Malware Analysis Report

2024-11-13 14:27

Sample ID 240614-crfvha1hpc
Target 9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe
SHA256 76de4edc0644250b7ff9d46c94c988559188495ef51ce586a6167946c841ed5b
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

76de4edc0644250b7ff9d46c94c988559188495ef51ce586a6167946c841ed5b

Threat Level: Shows suspicious behavior

The file 9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Modifies file permissions

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:18

Reported

2024-06-14 02:20

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe"

Network

N/A

Files

memory/2276-0-0x0000000140000000-0x00000001400D5000-memory.dmp

memory/2276-1-0x0000000000410000-0x0000000000470000-memory.dmp

memory/2276-9-0x0000000000410000-0x0000000000470000-memory.dmp

memory/2276-12-0x0000000000410000-0x0000000000470000-memory.dmp

memory/2276-14-0x0000000140000000-0x00000001400D5000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:18

Reported

2024-06-14 02:20

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe"

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\3b1ffd0dc3136770.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{372EF552-D8CF-402C-B62E-CA3A4C643A96}\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9a9e3d0c4412049cc21f32a28ca2b260_NeikiAnalytics.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 ssbzmoy.biz udp
US 8.8.8.8:53 cvgrf.biz udp
US 8.8.8.8:53 npukfztj.biz udp
US 8.8.8.8:53 przvgke.biz udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
US 8.8.8.8:53 vjaxhpbji.biz udp
US 8.8.8.8:53 xlfhhhm.biz udp
US 8.8.8.8:53 ifsaia.biz udp

Files

memory/1580-0-0x0000000140000000-0x00000001400D5000-memory.dmp

memory/1580-1-0x0000000002100000-0x0000000002160000-memory.dmp

memory/1580-7-0x0000000002100000-0x0000000002160000-memory.dmp

memory/2340-14-0x00000000006D0000-0x0000000000730000-memory.dmp

memory/1580-22-0x0000000002A40000-0x0000000002CB0000-memory.dmp

memory/2340-24-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/2340-23-0x00000000006D0000-0x0000000000730000-memory.dmp

C:\Windows\System32\alg.exe

MD5 8a7848cb692234516d4f86d71ea68064
SHA1 7340e86e71067ad977fd83e85c09e3f972b092df
SHA256 58670284aae89537be4007585c88bb4c2f50cd6129b27281948d6776cfa50c2c
SHA512 87dbc534a5587fcbab69eb6c4c8227e9453ea134b53ad11d9c615237760a56d5ef36203bf687681e09ba3376cdb47da800cb54b887a22ab844e5f5adec21fd34

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 f1a5155887865d940432410826935cff
SHA1 42bdc9e47a1750d26f7308664e360061b2129d6d
SHA256 7252d7f2f5c34d127d8ce968f3dc27fc8fadd3a6d34ad1e538004a43b12c63a8
SHA512 37853a0d5abc98078e561535593183e2491e28a207ddda36ff56539966963532bd1c698c1f3e6281300934f3a5c62789748e91c1fd6bfe9a203bc0c77a0fa4c8

memory/2888-31-0x00000000004C0000-0x0000000000520000-memory.dmp

memory/2888-40-0x00000000004C0000-0x0000000000520000-memory.dmp

memory/2888-30-0x0000000140000000-0x00000001400A9000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 1738fdf3f3e0dd864bda695360c35c6c
SHA1 e339b7ae4202778bb27dbb0bd581037696b33b3c
SHA256 44c8e4e643929240c43086dd0ed66cadeb8fa5d70fd8d87fcc1dc5d7e3c03847
SHA512 7181a38046679c2336483d5ba6005ae8b11991e92cbc0a3bb8688d21d4461c9014cabe9ec5e7e7bedb258d27fa778422ac8d663218034d75820b132fa144f195

memory/828-49-0x0000000140000000-0x0000000140135000-memory.dmp

memory/828-57-0x0000000000940000-0x00000000009A0000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 8b2f0f2bc79b1c07a0f38b4d8fca6d7a
SHA1 e9a7df2979507445c7adece959e5f6c0a5858273
SHA256 24b727af20472e3cf5b02a7b89bce30131b48d2fc2cb4da28414cd712dbb72e7
SHA512 91b576e8792503826f0e16af4e8c4db1b97457f93758c7e99c38e3342798bb5c540f1ce24dd9698385bba49d31e656581531f5033daa787f23286489b7737fb9

memory/828-50-0x0000000000940000-0x00000000009A0000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 649b1e1af14a8e0fd22e6752e1a861b1
SHA1 9ffb541e4cef933573af6eef513e6d27edf31322
SHA256 01c4a87d46290f7cec40b5e860b2531903480506b062d55877c1f5868e15dbb8
SHA512 4e75e218fe217f2babbe95f4aa53728dd399d3c62d309c66f00c2cbfdb4cfcfce0d538e64abebce96a7faea5d8e0d1f906258d9df3d296513ea36ae2050181a5

memory/3568-61-0x0000000140000000-0x000000014024B000-memory.dmp

memory/1580-72-0x0000000002100000-0x0000000002160000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 04c11cf15999449e0c0aadf17a0b83f7
SHA1 594cf0dedd4003d9c53fd96b1d2d189203c15d43
SHA256 e60642497efff938508618fa9f488c7787b031d3a670bccdfc8e164026579ce1
SHA512 311c52c1894655f08091ff280cb0af339a9389c74c6de7f74e64d0a7364d1dae34fddaae24876765bc645bb36f8c84b71e0885f883dd5f5cdb65077491a936de

memory/828-75-0x0000000000940000-0x00000000009A0000-memory.dmp

memory/1580-78-0x0000000140000000-0x00000001400D5000-memory.dmp

memory/828-77-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4740-87-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/4384-99-0x0000000000CD0000-0x0000000000D30000-memory.dmp

memory/3652-105-0x00000000007C0000-0x0000000000820000-memory.dmp

memory/4384-115-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 6389b39238e54bb779199ba430065292
SHA1 d045c5658f0f52217a83f8d284980b7380502971
SHA256 6f052622ed4ee7b6bf38925a96dbb73f73f3a6bb78a43eae82e0d41e73ff672c
SHA512 45ae5b1bdea568cea9ca309c68239e3b6c622171ccf6030b1c387dced2111f0bf6fc23078dd3122fcf25b33db5bcf2f886316ec8b85f430e23d3a5c469ce6212

memory/4384-103-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/4384-93-0x0000000000CD0000-0x0000000000D30000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 4af7c662bffc4b4060cf9dba4a0bca11
SHA1 b2ae15e22c56f3d00403befdae2f32f4435ffa95
SHA256 606e8c94bdcc0989a130e37e6edb9f4f5a9c378e6587b8cc3888f31636579ecc
SHA512 34c8683157dfbf35ce745762d9bbd99b72a365e37a610748622ab45b4e8ffb2d9b99f9d9c774f64bc75e5e6efcfa3c2ca4a7c8c2c0507149b4a117ce564218c2

memory/4740-91-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1580-90-0x0000000002A40000-0x0000000002CB0000-memory.dmp

memory/4740-81-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 ff2ad9bb1b4e0b27f8137614b857a8cb
SHA1 4194f8ecae41902f645efab7337c02d3fd419241
SHA256 20e91b1f11ad5a3fd0d0e43b6da016b7df77b827c8541b4efa05bff2568dfd68
SHA512 28e59dffe796cffc6f0e079437817dc497413982dcc8e9213cdc9358f35db377a7de6843b04a0f43493b9d28ec02f729617665aaba67ba85f95a03e6d48f86bd

memory/1580-71-0x0000000002900000-0x0000000002901000-memory.dmp

memory/3568-68-0x0000000000510000-0x0000000000570000-memory.dmp

memory/3568-62-0x0000000000510000-0x0000000000570000-memory.dmp

memory/3652-179-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2340-275-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/2888-276-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/3568-279-0x0000000140000000-0x000000014024B000-memory.dmp

memory/4740-280-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 60c4e622f595fccb830abf53528c4b30
SHA1 a186e9883e6e79d373c6a400b29f9b8a92ad7bca
SHA256 722bc2fdd425ff646bc62f9c9510a6571576ec28c9e41a3b37cda0556df8d259
SHA512 7156eae0397822b1f9ef360548edcd82e9005e7b1235bed947d7af2a1b4d29140bdc45d841b64c55818d1ac360519f3a3c2b5e59890d8d0a4e4dde9dc957b3f5

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 9e3dfa5d3dfc24f7b9084e67780c035c
SHA1 e4138fcc2569be475cd2ff301075fbaeb84294b2
SHA256 06316ce9b0f79c4f0eab963b5c0274fcdd87b583faca441e8e9bf17a928653d2
SHA512 18eec41cd4cac5b385e4eebd90ed7e5b0e4571b2699d1c24ba06ff87dc3a1f8f13d0b4f6e5ded929882416d8a2e72da405b9464b07f3c4b2a5bb9c3d61bf77c9

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 97dd935d4a0624500618a4195beaeb3e
SHA1 0eb710ddf8a804c10585c833ab37298332e04970
SHA256 2797b1bd0b6fc41a63a3d8fb1a04d511d8a8e10fb836a692b875065fc18fdc04
SHA512 24aad09c49bccce7685d26cdb524ebe42925ece147bd72ad2dbde171677bed0fc174c7e1d472a65f200fbe1a2646bc18889cd001077e7b6e7cb22799bc9931b7

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 49177f2085e86051983fd7c920f2bbaf
SHA1 03b3ca22ed24da34a810d1f7b65cc3d4936d53df
SHA256 d6b610222a4e085518142ccbdd4bac5c8f77e9c446581cdb179d11e3aa06c610
SHA512 ca7ff2322d464907381ae2fde202db071c590d889d03420f7ba1b5f90e8a08976334468b32f890d09d7011585ece5c5a7b80fdd04ecd4a0100e53da34e3d6d4f

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 2bb96c7b6871b82b1751f8802c3f8cdf
SHA1 20970e727780986b6e8e518983bc7f34aa131259
SHA256 9ae54e1bf2b0fc2032a9f0d90f6bd8993212b2acca7aaf46f2192dbfd410e449
SHA512 80c3d9a92a6129677d953234d5102d1177c3a46a00247e111ac3bbdb7a1367a35e88330eab1721cffd2047f818eed3320babdbb6d563e7ef6ad5dc63a71d435a

C:\Program Files\7-Zip\Uninstall.exe

MD5 5e08c44f27772090981df5ad0ef758c3
SHA1 830c27b7fde819c564196791f3558a1af76a3a61
SHA256 d0a0a6ee4964ebadd7b3ee69264dac21ff0a2b1a1e143076ebb7d53be31f3162
SHA512 c42804bd545e70b9c06603362b2da91f3f980fc0fd7a98578b0f5edcd1f7d7081ced49b3fde8cc2eaded5c232c51ab849fe8d466a2eba29cd41743dc09f3abd4

C:\Program Files\7-Zip\7zG.exe

MD5 e5498110f78c690bd8ac377770a7e44b
SHA1 2726fdcbbdc9bddcb2a66dc529e1800175af9fc2
SHA256 77d981dcec1c091184b00e4a57363961159fff4a22dc249f00f7c106309d10cd
SHA512 771978e4b227ae440c3977e257fad231ccfd312bda74fc72cd5127fa70ab1baccde023a665c09c244490f4f8b28bbdb1df8f0ed86a31d1e7f0c146596175b4d5

C:\Program Files\7-Zip\7zFM.exe

MD5 b2ac8ec29c208ac2209e415c98ea2e2c
SHA1 91734f379098e7267f82040c7e5410f0f3eaf44f
SHA256 373ff3d5e643ec0371ca05672645e268a98f4f7ce8f9fb76f8b5a510d06dacbd
SHA512 546aaf43af1aecbd33fc30ccbc1772cf0fe81a11280b99c17602c14cd0eee579d0496ef14ccbfb49cc012fd27034a41331e56ab1f361589973c973006d2d6721

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 a5b03fe840de0bf9f9402d3e1a4ebfbe
SHA1 0f010421962ec42c7173b42c46288a4419fd47da
SHA256 ceefa74f937582d5978529a5f1bd2e656a67f0a23f9dc03ae1f66626c1946279
SHA512 116823330bb1ec116f7665b5aa7dbf1b10933a995622a1ed72416ac88e5e9f95bc8b5753606a1d8e9da82b3c05076e863f7d03ed5a3d946392bf42d89f8d167d

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 f637a3fffb1ddf2a58c38cfe5ccee329
SHA1 1d60bf172e1b8ad066f68209850364cdcf8d27e7
SHA256 f9b1e9e03d2cbd2148d2313dab3c0913f03a14e3ec10ae5f99bc5895fe274d9d
SHA512 17884c68b239f806809539f6440ddd45b2a74c272120aaad4d30da8ba3aa19f2412ebcd2d47cef1e15efa3e63d11705cc8f97129015f03b1884c9912d813e719

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 5bb155c8cb683d94ba4cd964c183078d
SHA1 28a88c7d020d81597d0499ad8e878f9ecb35a79c
SHA256 229a1f1394587a4c96231b04bda511549db8a2717061baf2ac08f87f43e40924
SHA512 a72f6e99c6874a529e32b3ad5353e36f14f6197f3e1f1c8f1366cdab53dbc4ecd9e3de8123b4060413bb269e4c8f540031bddffbc772969cbe429bfb5456c252

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 5c59c4321d9a7de39a65c440240379df
SHA1 005b18ac6c67b1ad5903cfd9f96ebd70fac28025
SHA256 be45422496c01e86741dc438b3ca5c340b02b13c2c1b8155b36b0510925fb07b
SHA512 bf4c9dca933e124ddd2b5029f37871f7960c5c41f301913bcf4617adeb3d2bebd90044096c1948543eb5fcd2897697c5efcecf6a7152c1e798300301f01638c3

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 9a734facf3a4b5ba6a9cf170a8a19f0b
SHA1 e577e7cc1cf102609218ebc229a4cd64b921325f
SHA256 125b7919724df2689183ce2c3db54e171d56819548e8e9bfa4ecab260a0de66d
SHA512 81c889e2b90749223e0f01d872625cea5ac5a8be4e5e64330631585bc245b89c2795c02d2f5fe2e757ebf38acea9e6b140034051ce89cc0d0e07598101a5b771

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 0684fad41016fcc77264ac7234ec70ee
SHA1 629d7e3b12733b60150cc912edff59d726da2aa9
SHA256 adec958c74a33296d80e5dda3f8b2522d118ebe552e8d4f7addf2f57096f32a0
SHA512 088bb8eb1ce1041046fa7645e5060f0ef28e365e15f97c8bc4c66392f699be6f20b8627ae2c2d614fe792240883c00e846882084cab5e77d8cc1826d772d5339

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 562dd11e65efd389a09a13210144b8a5
SHA1 c0380d47b5d190296663fae33907e525c44032b9
SHA256 ce16010d127b668f20706715eefc696ff2b8f7a8a858314a7f5876752f143e7c
SHA512 ab0722356c30cd622356de1f4dce0f7f89885f06cd47f2c32a437cb74f6860be4f4c79b3e47ec035b3c69e64e2485c046bac8c48ea8af9cfe9e531ed6d2d146e

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 8c7a567fc04a13766017a72d985fa81a
SHA1 ef9e48d1b944b484ad719b08cbccc7ae83e261d3
SHA256 c3fcfbb2133f0de7b2a474bd7b5a488c3d18df89db3e4fd1c27d1f5a213fa55b
SHA512 4fdd5172e142b5774c9e57b261be545bb44d76157a15c5dc4f67a65e6d133692b57447b33b0070e36ce31553e3f9b52234c23f7fa51fd89931877f9389937052

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 4cb3da2314a50892aec2b0b90a3353b8
SHA1 becfd940412df06eba1646aa8467039df9199280
SHA256 d9b8fb09f91fb0237ef5550c5799457bcfc2c8fb96053e94660699ca5c185294
SHA512 52f6ddb7bca6bd7436bb496fbed5fe49acc555a9276d4cd7a82435a6466ac8938bbea17dde9a5b2f3e228677778259223147e4f3876f1d6ccb556a8ea667b15c

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 4bc63d05f1c1fa58398aac4782384b88
SHA1 b2a0c54d4322f1a3cac7117181408f3b50a3e18c
SHA256 9c55e6b350ea27cae91616f8670588d34caca0dc64bad04cf1f4eb485e8527c7
SHA512 11c9a36329d0cce654b367f5f41df7cb52318ceac1e1a86755d97d1b90354b6f6858e0a53c603947f0f9726166e0780f035d73eb9e6a122cb72f2d2918e08973

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 0c0acf5a0e0d06a2ab699b54880b30b9
SHA1 a561a3079a9bbfb2fce3c77d70078b224108ea19
SHA256 dbc67bf1cc69b26f6a672081d25f3ec2a6591d7bab7f8d3721263aeecc6b8d6c
SHA512 181200e9c046c300b0ff49cff7f89ca78f813aae1b26684a5368c91d4bbe135b4531da71770f84106d07c9f66b856e2bfae40a787e4f1d759c130788823363fc

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 7bb94b92ed0e8a9bb3a9822bcca59af3
SHA1 24ab2f26120bbfc35e125a7cf2f78c89e71aa921
SHA256 bd36ef7e0a2a04e2b69a65fbcd09c0107c8e6851d520605f40c0b3002e8cccc7
SHA512 836d471bc07327c156d2823cf3e9024882fb7c87b5c5864bce3ce2a83f3fb6276c2e329088a5bd71dd5b719fd921fd6a40c0457274a5e70ee28616b2d5a422f5

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 92cfe0a568d6731ae083092e749f704f
SHA1 b3e42cdd8892055fb23769643cc594a6284f8224
SHA256 00b39d67470fdecdac2a20597e750177e908db25e3ffcd26d48284a76f7bf144
SHA512 e04427aa2f84612db138334d444a9eb38f552fc0b6d1d57657fa1de82ea64643bde3b4b6845bfe26d6bda825f1c4553b365bed59293de89004c3d821bb139a9c

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 58a13f78b41efff5f19847eca394e6c9
SHA1 f24d72bda00354c664124dcef29afd14d8d76f86
SHA256 4337679fe4e4070ad78cab18fbfa7404c95c22bae1968e08ae4eb0ba9b08f9ca
SHA512 76c39b80a342b769ae9a153603f9614eeefc8dacfff1323581623440031082e3e97541ae8b1bb51d8a573b7d8129460500ee9b506e987af38ab2683ecde45b5e

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 4f419efec512c3c8009e1c80a52865fa
SHA1 4682aa4402a19536f1bb7d35407b24db66b6fa0f
SHA256 6678e234eeedbf087fd882098a4a2ed1733275fe7fd9b413fbb92780c4e91c44
SHA512 a463ef67971a3b1aa57135f940f3db98b777be619becd10f7573cfac473d4236fb0bfb174a6659df5d072568b22a3365fed719c75f4b313ecd307c3331ff7c57

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 8b05aecf4b445ab163fd6957837b40fb
SHA1 709db5fd4f7e5de8f55a48976b8c7edab749b48c
SHA256 0ff206f1526ffd83ea0c23fa166ce18bf9427f3b20505c1317c0734f28c0a7ea
SHA512 212e6ff14566a0af8b0e2248688a7671a10fab82bf360658db2f3133c5561bf0d26364e5dd82d27970479e7ace26ef748f29b63deef17595ff4b26314f152155

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 97cc8ea8aabc9d1feab4da46ad31f953
SHA1 ae3b76fd46f9ac88caaab608585bc44dff6239db
SHA256 4b1aec79e4b85878a73d1bc464a1080885676acf8f8950d1c73c9c06fa0351b8
SHA512 0d8733217262469da01580b1e0bef78724fa4eac5b85ab32a1d564f80aafcf61a69b08d7aa2ff73f47120e668418d29d6051e2223dd9a8dfc736718cae8eeda6

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 a3bcca0e1f3296a06bdeb3944be5103e
SHA1 b5e13dec3fd0136c51c1badec730883d97b6785f
SHA256 bd1b144e72f5d517d3feca43fb1d4bb7ec7b4ecfbe7b46ab1cac800cb467673d
SHA512 356c510ee900049c3d0d718913354f6bdf5f9c5bc10a77c0a45d91ca5aecaefb0e256c93cc42e85e6a1cbb06fc10e38f3c8b36594e650d91b52e611306cafb0d

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 27aa6db2a126216397da37f3d144a478
SHA1 9b49978df31852d718c6f0e558c87d1f6f03733e
SHA256 c4045bf6fb5e6c1867b18a077e0414986d13c729305a682521f2c3f305a818e7
SHA512 2568acdff237feed17f4f1fc54a822606b0eec9526dd13d2cb01ff8e4270c212982c0a5af66d8e2f2c85634e3557b244adaade24fbb1f5a5f689138395896dd3

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 f5ca08c6fd0714985be46dd8e3b92cbd
SHA1 1bed8482085fd62df6ca6047738900d8207bbdfb
SHA256 635669d1da43b3815be891d94fef62c534f13002c6276241e0eb86e446899267
SHA512 7d125d7521646e18cbb11df6b6f14a7951bca82ebe0d0d0e4dc17198941616f2a997ae798b1146425241a51f3d7bdadc2ed1cb5cfecf919b65371346a0927e17

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 6603889aa6850229f77985056bacf65a
SHA1 08e3e7fecaf9c29f496b404d2409452d6e7c0873
SHA256 5599da9797451869c23893799c98e252937332cd3a1d53feac354373866e5ef5
SHA512 c8ccc22bfded7bc562fab88b84d5d9e3325b61cf759d7046e5140c14fc7dd6ff4f32557373cdffec2674838d11415957a9217a3364f10d872821fb2fb57b8dbc

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 6651cd21851c9e1ede1b369cda64c62c
SHA1 0ef67c177224b3e7c4ecc5efc4b57e942c27cded
SHA256 3245877f5e9dfa2a0bcf8d52ae5185824d8b9c4d60ac756f788cb1821f70d6bb
SHA512 4b6d123fb9075f0bc862db01f640f11118068246b478c8b1f71bd6c257747fe98dd5ccb9590f6d68a688733b741c9f3c9ebf0e064443db5c104aebbc2b024394

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 ce78425aac766c3a061f7f7866b4b4b6
SHA1 8c14197a08178f6298bebecc50c0ce51f10c68b7
SHA256 363547c51d0fe6f15e25065be945c5736fa99648f47493d079f2350f7ae3215f
SHA512 f71e4f80d98c7cfc0be729d6d77aade55fa7c12659777aeed9d364a8ca34d416f4e8e38dc4d1dbd972aab2e38aff82a044cbd4f7f9a90997ddb209a2a34a915e

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 43d9b800183b966fc0dc75b0cda9d79d
SHA1 c565a34021477990252d1b8ac2a5b2c23cdb07ea
SHA256 65ef375ab9c0d18301b294b640cdd8e54c25dbcfa0db3218dadf40bc4b3aa517
SHA512 cc9b8223fafd63944b2cb7f746d5a8595d9d5af3edd9aec55ee7e8e58b1d69ad8c89de05722c7c702e2c421d1891d62c6fff5a1a202a6178e77d49d303702446

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 a72ead530824439ed4c8fa762541268c
SHA1 9f7721143767d691e8e56775441aca5eeae6ea38
SHA256 f42f08b160ecd134ab3c4fccae246948e09f1f3c1a00338eb9e235d1d2e0b729
SHA512 d938c9bfaf190687756f880050068a0d8d962bb91e4a39186cbdac3b442340dec29dfa6c185df6f46b40491b0e61e018c7a71f9884b47bc8d6b0841d94a3ff7b

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 ce1271b76ca727955b7bc3a649b5a221
SHA1 232e14fe960dccde70adb51a721f536984efba82
SHA256 314ae57e36be723b657f5b2bfa5962789a26c30b5fcd2a5a506d676a6702cb3d
SHA512 7dec8f798fdb48630cf0c86deefcc177f3f85930029767754323eab07aa88ef3a5b842eb752b2ef3f45e26644a2174d7545b63c013dbe02775b33bb471fcbc52

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 bb7bccf3bbfba03590c1b7f1a28e44fe
SHA1 b48a8cb8d32c041db937c149ccd5ee1e6d23b4b6
SHA256 77f540b71bf15817071a9be5abef80992c295dddabaac1ea8f18c9a59ca8e741
SHA512 0128ff49602fbae44318c2c750c9aadb587d77d1667530cb57f0f7065588b59d1ba9cbbe2c2a988520adbe93c54aac4db743e63688b110e0d0308196f357fe92

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 c385fb8695e869f0546bf5ededf2a3f4
SHA1 31777f25e6996bd094be7d16f3876fe8fa14f776
SHA256 41e2223b17ec3d7a69527f3bc0938038868a305564f90eab2d75a273fa309c4b
SHA512 90970ab5f80f1d76548f78c23613f9a91bae9136bc70ca25f5447b036f316f0ab25964804431218884951c95654b853aca8bec3961b75e2a13c41c9cbadfcca2

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 7e3d9ec6abd133d346522015ab2cef5a
SHA1 8d7d14f292f7adace6e8d76bdbe34b48f106917a
SHA256 00748b25f2eee2583837930b3b130a6fdf130ae1b74e92b1256dc5bbe8acbdd5
SHA512 0821ab0f3d6caf8e2ad8e3c8c992ff70f7c4acf6c8571961801f3ac5c6e3a164399a5ea4e496589b847cb0a55c52d115366ff44327c34d8a41b64e9b1d67e8ec

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 df73443c8fe7d9c898a9b8510e7e370e
SHA1 e436e7b4e52715a621ad1a2f3f5295865544bb74
SHA256 3e27fa42e9ec9318deb042c8071b076d95656fe7ad6362860ab1776861edb4fc
SHA512 aadbfc012e55817e4090b05a7a79f5bd345bb36d9b1cabdb65ebe4b92fa602108c9dad8218a8a347b81760c14934511482810891911dbab3b60343dd1721fe16

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 f98d8fa4562a46e37bd58ed6a7f736fe
SHA1 472e9738337a84680430564fafac0c7156138f87
SHA256 5740a65bf55165431d5f7bf5b2728780af9229f336ddfd58c421350d3be7d415
SHA512 92d6f0f64998a338519574e71e5eb63ff3c16a4272ab728cb1bc69aa4111798512404fdfca8cc1ad97288253c4a27dbc5e1328c95a942b5aa08af055d3dc438b

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 1798f8ec154832037192f3e21d77d280
SHA1 01e4aea35b6db7e6f985fb18f7e6044c1ddea746
SHA256 d85de692538e0082bcd375a680fa8d9c6dec508a8d7006c769bce329a3e7290a
SHA512 5d14a9f816dd459a9a8d9923d05c47d1e7b325b4038f8387c9d8b231629362c4ba2dd92023eb12fe6f7527fe19a377b3f6d213eb7d80756334d40cff24293b09

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 9fd745269dae2a2f88dad5e1e2213abb
SHA1 846e3a8d06aaff4aa1b7f32e7cf24e4b5616af40
SHA256 da5e67022832fa74264546b2980d90ad0559c3b9bc4e6a96c234e610f92b0f65
SHA512 b8af4d8bad90aee6fd67c8512a525e5d77cfc11bebd8533089ae502e990aa02b94d2faaaf354431cd7771a4e7e5ea51b5a798d550f5fc87a70c64c4bfdd33f34

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 85fae8d91d92dee9709118c54decff84
SHA1 69b05d1aaa91622cdfe79c1c00ce64a8b17a098b
SHA256 96a2dfceb94d5312a176840e2d5094c88869cc2b5cd467f631b18cf56ccdb502
SHA512 aeaf299f38b1d0b19177970b3e2d62d47f4b60adfc1a05af80b689360f33508b67ceddcd31ca99ee80b14cdc31c16f7862d1d41523e8e48700d4c75b36179dae

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 8e068583a5ef1c0fc79fdaf2b89e3c84
SHA1 2a70aef44c37d741a21af0e29774336b6a7906b9
SHA256 7956ed928460e43fd75914c6eeb529d67671110505a5603c61b93bebf93ab533
SHA512 41ae70f27e46ed097a99928912a259b6324d9d4803dd6798a0507f2da2cb33137dfe33d070c8c1219793cd50cf9da76f67f6c21416b7044bed97d6acec5b0584

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 03ebdc813a029edb8b444194b91c623d
SHA1 8064a6dbb0ac2ee0387dbcf483dc5d305e6f4d4c
SHA256 36e4e82d5215679b1c89420f4cc15e95a124d431f61bee133c4f1b4105892cf4
SHA512 701b615779fad73980074128abb4fe8b40ccb5117f697e2f745f8d1fde004e421c27c7e15a71cd37fa51a82e09c2c8adb2c599e4c9320ebea226bf7e02abef17

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 e23910b2a3a6943a546583cf0059f03c
SHA1 5a35d8a00b65bee830630e223de7a7b3f9db2d0f
SHA256 9de895a6fdb6740f91bd82e8fd1a5e3ffb9e9c792ea49f495bacd2f50a08c46a
SHA512 fdf198fcec63d715053275f4349fbc2d0a8be32d20f9be89e3208ab88ef7a72fe6885f7dd1915ec28a72c7e340bc653a4734c351115a78232cdf9689a98d8977

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 8571d372bde78829ee67ca4272bcf52d
SHA1 0feaf511b7845ab329ce6b75a25388675f4acf85
SHA256 77ad4e6df23aaf28f7be3e9ff9b98a535076c492f3a923ddb3fcd910df1fb5f2
SHA512 4211fe629bb2c64f385153061dcf0b88b2de79ae78da478f8613c8c5c1c01d98790bb0188d7a5353a1426fe0e2f433e31135479af6b2e7610c6c163c5dd07f64

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 ad51a398d351687d4f085aa28b8995c6
SHA1 65bcc8b967f4488c5fed6f2a98063bb74111b99e
SHA256 7f626f6f09787f6d377d8ea939ebb0eb255baff07669abe68e2bf926bdab6175
SHA512 9ce6b494a876060f6874de1126206a154e9f8c0fda8d2c9a26766e2d2ac27ef4b4b261aa166f3fcc1a008fdaadf571e3eafcc3098a504d745c608738b2b93fec

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 5b5dfba64a6411dc13fd2408052ead89
SHA1 af0726979f9552bd722e8d312c84defa914fee53
SHA256 de159d4e97f66052b6aaaa49f4a704b44b9db18d90686990f67fbb7d893568bb
SHA512 48aa0634add890d563aa38f9c512892e65e65cfb57470e4e9cc933bfee56035423eb6e9a5589e09677e930289e0c57ae19dd1c7ca482b456e0b9320768b7eac6

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 cd2998dd5b380551d41a662e957c6a5f
SHA1 0c552b802758a7add94e5ee89e8d9893cdf80508
SHA256 e27fd69dad742b3e08b3d19e505a049c8aaabbe8103ae63266226603aa621ce3
SHA512 9b83df66685b4d9625eb510807e43138e6c2c7c48a60680a69e9011e4a4b6af8d38fd04bcf708b9a18cac35dcfbcb8af11c27af6df42a794e626d0df4e4d0b80

C:\Program Files\dotnet\dotnet.exe

MD5 815af622060b5c0bc89abd1295935151
SHA1 f0626ad26e898e299b59beb08ad2b4bcd9379357
SHA256 fac907e21dd2f32fdcc8a94de75369a52e40da75e9539149088021146ffb3a6f
SHA512 89d69b24d793818c428975e74595129006b5c259f6817abb95d9dea74315f9dc1af36ed79842ebd09b6338a8cd76ed299c8f7f1cbab490ab9336b8ac5793723d

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 345e0669d70ecf02e0e802b8a9656ce4
SHA1 feaf46589a55551ff6bbf96216e905e631a5560f
SHA256 c0ab67624d14683bf9944e159f5ac290008b3f89fe43006fed87ce1074d05f47
SHA512 4e59187fa4b6990380e54895ad22d2d684d3ff52a86394924a246fc9520f83306e9585743b2a11b55c40c74f646c33752ae7bcb76ba8c08b2619603cea7fcd80

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 df0549e8f1e965a087fd4bbdf151d696
SHA1 0d31d200aed7fd0551fd3f783bc97936dfaa59bd
SHA256 ab6d1b25f13643ee902de6235a8bac7051d8fb42652880d846de4be52d6aa9b7
SHA512 01259d8ee810057e39be4ccfb23d5e6522399b88067d7697761e752dae3211c27247d110c825c30605ee57c7c85eece312126ca305e84867bff8139dde94ace4

C:\Program Files\7-Zip\7z.exe

MD5 031f11c7c3994301b328ebcbd890996c
SHA1 92d097c3dfc0196e384c43ed8a8e413ac19ab69f
SHA256 58da9b6b549f4bf09c42ffd801e447b2fbaa93877d80764301bf21cf8714769c
SHA512 7afbe8f7f4c326571323a2fba1b7a5eabbfaddaea3e02951fbf428c9df1c5f4bbbacc80f64c06645d4474aa102867d61b70898c27dce6ccd0a17994c051e7a4a