Malware Analysis Report

2024-11-15 06:33

Sample ID 240614-dcdx2aserc
Target cf04963dbc576a92237d8d272ea72c28.bin
SHA256 7c2ebc773acf52a452524a438fbaac8317a61a0d0ff7c6bd4badf11b3712e9a5
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7c2ebc773acf52a452524a438fbaac8317a61a0d0ff7c6bd4badf11b3712e9a5

Threat Level: Shows suspicious behavior

The file cf04963dbc576a92237d8d272ea72c28.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:51

Reported

2024-06-14 02:54

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe

"C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe"

Network

N/A

Files

memory/2000-0-0x0000000140000000-0x0000000140248000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:51

Reported

2024-06-14 02:54

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\47422f17dd2f4b9.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99406\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\System32\alg.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe

"C:\Users\Admin\AppData\Local\Temp\cf04963dbc576a92237d8d272ea72c28.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 44.208.124.139:80 przvgke.biz tcp
US 44.208.124.139:80 przvgke.biz tcp
US 8.8.8.8:53 139.124.208.44.in-addr.arpa udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 44.221.84.105:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 34.193.97.35:80 fwiwk.biz tcp
US 34.193.97.35:80 fwiwk.biz tcp
US 8.8.8.8:53 35.97.193.34.in-addr.arpa udp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 18.208.156.248:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 18.208.156.248:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 44.221.84.105:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 18.208.156.248:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 44.221.84.105:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 18.208.156.248:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 18.208.156.248:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 44.221.84.105:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 44.221.84.105:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 18.208.156.248:80 xyrgy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 54.157.24.8:80 htwqzczce.biz tcp
US 54.157.24.8:80 htwqzczce.biz tcp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
US 34.218.204.173:80 qncdaagct.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 18.208.156.248:80 cjvgcl.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 44.221.84.105:80 neazudmrq.biz tcp
US 8.8.8.8:53 pgfsvwx.biz udp
US 18.208.156.248:80 pgfsvwx.biz tcp
US 8.8.8.8:53 aatcwo.biz udp
US 34.218.204.173:80 aatcwo.biz tcp
US 18.208.156.248:80 pgfsvwx.biz tcp
US 8.8.8.8:53 nwdnxrd.biz udp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 8.8.8.8:53 ereplfx.biz udp
US 44.213.104.86:80 ereplfx.biz tcp
US 8.8.8.8:53 ptrim.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 8.8.8.8:53 znwbniskf.biz udp
US 34.218.204.173:80 znwbniskf.biz tcp
US 8.8.8.8:53 cpclnad.biz udp
US 44.221.84.105:80 cpclnad.biz tcp
US 8.8.8.8:53 mjheo.biz udp
US 44.221.84.105:80 mjheo.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 jifai.biz udp
US 44.221.84.105:80 jifai.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 8.8.8.8:53 uevrpr.biz udp
US 44.213.104.86:80 uevrpr.biz tcp
US 8.8.8.8:53 fgajqjyhr.biz udp
US 34.211.97.45:80 fgajqjyhr.biz tcp
US 8.8.8.8:53 hagujcj.biz udp
US 18.208.156.248:80 hagujcj.biz tcp
US 8.8.8.8:53 sctmku.biz udp
US 35.164.78.200:80 sctmku.biz tcp
US 8.8.8.8:53 cwyfknmwh.biz udp
US 8.8.8.8:53 qcrsp.biz udp
US 34.211.97.45:80 qcrsp.biz tcp
US 8.8.8.8:53 sewlqwcd.biz udp
US 44.221.84.105:80 sewlqwcd.biz tcp
US 8.8.8.8:53 udp
US 54.244.188.177:80 tcp
US 8.8.8.8:53 udp

Files

memory/2440-8-0x0000000140000000-0x0000000140248000-memory.dmp

memory/2440-9-0x0000000001FF0000-0x0000000002050000-memory.dmp

memory/2440-0-0x0000000001FF0000-0x0000000002050000-memory.dmp

C:\Windows\System32\alg.exe

MD5 c8cff5095b7d253e364908f11cc21f2a
SHA1 37928b368acd00d0212026a3b23946681593a65e
SHA256 af117adad6d8b95a1336440c3fafb1ecf45711085c46e785b532770dfa9f6a76
SHA512 23e9409857ea250f14905e28b9585af54ab8735caa64551e4eb3739af772b91741f9a81d094691cb8ae85964dd225f4fb08bcf310dc3d62fccdd86ca125dcf8a

memory/3752-14-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/3752-13-0x0000000000500000-0x0000000000560000-memory.dmp

memory/3752-22-0x0000000000500000-0x0000000000560000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 56d57950141607d6c4a16c3552ab216a
SHA1 081cbc636a4449ba33babbf2a142d38b42f78082
SHA256 ba2077400b062b39bfc4d8f783d033d855549fe41dde5706e35269388779ea79
SHA512 041b75aee56ca2af120aa3e0be52fdfab9964a07d028aeb77dcd1302c12a6e8950e500d09b549883d510ddb1d34129f1d7805363e62dfba5b6a4ba5355ad4bc9

C:\Windows\system32\AppVClient.exe

MD5 b0bc287838ad4e60687a9ed583c565ae
SHA1 81b0529d64a5f15ea4d599eb4f202b28cacf9097
SHA256 6d1417bc787ce648e258f813ea1a86a356f4be2f85c8f5936d04dd4d422588cd
SHA512 1f4622a39e3a254ca51ea3bbeb91f4e72449c5db0000711b745dd916a433b45113af9201677d58b4bb1964694a99426d87f2460a0a8d2e837399db078fb63d26

memory/2440-38-0x0000000140000000-0x0000000140248000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 ac781c01ab72e3505aff3a118030180e
SHA1 0c0f23ae2650378b91bd83ec727e61e0b70cda97
SHA256 9eb27c03b033cc5e6d170678d981f13a1ccb716a3e3984016712859b4488470e
SHA512 823233d21dfe3f934d75cc09888368f9e65468acff7b89d115b66bc7194e9ba8c898eb1c9661998296b778b95f2ac3c14271308fcb06623fd6888b19e9a8a8ec

memory/2664-40-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/2664-30-0x0000000000540000-0x00000000005A0000-memory.dmp

memory/2664-36-0x0000000000540000-0x00000000005A0000-memory.dmp

memory/844-50-0x0000000140000000-0x000000014024B000-memory.dmp

memory/844-51-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/844-42-0x0000000000D80000-0x0000000000DE0000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 602b6fcf06ff5d38b1622b7956530dc2
SHA1 c99ed56f5a8c346157d55c14adadb2dc40f14822
SHA256 a21b97a76c3571251eea099275782cea96ae8608d287e1778f3e919497f55ef4
SHA512 a7ded08851b71ee7637070281d6eb92e506dc3002e9134458bc9c71c9604cd58ba5d0848bcce5c0cabbdb0e4d6cb7a0db6c88bf19ff2cb136195bf116b921d32

memory/4792-63-0x0000000140000000-0x000000014022B000-memory.dmp

memory/4792-64-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1496-66-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 b01698133f18cf456b43ca4f7459db61
SHA1 456194f97d7be3eaaadb49244aa08794388996f3
SHA256 51197108553c907a9306b9187b9ccf3c80e417ce63b8d62cab00013ed60e809e
SHA512 7aefb351efc794af23fcf38d28b81c9436cd34103d31af38fff08d26d7bf950cd0f0cb3e2161e433a4b137d6791306d44563ba668b0f44700f850c5d6edc6c60

memory/4792-54-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/1496-73-0x0000000000D30000-0x0000000000D90000-memory.dmp

memory/1496-67-0x0000000000D30000-0x0000000000D90000-memory.dmp

memory/1496-78-0x0000000000D30000-0x0000000000D90000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 86ab87a3bddb43cd91f89783c91f1147
SHA1 b2f65e215ac1139074cc06ee5e824485eb5f7bf7
SHA256 bfc0b9e510f0ee3940817b2c4d5bd3a06a2ee51fa991e7a0a1f8935636725d3d
SHA512 a8854adb5faf9326c846ddf194115ac0ef6aaaf20e507e9f245b9ab4460899a652be1ce8dd7f25bd1772202f39e2048cfcec7d4e1ceca646d721b08afe8c5d31

memory/2788-81-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1496-80-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2788-88-0x0000000000420000-0x0000000000480000-memory.dmp

memory/2788-82-0x0000000000420000-0x0000000000480000-memory.dmp

memory/3752-248-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/844-249-0x0000000140000000-0x000000014024B000-memory.dmp

memory/4792-252-0x0000000140000000-0x000000014022B000-memory.dmp

memory/2788-253-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 02e5edcaa4d0eb5146c4a0bcd92fc3ba
SHA1 04b1a158df596c5f72c7317477649d9c03236330
SHA256 bcb892298ae40a92fbc3c515a7e410da6f6422911c18b5e383a17fb04f47ae61
SHA512 628194c1dbe81c2d2cbe74e661f120de799699db2e8608e7b395b024844ea2ea4a349fda30ee3ab21c172ffa06b0969faacaed2572d0cf1d2c9eafc136877c88

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 a4f3f117d917995ce298741f882530c5
SHA1 806f8a15783db62e2ccb23781a20af810429a3f0
SHA256 6212705b28f06fcb7fcd321d5d7d1462ae43edd58bd50e3fccc9d820d5bfd52d
SHA512 455658ee18c70a47b2565c76fbb6743c5f34205c777a1e52cfa1ecac4adc6ec318131a75183d031a5767f49cf6e9928f53c901d6c914a2a9846e67f4bcb29d22

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 98dc8a72f4ae4dff444993dec28c58a2
SHA1 a584e81897fdff35c8057f7faf19a349359ca0b8
SHA256 fd4f997ab5d64b782b103767aec5ff87249e98037d42f3ac0615fc5d14533b5c
SHA512 8fad2ca5206fd1840545ebd996f5337199a01f7bbe791ee312ddf944020f31caa15ec058a017f1652c264e7f5b2c8cd831b7c28be872a6f510ddee18ee6c42a1

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

MD5 87f73d7ef14576ec4c625182ada77c32
SHA1 73e4df082a50f69f974a9997c805438d1586bea0
SHA256 52fd18e7da715b7f9fcad3652562d7f311723e7567300c1a86e6edb38f8aadee
SHA512 646be6edf03feb831fc3ed20db85af45822eee5e7b2526a87740fde8de9563025ff1548495ac58a14a8197916b77d43954753c7c1e529550b4f911a27304ad60

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

MD5 6022d3e7b441a9503adacb49b1858ed3
SHA1 ddace68ef312b3cc077692fb1296123173db47ce
SHA256 cc04374b92970e8acf4d42da9a062c8349519d46e8761584a40a1d8600cfbf20
SHA512 0aa66def8d3d24e4ec997cfbc33e10f9bfd6fe57aec119622fb66b84bde4c127efe73d1ee7e13012f504cd80a3322d4ce7458b91229c0b5fbd591b3ffbf14831

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 d3d5b1845dbde62dad9bf4aa1eee41db
SHA1 5d6e2ab7aa87a7349411bac484479e595523fca9
SHA256 36300d55bb8ac06788395d2d5c9da79527117e3312906817e995f35cabc72961
SHA512 0a62a89c09c608570092db28935aa4a67eb598d833a56ce1c9cbb4fd770ac51172e982f4f4deaf485bc6b64e73c871aed37c00fef2c10d433fa2f399ac396148

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 c64fd81a558ad200276da3e685582113
SHA1 63adda2c95c629cfc0853b4a993fe9a0bc6f54f3
SHA256 1e297665923ceec8fc59c1cbb159c4a00cee26d51340cf0d5d03eb7e07bd0497
SHA512 48d4d3ffb601c8a9078affabd95153a6a0c497eeaa309605122fb3de5cb7260688a089ea6a90db85dad4841b2f1d4b45d4ad38bd676b2a59a876fa50bb370f1a

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 f121febcd459503a689412477b7667c8
SHA1 8ce2db48a07478b993440514ca24717259fb19c4
SHA256 3a17077b52ad06eeb873800cd1203256ce182c3fceaf4a4c5c4998a1515c8d8f
SHA512 5ca9d7aa4b7b65af04f10937a0b7a6858f517df6b899b3ef3bab5c27d41173ca2516354c375f67f0c1279392b7d11d33768af3841b3abfbbcfff33404bc1f800

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 b493ae19b84692089ffa886f1f38a585
SHA1 26a636c47b84f22cec4093e8c455eea2a6558767
SHA256 05fc1b889882fcce15073297eac5381c446415ab711c8a8eb8c397c62f4828a3
SHA512 1dc539959715e01bbf4334b4219456542820686beb70e3b968293b64cdfd9c22e8c29ac7bc95b7678161956733c8a9affcde952b1eab4fd1d3ebf130c2e1c3b8

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 27d1b3cd1609284bbd7e1f2561839cd7
SHA1 ed70daf1496d7f9afcdcdf0c73f62d0cd84cbec8
SHA256 c13a4fe4fd6c2069efda73e2445a0cd29964ff2995a13a10eb6f3d665b7ee47a
SHA512 6dc4411ca5953ca6c81d340f45779da0159a63020eee5f7c558b2c4d10f7df0f57dd093b0d3f7aeb9456f8ea640ed1dc1bbe03ab2312132d3a02be6019408dc9

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 714167f182a3d536139cb1072ee13d78
SHA1 59a19caff89d6612b3e9da9360876ff1270a663c
SHA256 e790badb2c8858df7e4fd1a87696ee1de0ff5e09a205ebb737636525a57002f6
SHA512 2b20def7414d587dd0ffaec5bf017a33bdc5d9072a3caeba802bafa828fb697e7690531f6c6856d98b8571eb9d7b70becbcbcd8899f157344effc1daf7087730

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 b4282ed999188bbd549ed93424ffd516
SHA1 5e6bbbc109e1ee485b841efa7da4be765786dea4
SHA256 3c25e3240a572071483563e7303cc37fdaedd86cb19447a4a5494810f09fcbf5
SHA512 8bf077625ad468fa8f7b1f04f783a542efddd463ef0dc712490c6d4bb34b025fac1c3651dbc8bb0f80784ca06ea8ab3ed06749d2ab127174960a467944771927

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 fd10f2bce1a19f5c1129763c9bca2c0c
SHA1 5467c7f71cebe28649a5a87eeacedd5d4abda629
SHA256 680a4f701d452114cf64ce5489fd34eee183d61a0b79d4bcce3ec512983aaf23
SHA512 c3bbba50ec00f00f9a97e6bd6785d31aa95cfd502afee1e935ed82d35e7b91c4715a4111e733bd90180f902883180f8bc0501dcc13358279f67cdcf82ec1e361

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 a81454ba8e36b71cb6ff791e0ad4b1c4
SHA1 a2a638355cff123ef25fe343e8ec2aefce551efa
SHA256 031d0ec56c793576af73dd7241fc7bea0870df0ac18691ffff5f013479b78dbf
SHA512 2da3b701e231c56d069fb2aa66f773680327c7d3d60afd45d633763e5af396dfc6a5d0709972f6bf9e18ac8eb29f79dc9510c58c132752bc02c45140eba22dcc

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 d6e10da322d669a9d758f1d8da31f4d2
SHA1 156da9baea953f6f9f345cf830506670e1d6f89e
SHA256 9d4f523ed9cfb760ad3989855e1034361955ec623a155231a6e32609bfa1e724
SHA512 19d14e8ed1d75e556d42b5853948b93995c08bc867843da7bee5aadce4ccb52c564bef401fdb0951ad76c12fc38ac839d665b917b0f042d124bcec1f8ed507cd

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 dec9c80a2be6da1c46ea382f812f2598
SHA1 1b5927f097e09002954c57219b31da81104cd834
SHA256 442a7006b6a23d463d5cc49b4d529dd2fb9db7076533c2559df10e4d93240d83
SHA512 275a5568a14bb3b7d637fec98aba8d6ca92db700e4859736dcf1bcbf4ab748d4c098b0d3151cc371c7e0a5c110bb52ec6e6965e8293e45ef22e23605d51a4307

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 4ccf593f29d940eaca88677182c5fdea
SHA1 3dec96b523b6d2ecbf1c9fbe75aca9f0f17a064b
SHA256 bdc8d6d871786a9eba60d60b876ade9eb29e65256713e771a049549cf1ff78fa
SHA512 a8649fa6ab506e43fc33765b56edd7743846b15077977ac7e3f971ce863e795895d1ede363ab9d95766b964334c7ade48d05b8d3e2eb7717f828b57c04b5b258

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 6e6ff11d3409cb31da31468e007222d9
SHA1 8bd919a0cfd3a867253ed1634febb583fe9532d5
SHA256 291db2090f4cc9c4051c29c76fa245843d3693ca2c6851bb48d95a6bddbb94c3
SHA512 d25a4b7eb5e4a810d8b93f8102f2a1a6922cd8a87311d7dc4a77a1484bdc0ac7af6a09bfb9337167fdf44a17cd2e337305bfcaa6b13cefa2a76b633e18eaa829

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 30867a807aba2ba97c6964159b054a22
SHA1 4feddd0a7f78b476c917866338214af4f96ec027
SHA256 565d152ad9a9996b96dd89e2b6beb453a35da39fdb9649a34ba1656f5be8c73c
SHA512 0a2d4da852a5cbaef761a993e405ae606e9627c3c9dd29e51fedad7af39e205c210ad2d1d1200bbfec07d8a3604b3630c24004afbf967210b44a0643c3a3d28a

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 bbdfc9625a422e3f49c30a4b4b806345
SHA1 2d3a28d47a5a67de6f1faeb2af730ddc1e04e95c
SHA256 e094a990caa300b3dcdd23f984b46f82b014633744788de451d14dbde2afc6d3
SHA512 1dd1f94be823e6eaf3672a9bb37e890bf123e0c849dbd6c1a9b6880738153f54da97561c0ae944383120223cf3944fd93f01e77ab3716ad1f56374a0f5ee88df

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 b47e2f752d3f509de42a7aa51e8766c8
SHA1 eb68a537ec57b4acb768783e123c6a7502e70857
SHA256 2969f6b5676be7d712b38a0aa1de664fe9a259df280e8623a91212c973b649fa
SHA512 b3183c5a5f178e85721ecf955c26d1474d4ea0e4d77d4fa38cbe5c1a105de1194fd7fef1850bc3aadbdd98dc5da8ea5d3d1747d71cb0a86eb4228a83f7bdeb51

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 82c80073716d8fb9afdff5572f36d6a6
SHA1 e0f4f74b56b73c51998f2a02044e87683ff5da59
SHA256 87bbd45caaee4e4f28390aec1af7c4539cc46f292d656f11c4ce64457498f84e
SHA512 ed8df17ce7aac2829881445bfebc816580eba9be0a04c5a1e5226781c044fdd2b439e8abbb5929f1abf2364da8086b380e0f1dcd8a0d51bf011e6307f9654234

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 11aaaa2f6f29b0394ba6bac12dfe44e9
SHA1 14f47e314577295d80f1335ede3cae49daf7ef25
SHA256 95cd6d7675e88a28756cb715359a8ffc8d139ab22cbdc63c66048e56dcc9f34f
SHA512 19efd6a0a757effbcf1dffd0f9f7498904343155d109c8b7ad9d12648be48246ca0b25550e09664833eddf9a224ad4b8ed6afd6e088d13be18319eb999075cb7

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 9083edc9bc740640b30132114fb70194
SHA1 6b027549bf9daeb65367c1d18b712d3929d29b44
SHA256 5f8c02c02bec0853ff5896452dc65c36e9f2f0498c67f38cd580a5f61a3dd261
SHA512 b99381e42c4fc7faf1c8ed1e16fbeac0d03ef552a87745223e7883f4c56054aae9a1af7a58efb1fa341af3a689d382318766e766058b9006f8ef434815378682

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 5d425422f069f6bc207007380cd327d6
SHA1 bad398a7dca4bd75609c78a49c8f2d05e333e0f4
SHA256 0630d54c6a3b88b1270a49d6f264ffc59511594764126f3782872be63d025781
SHA512 dbe1d27dd000ee404a1c6251095967487d8032dfbea4782dd4ccfa1dcb5ebcfd4dc56f89f96a4806fae270afff674c3329ecafc08e7dea6fd6be22f228a737a0

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 89b615e99b8bb469b1b46d25c45b4b79
SHA1 f6d07be2159112c31a1e8c3b98cc6f629a21fd66
SHA256 7ee58385f4f71a495aafd2701561042654a7a50a23c34e4b52a35110ce6dcc1e
SHA512 472d4d09e617eaadb69f1c8dd11c3b2b02b324f0513d78e1f741f8ef1a2f0d5c73dbe6cfa409af665ff3e0f5e048270b1f8833af5a20ae01ab48068bd3235d41

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 855c831219b47ce18c8d1c313b027ae2
SHA1 2e1cebcd96672531953b8f07109da2a5f3f0453c
SHA256 3a54665872ed0a08332842bee76fae48664df30497d36ab29e6e273c82c030a2
SHA512 feb8ce807c032cb25c53f288cbd17aa2d01cc6e5152e77f2fffc920345e56472e3a1703959a14f62b4440555b5ab8ad0d264448b4c3ba179ac9558d30df6c307

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 ebb7f94dfdb37cf0cd53aaca2ab3615d
SHA1 48a672484ebcd6d3767fb95c22522cf783094040
SHA256 d8946a96ecdd5b96e802baf34f60e555901f2e0e217181409504571857f2658d
SHA512 78403a16a95b24d24533e97846a038efcafbc1305d8f1fa1684a5ffe28defd91c63cd4666765a6cb50789441194a28080a208940272f3cf13035d791e6229475

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 ee8d612ac0d05a5b19a981dc0f4e3ef4
SHA1 d780f60e44ac332bf2df3ff4144b2d7ba97cb66a
SHA256 db10d64cfe467fb2b1ac2fc0e3c479fc68167b8826a812a347d4be4de4e4d16f
SHA512 d7a18b4f1b9685c76d02c00a31a1c06157056ee552e3fd92f40419039b28436e214203279a489491e89d55395e45e1901de9ac0889457f2224fd6bb7ad17cf71

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 76f0364dd3fcdd760b2e54c965f81f78
SHA1 2f94711fc8184d907ef0f87a56ae8ca84344e848
SHA256 d2f531fe5f6e6c071dbb9cc9abab8ba1315036d87a800a3ee0f69fe6be67818f
SHA512 e010d573144add8f754814cba741c5dfd284d3a5afb540c7abe9b01493377acb39626d63887bf528c69a18333e65daac9178b061bbf4926bddc7de796276a9f0

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 f6cc7d23451a0951e537980076fac9be
SHA1 18aa10e083d3a83a7f704ec18ef169d19218174b
SHA256 02d89a8453935e33dcc49892986db8cd722950043264149ea942a0ca822a8543
SHA512 02e9ff10c07d82ea3c5b3f69f83e490cd2574102908d1f160f54327a9a44481a8b85c32af8e653aa949b9c51f26d525d6c034890460e60cda15665ffb1e47f05

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 699765c67c7c8635c5a8207f84b9eff4
SHA1 d232ae56ca336a7397aba58349b27531207beead
SHA256 47e42ef07a2225acc22f43fa2946169b1ca070f231f5aa5ad2588f4bec1f4142
SHA512 d24e67f0da593c577ba7aef2328b87724e48ef1fef075fb921c46eb1a793392809bb6447e60fb2c468ebdff6a4e24f298f7ed0d216b9f12a94cb78fc78f94918

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 c34a600a50c2b19bdae8b6651033807a
SHA1 0a281e7ec93ad6e19c6b9b093a5a9aed4bab711d
SHA256 74356104b062bfb7445f313d1d5bd65b3bffad4bc5fc517bdebe93b4350d6112
SHA512 873dc2a8b373f44896aa27a4edcbcc76e69969c12e56c75c90b1b9dc10f93f56ca40c94661a58bbf51020b4969c9d3a41ba971b9436f36490295c3a17c2c61bb

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 e329d578c0b93a808df86ee28ad64eb7
SHA1 c72ae4e89c2e409a315d5635e5ea29c69af6c41e
SHA256 bbacc0f9714eb32c984b2d42351291eb8a73c42766ce8e03afc9f575f5395944
SHA512 20f53e90303bb7b8f09fd80ee045c486354445c629fcd46b25771f205e64b7891a16a1f5ad2fe26ed0139a938fb82f4b82da732f9dcf24f92b518ec2dc62a143

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 bb50ae459141ea62b143734862dacf4a
SHA1 83f21696283553c7236f25a6b47b7e5be3fe7208
SHA256 274bb20b479c7d5c9d37d3329671f0f8ddc65d15b191e59afb8573d1b2fa995e
SHA512 a9eec24f3fa53bf36dd7b05482e06603ecfee6ccecfc3417f2e9d77696212a9a76c7a97521ab87d66bde43aa88b9c503e4cc576bd78441af895e76b937be1c89

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 88fdfa02b11f89cfd3198cdea83227f5
SHA1 9eb34486c753b5afbca1ac0c01603295460e024d
SHA256 6ec6e353835267c653309ae7ebe1d46a1e16ebe7715f33204c8e9a754c39b1a2
SHA512 e5a9a3e76dc4ca7f19010229b4c4321fde2deb41d8786b3bbe1cd3de7804d8f89620f720da9ba563d3225a98daeb4f32850845eab5aec1fd1c818b2e4c73e334

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 71144ee3f697dfede1ee622dea808513
SHA1 287980f88e35d5f50a411157f04d053cd0535be7
SHA256 69a4f7e77f3148117cec3bf28ae1c011ffb75ef43f3135130d514129760891f9
SHA512 83954bb20fe757310632a2303acc4dfb55b1717f9c7f45540c7bf02fcfda4212b73dcbbd29dbc22da2af1dfb15c96feab8804ce1a8c4f4f7c2b3bb8725e9a771

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 c94307777842f90adb1410f52f2f4e72
SHA1 35dd1d3b49af8af1f02dfc5a539109198563bd94
SHA256 5c4af6f52537bfd824d4eb3ecb6e92744c0c5d4d4fee2631c470ab34d48656a8
SHA512 b42504f79de149cfd6a61382add4e8b6641e195147ca69ad4bde51b59a551147e0e9a212c94b37fbaa8618e31b9f6fa7352092cc9d32acdf8e70249ee7aa9ce5

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 116cc79dd4801873a054af7b8bc8ddf5
SHA1 315daf17f9cb8ef4f59d66255d1dcad034f2ff7e
SHA256 c3fad41033545bdf1618710b0cf6b70f067131b2f66c118b4e2905b4d6aa910b
SHA512 2b1febe16a7582ef4499445095391a8c14ad34ef3fd4a7a860090fa54cc90193943ad8b908e90313bb2967cc6f089994d2a51fec0af32cdc2d183308975d08a4

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 590a788bf9dfcfce5f2cca36dcbf30f4
SHA1 29c40330b5bf208cf07b1e56d5941ce9936ae465
SHA256 3a9bd0cb4ef8dd5a3ab0852d936424f14fe5c8ac051e6f38fa28f5e5caf73282
SHA512 ed4ab0c7d0e3701cd0e8867fe0f8e9f59e3dc01550f78201ccb141df6e8a115a71b0da18cfbf5991a22faedf5c01b146553f306f11f21d207cfcedd5318bf791

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 50a4653119b1b80690a259016b6a4136
SHA1 47f4fd071aa3da3225b152608e1ea845d01b75e8
SHA256 721f6ecaab243c1b0e5491d71b9c2dd443e5c8e3249d7045645fd512e510eb1d
SHA512 6d9c77d5d14075e02e7b8e420fbafbe8d721cae72081f1fbfd0e0fa87ad5399fe02dfa12e09169bed4bd92e031d822e17df99e14dc20953fe4f305e6e4b707e8

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 5cca1f1a8ef497364903e1a5b98f9959
SHA1 27a5a4888d7c5bed3b89f6084e3ca6e19c7ca93a
SHA256 ef06d1261deec0341f0fad17df3bdc8ec50db1fdb1396c925429db0e8d1e139c
SHA512 fdcdb3e9dd44f811a8eeb1fc40f5ee5e7828acf07207f5de52c1ea2b5d48690eb2666587261807fe62397292c6e99f6eda3e6ae5b0a0aeebe6ff4a7b46ee3edf

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 cedd3b980ec41f7001d142dfc6cf81a8
SHA1 d4fac2adbff4db4e4852172e564c9e04f79b4576
SHA256 ab55e8b206530c7c6f3e1071c0beb28f8c52c17445cf3524c5774f09602b7e95
SHA512 ba7b1e56c1cc6ac1672117bebaf0163be49176051e39eb6c6f82bf2defcc90c9931484e99bf32cd526abc74f932f7833ccd5d37c20e83ff15b96f98b50ce8277

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 3f490415f29c05718495384efda441a1
SHA1 2b272daa025d55139378f630afa09663f4bc742e
SHA256 832b50c67352ea198c2de8961aabd5b07863527cf415536bbc5e5cb72845ab89
SHA512 2d9995e42fe50a61a70e50908c7cc58ebd7ebf6312f6103c76de3562ee4815c970ac0ced6f7c198c858081088048a82590f499ad0a61d4134a690eb5fd99ca48

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 0f7b422490aad34c7c330ad9effb6e08
SHA1 af39c27e885bf161c8a037cb01408a393e0e81d3
SHA256 67a94fab1fa9628707f72f4ddbd6cce9b9b490b2e3a578ccb0a90f6f72fa53a9
SHA512 8bbfecfc17a1b8289288aaf3459d6078132befbf14844bb215c2880898f4f9a39383c9936c79c18520c6ac0397a061f79ca85ea876a54ed20cdba4540cf796ac

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 438bda54acb8bf65cfba1d28a6696ea8
SHA1 43e7c314121d66b91c2d7aeb8b3ff409ad8ec259
SHA256 252097af59bd930c8f73e45b0a9991560864fcf9ff8eec3b6f3a4944953a7333
SHA512 23205953fa6b6b0bdd1fc421bf5c2201ba692f52e08ab4647a42797b13ef79ad5cb4a654484de24d1faceb141c79c9b32dc05ccda511f2f0a300b04d7b0fd1c6

C:\Program Files\dotnet\dotnet.exe

MD5 b4b4ecc72f545b59a8317e856c6ce7d3
SHA1 555b8f30699148eb8d6e8953a86eaeddaae1b85f
SHA256 d686ff6ab4d2b16d42f01954737c0c2fd5a1082f737921a61ce8bf9ca69cf45b
SHA512 f0b55699cfb5c73cd6b2dbc62e5736e633ee85273578501d208588a76015e6a7b2e23479aa4a1e30e29f783671c72a02792b65559145024068d847a7fb89565a

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 a8ee5d2b0d2c8863b10edebb13efacfc
SHA1 d6c3bbf4f3518a99d8a9e73e1b3f203b5bb75340
SHA256 3bde39cac7b031921d98029c6b87b4b587f5fb9876cf717dbcd2e0c4fbe82074
SHA512 be6513d13b315ef1e9348f221148fb850d3efe27e5b129d36895c437337c25d140496646907a57a59f6dd40b22e23aa12f9513daa3ae410a2ae6ddfdbfbb965f

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 ec571cfd2f6bfb2bed27acba6e63cd4c
SHA1 25d6e3b3eff3709778c42e5224eb3fab2498c617
SHA256 788600138e28b750a3eda963ec465a768487a56683781084b18b7e4780f97bc7
SHA512 ef6a5aa3c382f12639f90efdb73e7870bdb4bc53ab36f72d6003de148492675605c7963ba7ac56b84cced8e278a5cae68c44a33ade533e8c48072c1544487c03

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 6091adde6d60450abab6ea25e3aaedd6
SHA1 df288a4c83db0afadba760780a3fdd38868d9031
SHA256 c24dbb65eb9403ab726ada9006f155bc0b4833dc6754ad1f039144fc163e1c6c
SHA512 53ad828a2113a8f28f3063ee9b2f28486025bbfde88f05f00d5d987d45ee2f4bcad3256958d85cf25a981b2b694ed30b4c39dfafffff35c2017e12b862ecfb44

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 b5f200438c9c5c5aefd33d685229c6e8
SHA1 cfc95de801b1700a2eea8e23c5524355621f4d96
SHA256 30b9e6f6624fa8bfeaa85050de82f8f5456fb166182edc73fbb15d458c952339
SHA512 38d58347d8ac3220a096a0b3fa9a79aad5273ce8cc5469dca2fa67fc620b4f8ae88af5f19387c7c62709c0fa75e806d5b653df890719c515e105e5efe1bfa9ed

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 80b64ed5675fa843b7323c0c8e71cdaf
SHA1 8ce7cf516bd64af88d1807e58e71458ed57299d6
SHA256 61a7420e45883a62c9f1fa4c85330b9f8056eeb3dbfa77e39c369ee2243f926a
SHA512 e7bf8dc3370b0c3bd4e637c265ea9f024ec26735e8dde1d5379f51d30ae2dd19332ef699758959635f4437c7f870700616b212d6612e8003cc07245fdf17581d

C:\Program Files\7-Zip\Uninstall.exe

MD5 e6cbe4decce43c935846486c5a0661b1
SHA1 1804e9fe1693d284dea2043ffdafe2e4c1b0b6b3
SHA256 c3ff4137a9ef824d770a19de5c65b90caec94a910d6ac301e7e3b7268d11a705
SHA512 1b5f5982d9651797a57732193e5f24e847e08bd9f705989d7bb4dbb6d549045ee621f16939d189f95af516630d9227dfa6180aa5faa691c5c1eaf25af8cdcf9c

C:\Program Files\7-Zip\7zG.exe

MD5 b84de55c1c07b8756ef171d55517d0b4
SHA1 30a14e445da2cd84cad03773d70b23845984cbab
SHA256 b635a2db30d1434e8ef7f0d84df4c3bfe091e1685d5323c296f224b5aa500cb0
SHA512 fc5ef35298d06647d3cf0eb3c7ccbf855b94749222a6b85073c21776e69a8d0b0f15bd4d57db88886aaa7339a7cf1bacd9230047c8a02f7c3ed3b433d49621d5

C:\Program Files\7-Zip\7zFM.exe

MD5 7eb14982ea55d714b40d26cf777c9a5a
SHA1 96532fd5b760a53035ebecf686fbf5ba4b566a99
SHA256 ad3e7f7bbe40038ab539697dddefb183ae6c560e67cc40d0d254115ca6e0566f
SHA512 090b91da779c6b810663f0df38a153f7558983aaee6607035c6527bd0ebca580ea6ec057603113212ecb51ee7489621c542c8718787dff6f05b262b89458f827