7b5924054ff |
memory/4688-42-0x0000000140000000-0x00000001401CF000-memory.dmp
memory/2116-74-0x0000000140000000-0x000000014022B000-memory.dmp
memory/620-77-0x0000000140000000-0x0000000140135000-memory.dmp
memory/620-75-0x0000000000730000-0x0000000000790000-memory.dmp
memory/2116-71-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/2116-65-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 3aa2deac43d2a33f414365122fc8e34f |
| SHA1 | 2943f84d17d7b1e89de74d1e97ac8af3d00fc650 |
| SHA256 | 941c46ec0f06a4082b9c7f1c4d0d975e5ed01a88c872e29ea865e617d398912a |
| SHA512 | a3c3b6f38482028e92e1a4da86f1009d95b05184076513f85fcb129d18c70f951801e673b3e9f7dae85d1cfc40a41c59ebe58ac2c93e2cb31034469180138bd2 |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 26c69fa29c5ada4256ac61ff7c049573 |
| SHA1 | 2c17e30265e3de764ae4754ffac21cc33cc103e1 |
| SHA256 | f442694d20bc7d790790eaac745074b8c5db467f837a3d684808397bb238cfe6 |
| SHA512 | 57b17edb87a7ea7e62cc84366e2ba2ebe514002684aaa34cdc5791e49ea18b245666a3cc64de5d1e3b00e945a08494e70b4f2d3dffc47c55b5ae962511121810 |
memory/2044-79-0x0000000001EC0000-0x0000000001F20000-memory.dmp
memory/2044-87-0x0000000140000000-0x000000014020E000-memory.dmp
memory/2044-85-0x0000000001EC0000-0x0000000001F20000-memory.dmp
memory/2044-90-0x0000000001EC0000-0x0000000001F20000-memory.dmp
memory/2044-92-0x0000000140000000-0x000000014020E000-memory.dmp
memory/2028-94-0x0000000000510000-0x0000000000570000-memory.dmp
memory/2028-102-0x0000000140000000-0x000000014020E000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | b9aa14096b910d6c1022d8a7f8929ac7 |
| SHA1 | 933cae1028d72da1f20aaf8a541793afa8e96192 |
| SHA256 | 489d663db4e57ccb0bb922578d36c31dd45f8b34f38a7bddf58bec32f5614c70 |
| SHA512 | 04e342418e0c4ec2828d56f0a04a640359f15f61256f38cb83e36aad0ac7b962b865d87b421c0a6f4692d888d40fdca650bb6f04654fbf4bde824014640d41cf |
memory/2180-261-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/1780-262-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/3992-265-0x0000000140000000-0x000000014024B000-memory.dmp
memory/2116-266-0x0000000140000000-0x000000014022B000-memory.dmp
memory/2028-267-0x0000000140000000-0x000000014020E000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 4ccb139f21c0559c89d86710f032e5af |
| SHA1 | a07062d752af2b65117fd83273c298f9a364418a |
| SHA256 | 1f880064aaebc18ecc27ece5c9a60a3c059c270a46eef8e23136738abb5d301e |
| SHA512 | a31f9de62e808484693de530b732befe2f963c076eed0a783b735d549eb5d370757296b851466397665c8e9c282768aa37d29f1448bad074c1ce1d03ecee3e15 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 6fd4ef3c86d7fee0d3c807464c4db86e |
| SHA1 | a467f4e70ecd184b9c7564657882c9822a6c703d |
| SHA256 | ad6de22b98dcadc4b1692c59c1dd145bfa4a5e7e76649986df6dfac67bd3b37e |
| SHA512 | 803f20f4ca8d3985c8ce5e15597b2ee5883a0d5682d3b8d71da7d8bf6243829f56c5d669d467c5c90e1ebbd464ba2ad74c7857e5445a066c130b1b353803daf3 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | c15709a8261f44a43cdbcb35f75c16d1 |
| SHA1 | 6b65d5661837dbc01c67a872c270811ee53a08b2 |
| SHA256 | 03786f84a2477021cea435536f918e0796b5f6f77c8135a44397fae0100ae4a0 |
| SHA512 | a3f97d891e806c05c4c9851c4f6fb0acdc8c2df57dbdfb5f9bb16b26dc3d38b58e1317f814e4072619851d170603ca00b46ada0a63ae7009a40944e89b0938ca |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | ec488d94b5f1b3a34dca5ee982b79ea2 |
| SHA1 | 3fcf8a9d80910d188714e6306be542fea3982485 |
| SHA256 | 30b57b04be5a792181b2d2ef11ce4e92c69e38aa62cacf5f14ba453ca2c07022 |
| SHA512 | 2619e24baae9b65c4443eac4ea9c5c0c116260cb7a160283f9c69252d79f1c0e0494c1f8a5e6948acb592827db7d7290cdd2745e7ba429adcdaa556e23ee7be6 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | ed335623c642ef4f35e4970af3fd832e |
| SHA1 | 5d2f41f73c49aa1e9cd4b7540c5224ff040c161f |
| SHA256 | 6fcb015c1036de385d55c1244765b4427d40d8445f2eb33ee14e73414b63147f |
| SHA512 | 84dd840852fad60c4de76c4080f52b3d9d7a3edc6452a2d23b4790c7c55588c6c94addf51cce60260e4c6d4f3670f45b7ad2b6e28b369340826cf09db493f6d4 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 1a53644a302919b9eb016b3f0570fcb8 |
| SHA1 | c9ef826a36ff3cfaf418530692890b44a4caa9af |
| SHA256 | 76efc359ab01b26c5ab0898eec12f9ef51e1f48d3a56b6ccd3199ee0b5ac0383 |
| SHA512 | b77eeebde93f14aad4a71374341133edf922b7dd3c3828ed4c300314a655599ed49a3232d8ce7fa73a754fa0f3c935521fd35a6eb64aafd74846183774300abb |
C:\Program Files\7-Zip\7zG.exe
| MD5 | e7888b21b8cf14323550254e89203213 |
| SHA1 | 7409a8267684f8ea1f856ce60ef778a8feee32fa |
| SHA256 | 308e54581d63378b84280cc8442e616a38b91e86abe1a3629959e8d013c7ebbf |
| SHA512 | 4cd8d99f011d7cdaf6d15abaf9d20be40af1502e903d7dd90f26e6128ffe10af0d927f52bc6688f68367bb606d9483fab3948057756470fba1902f01a0126683 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 56262047cd6a682958ee50c35b864692 |
| SHA1 | b14a4c6d25d5547a8b781229d93c7c650c90e905 |
| SHA256 | c4190eed25f40f28dfa1194622122040e9c1230cb0fdd8d1bb722fc44cdd72bb |
| SHA512 | a4ae7556ab655a98a9e5a620e1338c9f44438541edcc85cfb5a92db888b3e884108dbb1051968c62214b608c5ac952e6e5cfc570be74c2dab52bebfa34b82495 |
C:\Program Files\7-Zip\7z.exe
| MD5 | d50c24381c229dda279657659db12ce3 |
| SHA1 | a604e0e20e3bc2b89632220256cb2f279d120b13 |
| SHA256 | a8cdd810f909120263ac7b6b1cf47d93fbac834b65ad1310fab6942f1d51de94 |
| SHA512 | 971c5aaef2e873745ba63158e1e558185db54231142236d24a54fe1f757667cd3ceacf3a5cdea21ae4b6b051bf1903b8729b275d186224bd0b2605c276d35de9 |
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
| MD5 | 883a6e43507efa0fb2a4041dfbeabb12 |
| SHA1 | eea5f868bab96d0f96274c411f537f08ab39b2cd |
| SHA256 | 8dc43ecf690f997aefedd111c301db6c16c1fd13d825a2e934fb964cc6b3debe |
| SHA512 | f2437107bf230312f0e3c3bf21cd57c8d468d18aea9b0acee3057d2bbd6c12c6711d084bef67d47571e3969b69996dca601149282991468f63e43f150e68c758 |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | 8d9f5522c5c0c4d25d99f732a7dcb769 |
| SHA1 | b192d7232190823d57ae761235282df8e740f2b0 |
| SHA256 | b1b64a11f3f5943b69c5e2a1df84d7c2e73c926b58575da6fcf87d37d81edf13 |
| SHA512 | 98f8bb167b76f8fd44cdb8c329dab827b4dab25f243307631deef84a0dae58db2c4024fcfd00f007769cba884fe01a9dab125d74ed3eca44d72772991847560d |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | db3e524dc0304a9ecef8a09ef2fab45e |
| SHA1 | 5d2b22664bccb4d551a79c9a220df933708ecb61 |
| SHA256 | 8bc5e23b9321d184d5eb6ad24a0eab0b3f46ff9b94fdad5bb40454231204d01c |
| SHA512 | 29869f38aed501a0f42625da8e113cab31e7705740903b3920ab7bdc65ec7da77952fc55a6b822f25100e6af98adba41770312eaf8ce40d6adadf84dc1c78c0e |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | 0ac294c87d47d42011d167a05fb44bd5 |
| SHA1 | 8073de8a33832e4f562d8d88b6a1c7c0c4d11a34 |
| SHA256 | 5be2b27c8346e6b04eb887d93df3cad0b21447747aa03be47db0bc3d6d46ba4e |
| SHA512 | 29a7f52f08f2a21ee201b208d388ac64f272cabb4459c401267fbb3e7724cc1f03f5f0233948e70495b4178c32d14ac31329b74e6251d42cc8a910c63bf67985 |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | 797c20f4a103392b29b978900916d8bb |
| SHA1 | 45ce41577017077e704a56541d09ee30b231536e |
| SHA256 | 9dcee8aebc652b4d1d037dc4671dfa33308ffd1e47a512c0beeed99fafa345ec |
| SHA512 | ceb57d909e9015897ec423658aa9ae18627e3883afaa26e1b4dede29cf5e8983c1f460033b948dc9fc684ca856d3292c1c482f32d45e9350d08e9ef48045a88c |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | ad8bd97414ba3ec1220c1cc0542d15bf |
| SHA1 | 221e30f757fe4c32d948e4468a039f6edeba07e1 |
| SHA256 | 21b574ff0da5fc505cfafec706008dc1b5d712adf167febecb6a4d1663bbdd31 |
| SHA512 | a4a41ff7dbb842b4c6d7e481e04f18d3b3cadc9de96fe9ee32ab106895bf603e2f919bd4a248400795f0e7780757936e966a33d90b0c1eb92787d69f063b2b6a |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | 756174feca24d8161e24d8096905db65 |
| SHA1 | 531c020cc4140fc19d0498ae3b0cb84208308b16 |
| SHA256 | c9ebee4d781e3700b3c2e23050dea2242b48990edc5897ec68076ad158b5838c |
| SHA512 | 126173e00a5dd6a8583782ba641e08d9af99c9f0c68e364e636e59823a48595fe226ed3dc96543b15dc3a220cef70ccfffbb3e62d1d875cfda05fe4f3ab38163 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | d5c1bcbc683db68ee768b745b8afc114 |
| SHA1 | daa4d34a5ff4496baa01968ccf960b0ab035dbe6 |
| SHA256 | 83a41f1eab8db846feb2617180c51140d9c2f0ac48a060d959d86b3b23528e8a |
| SHA512 | 33d9eefef740e91d6fecd90a0c332888a3c6064a90d8225c0fdc25935c70870455298e3feacf88eabd8f032577c5561ac4b95eed1499448657ab51ec73890626 |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | c5c477f7ca7d04919d1abccbd14327f4 |
| SHA1 | a5f016fb906230cfd814c4b98f48f963f2546a32 |
| SHA256 | 5159614670333475bfdfdabc6ed1318d79f033b8596a921c5a5f9f3262db9eab |
| SHA512 | 95d5d8b10bcc5e6133d301884b438c6508e8f6a48076a25839c75abe4aab38d7f1aba46f410cc7752fc31adb5d859777d62d2298c8a07ee7f5c7fd9c0c6c8561 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | 5e30efad3736006eb67594dc5c15f7f0 |
| SHA1 | aec42ed496616cf39c85a47073abca5421b20229 |
| SHA256 | 785c70b736ea639553f8e107e88310009c763360f19ba88757eb5f1cc9eb9bc6 |
| SHA512 | 0a365036a9c28474c6c864c0cfef3f6787a5346255c32e593e3a85046b959f5a0928474e423d0ef4838ad25b26967a53b8e818b8310f76f047b03e5600e37513 |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | a99f74ae45a0378f72f2c806239d2585 |
| SHA1 | 864bd2d5882ab8f2c09513184e8410ffb8706d9f |
| SHA256 | b9205aea56aaac45642f5aeebd7e3cd91a7cea6539bc6af2251fef86c6f1855c |
| SHA512 | faef2772ac40e105f845871489dca586d87fd08722eb1b5aa66367967929df3f2ebb98539f1b29a72db5748e6c1a7573050efbf33ed85056ff54445d77d2e4eb |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | e6e9c855f1af017c31fab5e9d3207892 |
| SHA1 | a05c5b8ca6225b9cae3e606ba7ed706dea493ebb |
| SHA256 | 102343ebdfd48dba96f7aee49f1752016c587b799c182d918db684914407b8d2 |
| SHA512 | 8b78e58bcdbce077722482827d0e245036f6f3cff8653e081bd68069a21a7e79445e71e5a24d5d94ae23b4d396583df3b8fdbf5bb74edcb05cf49e6f14a70db9 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | d1b9d84ff8c632e51c6ab4d26663991c |
| SHA1 | c81a4559562e3538ffa35ad54d3bc48ad261a0b3 |
| SHA256 | 5c210547cae2d1ecb37433497c1215de1b4be710bd5d2a5ce89ab0ba5af46a0b |
| SHA512 | 60aec23f3012ce48de7ba6ca06bbdd3c971c28829a9d3757417f997d64eeac2a2929d3b487f78b666770c528f5ed5f51736ce5447b3d60dfe1eb697e5edd7bc3 |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | e8505e4a79c7883ec5db7da85b553ac8 |
| SHA1 | afe7d428b508782a95ef2c9cd7e5cdd28dc24573 |
| SHA256 | c6e34bca8fded806841ed5d2ee12420aea03399314b3678b9237a59c038a0f40 |
| SHA512 | a51615acec4949cc6a5f3354ae4bff51715395b3c71bc5afef2bee55e14af3e9bdbbc310c7857ddd2c21143bfcadab65cb4f1afb2a17e2a3ef1cb9ec2d3adc07 |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | f9515a4648113ac4cf11121cf4e4cc12 |
| SHA1 | 7a1fdc1d6ad3e2e92f8b8cffd33144305fe30489 |
| SHA256 | c611ddd4ac78caa31af1337bd5f96315b3306de2587e080282dfa0ca4a3b806e |
| SHA512 | 46bac091771ab2217f0a3bf68aa4114340cbbee9e66023aa8f621a221ab2a43d4ff47fbfddb444113f7f3db7a104073e897b45f6f0c83041e2cfca25e45b9636 |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 1e1fc9e8c180381ca5c58bfb8ba5c6b6 |
| SHA1 | 3e9fc32eb0c53dcfd9dfe48cc68c735918fbe9b9 |
| SHA256 | bc3e3f47416148166224beddfbc562c99d02323b88bb019106afb2545f86e0d6 |
| SHA512 | 6cf14795b65258f6b04f60bf17d36ad1d2c709fcce8b73ca111ec220c5527b2cfc48e8ce68c24f3eb6cfcd3e8146d48efab2519016c74dded2f5397ae0e3e680 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 654c8ab1136c909d08ce61bc8b385d47 |
| SHA1 | e9ff8c7f27f27eff0dbf170d64fe557ba3cc262b |
| SHA256 | a8b37fe2a2e9403a089b6d73fbe65ad6055bfa683d4d1ffe81f3de530b591104 |
| SHA512 | 993e0d4ff2dca10285ed88aad562ae7560a1f6eb3c6d4ac9a487fe07b78182b7b510214fd9ce4e6c02d601a2b69138467387487a65fc6aaecf65d4c44e1ec4c1 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 678cbd060ee0c4930600e9e4d246b684 |
| SHA1 | 68e149fdd062302cb653056333e8c250bee656d4 |
| SHA256 | 80a8cedf23ecbc9c5873b277b39fcbd8a426b54d3dbbdc11d1ff107f23532b8e |
| SHA512 | 06d4a0271aa94306ed29b15665cb152d158fa4bb4fea0360ba175f7e7c160c2e763e81dcc9f656ecb9f2b2bc8538e4ef82da7e924a25c0645d11996c88da9f47 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | b9c5ff7ecaefec1b2701bac36622fe39 |
| SHA1 | c2f9cdbe40eabbc603e05ef885498bd26de7d7d5 |
| SHA256 | 13b89b036757770b8006f54a5d92ea1436ca44bdccc5096235832a7e9bf68f6c |
| SHA512 | 90a72359bd0b7f45307943f55c55110a9f29a914822aece8c8374f2a2873d0a15486677094a61163f3a184f03481835f9a113a1c355b5461b369e2ef5b47d4ef |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | eb8ff2e5d330a096954c59da371ba26d |
| SHA1 | 9185c1dac780b598127e3b03a5cfb963b33cdc3e |
| SHA256 | 4c527d7309fd5c20d6afd133c28dd5a5a276824192c3554fcfa90817add066f6 |
| SHA512 | 893ac2dcb839c576a93c3f767f35436d65eeac54f625cfa49bad46bf4ffa2a033d82dedcb141bf90117a86cc92de7f348515f720ed854063139bedf87c9d1632 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 3b77d21e8b699c974371d88d8fa94569 |
| SHA1 | 6d8aa0e82df41dd38e2bd9d24f7ad3d279bce9d2 |
| SHA256 | c1a6363faa63d1a4a1f685c3298350fc5760101c19bbf20e2b0b68bdeb1c9f49 |
| SHA512 | c1e4d4daeff85849d12c40e68c50dac3d8b6d7a2f1f611bb04711b792b77e7790575a3d3136ea5e5c19e17fa3099c242ef0023673891e40e36515ea0f3c92ed4 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | a6027ae8adf55d94b3d6fa7d8403cae2 |
| SHA1 | 3f9d9697a055ff1e43d0760d284ec32325874911 |
| SHA256 | e3825e4e99ed36cee8e94a74f9d67d6f7eeb29caf96c9e870ae334fe7a44a05e |
| SHA512 | e292296e9cb6d0b7056e965bb565d5c8633218aee5dde2a92186d25db41152b1ef83c7d553ae8dddfa07184ccdeed715366895a1cf1987f6c069ee238f2215d1 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | fcace8cffb426b3a89875138a0c94773 |
| SHA1 | 71552b0e235fb26f9f88241c4841417bc8ca9d60 |
| SHA256 | dddc8b62a621ab8a1d4e0b1171b4c15a5c57deed76d06e3e4098af452d264316 |
| SHA512 | 26362a1cb283a6ab60f431494a93f5cb17d2e81f3b9464dbddb0107ead07e61b7727e0f816964ed68a79fcb0a21db74d5bf80f5952f0d47fbd9fb4c5068b7b97 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 5608280a05cf7d4895f88bbd548211c7 |
| SHA1 | cc19bdf8dcab805fcb1578dc2b98c734b9afb6d5 |
| SHA256 | 0e56c0a26f196f514667c71ebf507c7788b9b5f7e018f9f0e58445b82caae3ee |
| SHA512 | 572eaa8dfdaa08e9765aeeec9e66b7aae98768324b87a6d7262f0a4a3ef658d9a371fa51a4ea24cdda41313d75e958a185bafe7722d4848fc754cb96fd5f5e47 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 6cc51ed638ee79263a15887251e710b6 |
| SHA1 | 2d3092ca2f0cd1def59eb1c1f519f7b61872b31e |
| SHA256 | e1cc810aed9fdf27c98f1c8bd89e393487a8cc06520c395c2be5b36593ac8823 |
| SHA512 | c17dd92a91b288cbb0468c87225f32dce6ae4d19f592adb5357d17e125671f94f143d930050c7b0968e3118005832d0f2459e84b325c64eef33ad8f0e5174989 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | c7be7e37ce3b8edf6c8a544afadaa7bf |
| SHA1 | cb567be1b78a32dba2b68b643fb92797ed2319ff |
| SHA256 | 0df6139ffd0bc34f3b64a1bbf6316fcee0b4a0c45e3ab6c98f0e2297488d56fe |
| SHA512 | 8a6650a9c0730940f3984a6edd4dfb76626254aa7da9704d0b7707e67106f1add663de70f169ce89aeb36685f20825fc96819a3af1fa62ab58640771197b4a47 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 3867e023d45046823a44a63943633a60 |
| SHA1 | 6752722ae2b14231aad1af2c399e502b1d72977a |
| SHA256 | ec82f8645d49729b0c5352e2442fe718982e508b62fa37f25137a151e91972a6 |
| SHA512 | d697179c0860f2a6c95866b20cef4c6217728fa9e7d00d90c1da7c27473e551c8c43c8295456e8967f8defa0ed1285c09293ff473f9aca4ceacd26921d1f21d6 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | c83a8b7cd727b2cc68f753762fd6781a |
| SHA1 | 86b99dba9bc657476228c14b47cee78f5b8a1832 |
| SHA256 | 8ef4bad8f0b860f38a1278ce6f9e48db7ac7fdcfaa6d151e6d978f57f23bae91 |
| SHA512 | 139454b4ca462b6b9f61ca0a112ef1fc25d1e2f4d784bc04956026313fb166f7878a2176248cb8abf722121f86d8f62b736dcf143a55bd9b1c93d7fc3c689e4a |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 4b255cf51496cca33beabfc898126072 |
| SHA1 | 4e9a82b2d543a8d6242b630ddade11d5c7ad18e9 |
| SHA256 | 04265b1b635a8999f90f636ca2ae22699300bb259545e8f225c5398fa2d0cd51 |
| SHA512 | 74208ce82ca6657fd70254619ea70d708725b23141dfd5af690ee8ee9672f45500cf2926f9c7049c7cf3733dad1259294cd40798b9f29dfa2c963e8fc159b164 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | e1019b20c1fce07f3df3aff5b5ca39ee |
| SHA1 | bb4d2ee759115e215dfcc573bbe9f57b8af86d71 |
| SHA256 | d3da1d37d16c97bec6e7201fffae1ea2815e9f70b24329377ed99c96de7333d9 |
| SHA512 | 8eb36494b1934e4ebf0efd7ffcbf75fee949c60368d141e717a9a80d80c54884c366c09a9143e43dd20acc368644604424b88194911be9762061cdbb0434237b |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 2366de11288a3807bc8a04a6aa0037a2 |
| SHA1 | 1f6ece5be5576781993e3a9076b37db07b48bc95 |
| SHA256 | 30a76c58471fadea8ad41425f6a4fa872f5ae240d6513e692aa0aa6f9b06789b |
| SHA512 | df177c5f61475d5179db6d453bc0ab6950afa83dc4ccfa4ec2e5117e72a829c861b7d0c34237de476b2978b8f316d1bcbabdc2b38ec2968bda84edfe18a8f088 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | a78db56e370af77a8f8e87a2b68368e8 |
| SHA1 | 828d5cbf8016aa98fbde448bbee40f637363bc46 |
| SHA256 | e77e7cbe11843d2da7ff3ae797576680b051780276ac82ca62eae11e5388aa76 |
| SHA512 | 02815725ef9c4364f998bb1698a3fb6c511c4868845cc16b19bfc2772b7e7f38afd17c2b06bd583687f38b2c48681560e5855cfe0b569ce30af6fbdc33b77a28 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | fbfb6a62a940456f2a9ecb676d705da0 |
| SHA1 | 696d42eba18481e84208955b2e8efa99d0557dee |
| SHA256 | 761ccf3fd9e62b08425d77f73577f0cb98d27935ea252e52b4859fe74e7bf154 |
| SHA512 | 41bb3fbbf22d9194212d0ce53de36edb26587d004ac8788a7a9726451ce1849cc6d52260187fcafd733a2758cf0acddac5b0fd213dc95939254977c50c69d84e |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | eb7812024f23fbcfaf51417cfc5420b3 |
| SHA1 | 858771b7e22fd967d6e3a0569b475388e8da2675 |
| SHA256 | 74fc98512684f09b76ad4d66b516a9d3b993810c87a52aa2c9667cf0cc566051 |
| SHA512 | c97557692644574ef1f03c565f8fc404dc527df31bb113ea74992282d22e483ffc9ba9c99412f2023b2f88c43366b471fcd60855930b85df4ac5ae24d71f5d1f |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 9ae7044d563a32e0435409621d1d236e |
| SHA1 | 74e330fe7869d75bcf2fee5e49ae355b81c204ea |
| SHA256 | 29bc2a7792983efa4693ea045206a11794898575b387d3bc471031e71b8ec476 |
| SHA512 | fa91a45d5747d5465b8c582eb95ad38dcd88fd9e4cd95eba7d201f5b213c564469a26220b1b30eec168f2203de01cbf1d7a3ee17a9394770fb6fd6f7e3ff3f08 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | f741121e8f46a27f37c5451a3ae9c38b |
| SHA1 | 937f501b81af59cf5b9a3305d9f857df214c3c14 |
| SHA256 | 372c7a085a3034d89227656c5c5affd317ed811651e1eaed834029fd4206f3f6 |
| SHA512 | 7dbac642633e0232cf0e0de9c733fe621924753adb40e28bda1071118dd1cb9d6211aff99fe3f069fab314a42be0060fffdd8114944d0a926f3f862cad354fb0 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 12ff4d2e6c43e2c7ef6ca743e26e9462 |
| SHA1 | ba9ccea031eb9c6e0c41cbe5fdcede412a8ccbbd |
| SHA256 | 1060425ac48ec2873a1e08e50b82baf5817bfa21ce8eaea0dd406aa9009c29c7 |
| SHA512 | 760edacc652cfb693646c507cbc34114f8b63f697021319e30090ca6026ee6e9f35ac572641fc431cacd71c436837ac7574e9b15e703f4bc39cebccaedb8e60c |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | ba5ba147fc9b920a43cd6d12f960f706 |
| SHA1 | 524c4b5ccc423b56309fe2732a5a8f27ff97cfc0 |
| SHA256 | 3784d28fe2e710dd70f9a91038f2a6f6ab63f9543cafe852070e0341845e3261 |
| SHA512 | 56e0881b4df9ce05e4bb2ab0fdfcf58f4e5a327206dcff81afd078a7c8ada3ac6135e28dd1f95451698c5e210bb23f71c2aa0fab583580cc6a84bade68d93684 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe
| MD5 | b2f0b2efb824e666aeb87e157d00cfd6 |
| SHA1 | aced3c0cfaf90a4cefa45cf06fbeea4d0c1941e4 |
| SHA256 | 4f9c29d7e3106343cfa1b92834213f3b5fc0b5ff3ef55a0bff91c9bf8397a76b |
| SHA512 | fcc6d228a94d351d08e0978851ddc09da5bfc563243a1f50b36fa89069ec3a338d6eb80c6093a85ff60c1d0be1cb5f4f0f47c358679b91215413e510b39b5e77 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
| MD5 | 903a9953a760ba5569077c2c23f9329e |
| SHA1 | 8e5e5301a72f385462b77c3af1483d4f67770783 |
| SHA256 | 6e51728c202c4cd7ef3b6e8d5305bbd1c696c34ec8a29529b487859e4f4c2f2a |
| SHA512 | 1aac582cdb983a300ff30ddc297fb39b2a190f79613f30af101817dd1054bbea03a646805da4d4fde47ccdceb60270cdab4fad99fe2866e715d12e617d6231b0 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
| MD5 | 42b3b70e12a2ed570aabf8e1ebce74da |
| SHA1 | 31435411cd46a55e46214df32e1bca4cdde785a5 |
| SHA256 | ea9e646132920acb35514b5e1682aec830a6a16fcf0448f6d115394d66c782be |
| SHA512 | 7df270d86a8d8604d01af952d53c58a2f394a5f2d4ff3bd13c8124cd5684d8d5217818bc35a024a2015cff024faae4749a085e4f86f3c8691ea18b0ad6d0c098 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
| MD5 | 13f732474e67d3dcaeab784cd505e5b4 |
| SHA1 | e3963c26caa58da2f6418047df5b1d27866c1561 |
| SHA256 | e0afea204bee4cbf90c7f85401cb3cceb29bab10f33ed9cc65d04afb12d27d0e |
| SHA512 | 5caeaf0c5668c8829d711e619323bb8e1d0b2dad3a11ae62effd1bed2df32fb88c1c3146d899b6de0c52f8c03236ebf5631aa0ea5bbeae09c884931269d4e233 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | d91dfc172f4652a18a5c9412ec43417b |
| SHA1 | 08e73e1c91c22d8e142343fc2215a09214a13d98 |
| SHA256 | 96f9ff1a5a0f51dadea30a27ad3dc7f59f197a234f43ce8996e51174de3d36d6 |
| SHA512 | 2425f0f3480d8176968d3b13ad1586c6b67be60eaca8987c4f6d20d7ee298d24567f21f543d6b76eee01d0d4e5036bb69c093f93927f202684b1a38c14aac5c7 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 8f65761d88732913f5a1e4ed0e33f80f |
| SHA1 | 7e53a3ea1b268858d268a33f5cf48e7e9f61aede |
| SHA256 | c1f3e3437fc0361c9359470c3d79c4379fc67caa2e4d362f92b650ef6f16f7b8 |
| SHA512 | c292d269f7e2f985ca73de0f4da200c868ee560ee902196bea918b9bf49fcc45f914e2e95e9ec9c82d69ba88f8fa6526935eda445d9b1440b02cc712d6f14cc4 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 18e6081b8fab40a9bc15ad88ff695172 |
| SHA1 | 860845301fc862161c19f3bb560d94a776ccac8d |
| SHA256 | e577f4b803109d26773ddb695378c8b554bed2f1064cf69db9689f01745cc48a |
| SHA512 | e81784db473ca655cc3e7219a34a9d76f24316890a0f66f0511f40bd598ebc0e9a1738606c1d4f1a116a23ba0add085bd8a187e1924cb4f08c3f347230316a22 |