Malware Analysis Report

2025-03-15 04:28

Sample ID 241025-27qgbatngw
Target 8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN
SHA256 8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1a
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1a

Threat Level: Shows suspicious behavior

The file 8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Checks for any installed AV software in registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 23:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 23:13

Reported

2024-10-25 23:15

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avast Software\Avast C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\6edda8c4983eaefb.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe

"C:\Users\Admin\AppData\Local\Temp\8050eb2d4692c99fa5a762639b933bdedd0d69ce319d307fb63a166ad1545c1aN.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 172.234.222.138:80 przvgke.biz tcp
US 172.234.222.138:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 110.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
SG 47.129.31.212:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 212.31.129.47.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 44.221.84.105:80 saytjshyf.biz tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
US 172.234.222.143:80 fwiwk.biz tcp
US 172.234.222.143:80 fwiwk.biz tcp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 18.208.156.248:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 143.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 gnqgo.biz udp
US 18.208.156.248:80 gnqgo.biz tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 44.221.84.105:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 18.208.156.248:80 yauexmxk.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
SG 47.129.31.212:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
SG 47.129.31.212:80 oflybfv.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp

Files

memory/4776-0-0x0000000140000000-0x00000001400EC000-memory.dmp

memory/4776-1-0x0000000001F20000-0x0000000001F80000-memory.dmp

memory/4776-7-0x0000000001F20000-0x0000000001F80000-memory.dmp

C:\Windows\System32\alg.exe

MD5 835697f4eb400af52ac14a328b8b5247
SHA1 acb57c0d677eafe30bcffa93d6073683484cae2d
SHA256 15b5101740d82c64c20198cbd98354e41bc74a911bc4ccdaede629228d1f8c3d
SHA512 5c3232f55ad8941df0d9a81b4a7ff0a15dbb98cba227531a838637b4e4ccab5f880ab4391c30862284185373dd5ba50123e77d83c8d94a574a0527b5fafe6af5

memory/3748-22-0x0000000000630000-0x0000000000690000-memory.dmp

memory/3748-20-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/3748-12-0x0000000000630000-0x0000000000690000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 2bc1ce0654a1d75e7bc7ddd761fb1fa9
SHA1 a42be9c5391fbeefd695f2962097be337f8fe1e3
SHA256 f2401caa815baaf82bbfb6d00e930faebbfad6cd9a083141a9e9798b70beaedc
SHA512 d5eab6523741542b98e8a0d13ca4f58e2aba8453bcb5b2be3c4e47ca8ca86deeaca6b0f3bc476941019e595478b822a73dbfb7c760089e5d751178958088484d

memory/876-26-0x00000000006B0000-0x0000000000710000-memory.dmp

memory/876-35-0x00000000006B0000-0x0000000000710000-memory.dmp

memory/876-34-0x0000000140000000-0x00000001400A9000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 17838d4fca02bc318d2fbc3f618c5a69
SHA1 86a8e2259338b84875de0b2ef306f03e2bac36fb
SHA256 bb8a966133aa6808bc243a29c62efd9e5b8062702df28b85d2c020a7a16e3675
SHA512 ed5f47df880fd090151c3496da606a26a0a67fe0a470e9183e297957100b4cebfbd1e740b8dd90d34bfc0caf6c7065e3d5bb7e7959eb17db1e7370164a46475d

memory/4892-38-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4892-39-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/4892-46-0x0000000000D80000-0x0000000000DE0000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 278873636bafdac726e0e1de937703a8
SHA1 35ebff9c0c611eb4727d53e0e24d8e621e217049
SHA256 b8136d0f08eca07b8b56e35906fc0ec3e5b5bf6ca2b77d0849d5c56cd9857c96
SHA512 3f28de4cefc8c83f807b95292b856aa4c9136fd7214a9ad683d38c2122cc789f23a380f585f0e6b5ece033c15b66776061630d54dbcf6bd1a99c51353c8b41cb

memory/4776-62-0x0000000001F20000-0x0000000001F80000-memory.dmp

memory/4892-65-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4892-63-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/3768-61-0x0000000140000000-0x0000000140234000-memory.dmp

memory/4776-60-0x0000000140000000-0x00000001400EC000-memory.dmp

memory/3768-58-0x0000000000820000-0x0000000000880000-memory.dmp

memory/3768-52-0x0000000000820000-0x0000000000880000-memory.dmp

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

MD5 7df106dbd8bc43946eed1ea85e35a7cd
SHA1 3b7a23728d2c3cf470b54ede1a8eeb3edf9c97bb
SHA256 ac72d281002d236c24ef027ea783d41173fc7c5661d5536b6e511aedb1360597
SHA512 f978208210f638fb78819e3d51849cab47170c5d21d428a814114eb5e17de4b9bb1cf31d9a0a82c37e33c537beb059c3ed99fca9f7806f74ce5acb510bfcfc37

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 8769b8f567148d5860e86a6aeded2bfa
SHA1 586e0cdc89c05b832414baa2dd0ee994fd97ffc1
SHA256 82cde7ce1c2a3c0f797e45406adcadb0d9621a43928b5de02f7c72c3ab4c386c
SHA512 c09b55860e972ddf3a5b96c40711bb3a2dd7bfb6a0dae2b394f1f9aa59faf6200b255a2cf99c120660c26844366e73691ec2d4b1d29e16629175391e0c207483

memory/2444-74-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/2444-76-0x0000000140000000-0x000000014022B000-memory.dmp

memory/2444-68-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 3e5fe3f7d596d36e22c368c15ad5a4e0
SHA1 a108d3fe9205377e53b04d968fce96f89d299e41
SHA256 9b4b3567cec98a8992a2e712ee07367f4ad933c714d1f6129248bb058e89be87
SHA512 57718f4fa4fa3a00eedde1a8148852af3bef48fe2807fb4f4f6bc93897eb1738ab9b1a5ae918737615a5550b88fcd9927555cf42a3b85d4541c06fad05b53d8b

memory/4764-80-0x0000000000CD0000-0x0000000000D30000-memory.dmp

memory/4764-86-0x0000000000CD0000-0x0000000000D30000-memory.dmp

memory/4764-90-0x0000000000CD0000-0x0000000000D30000-memory.dmp

memory/4764-79-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/4764-101-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1116-102-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/1116-93-0x00000000004F0000-0x0000000000550000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 9723f91c25df8ce6c8125ee899576a1c
SHA1 beb236635d56a65b364b2eafd7b72dc8c54a7b6f
SHA256 6652b4a6c66af0f5d4c22b5c84fa5cff6425b89fe167135c2ac6af912d256e1d
SHA512 23c40787b30b34cf1c3442912ee0c02c8f9ae968438c2ee6fe07c74e84556d56b9056510185d65dcf61ced2b463ac707e19a5ddeb303cfa38198f17bf265e540

memory/3748-183-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/3768-259-0x0000000140000000-0x0000000140234000-memory.dmp

memory/2444-260-0x0000000140000000-0x000000014022B000-memory.dmp

memory/1116-261-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 2934441b028cb96bd0c23adcacf8de94
SHA1 d6489863baa6524c7bda065e1abf6e4644b840ae
SHA256 886d335387d11a4121606879c08a326e0389a119bb70c6a6254657acf70c99ec
SHA512 45df8fd187752985b44d5c4a17761dcdc77ed489ab5c44bc29cced5367e0c778c9748517752ffd7e1f14571b4b019778c75f9e898a3a0810c9269f5a6b6abb9d

C:\Program Files\7-Zip\7zFM.exe

MD5 1886b47c9c8158439b0b38e56cd72fd0
SHA1 e9f53d0d0c8367fc756be50ae0338272e59d1db8
SHA256 cf18141fa531ed9fdabf7747f9cbc0ec70d8719aee0517aa46a0d23198d01b00
SHA512 59b0ec60696b29edd4def2aae950e044c3d2e8e000f2de91952fb6c5a67407d3d57ffe30546826fcf01b21e22ac78bdd93150c9e1c48dde01e9ae6c5a24c3efd

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 f4a6ac7f758ad148e048ff658f735ad9
SHA1 dde1d00948c6716e3b7ad81e975cef5b781a4008
SHA256 cf7b91df46442bb490664e1a1f1f627a7db3d000336f60762b74fee3005d072a
SHA512 835a8259fc426f53ccd1bf3c59e3acb14cd749277f30516eee9a1671177adc7239a27ca27cc95098c74c136cf2a712bc6021a636b0900642116041f4a9b9e76e

C:\Program Files\7-Zip\Uninstall.exe

MD5 f108e79529214c0f82fabd058861afc5
SHA1 d3e17164d37b94861bb8d38a9e471001ecda24a3
SHA256 3da8657f8cb8ebd5a1b4037a0a56676a7d69593bc645f02d6ed8e983c9916793
SHA512 d19b8eb7995f8898e96a080ef97cdb962322632241dec77883e4d1eec1e5cc881c93f7c9391735279d0337cf09a63ec29155b705a23da70fbcd2d93547a1c243

C:\Program Files\7-Zip\7zG.exe

MD5 b9c888e49a8b417490fa0e198c40be4b
SHA1 01b12c8aadeadd470830407b366274154775d9d5
SHA256 ec5441c291ca4bcff1de6ce70bc0f82885f22de32800599b0b398487456c82c3
SHA512 14e68bc461ad5ac499c885e34ef56571341933a8692285ee45bf6eeb7aa0c578d5446384d8060abad003c55f7ccdfaa23f5424130113da9585706e30246d5ba4

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 df869afd3f2fdcc5fbfccfe5004abf74
SHA1 6cc4d2c0f4f1847eec70b894c243669d9085d566
SHA256 123c3254ae1e333fedd76beb7ad1ce18839d878ec9c5794d049ef9f1f1ef0ca8
SHA512 eb7e0be6ad009c6e09f42f5cb676f087d233d58d5fd97d653edb254945904565597ba5700d011c06d510f2a878c6c456f1af43e66f02547da6ac141e89b12402

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 701025b79c9fe9e0d72a7d4029ad0eb5
SHA1 99d69d52eca3c517d2a722c103c94fee8b9445fb
SHA256 41275c1577670887758ed049257077602ec44e7cf6600a02da2008ea69e386e1
SHA512 c389259ea8db5d293abe563c411e56b89e2b08736b60023fa7ffc072e62f039f55ee86bc06d7884eb6ca5146042efc9672f873ad04af7b9493db2c4bb8ed203c

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 149ffa6254a507222f3830ede2e4ce44
SHA1 5505370e34de01f397f38539859a37197312b206
SHA256 c7a220f5f68f83fddb0ace563d0a9f5f3a466c0874aa44707c0056bd8e61a751
SHA512 768044dbb3a12c5af6312208ebf3031a00ac5a61142faf201e45e68694dc45983aa28cbc35d1d2cb3e7c5aec597916a4161fb72c685da98abc8ec2d362240911

C:\Program Files\dotnet\dotnet.exe

MD5 a4ee950c04c3da06faa49cd324070c66
SHA1 1807a2732aae458a65b0b6163fbfc04c5a03b8bb
SHA256 53dc193a21e39857ab4fb5006439cf2916fc5bf00a534c0ed3ae04aab409d010
SHA512 28407d270b97919961e922dc73bc4539181293643d542a6f1848665730ff884587a1ad821ee564a002914fbdb95be69a9cbfcd6c417d2f6d3ea79933b8cb71b0

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 9b4ff721fd5189b1bc505de75570294a
SHA1 b0738fcf31eba23158cf712e5963f6adc4bd2063
SHA256 01151bc5e6f545526f9c18e3653d31eddd3f706461887f717c77fa25712da932
SHA512 ef6b291fa933618e3e24e750ea17a13199e2139f5669fd1f9566eb7b66f2e74d0db9aa704d2c9cef74bd49f92fd1113ff10805ec55dee1a3d947d79bfd508e37

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 78640c9733089bbb46d76497e65a2c9a
SHA1 55227358caca1aa48fc68f21a247fb8dc6e84303
SHA256 52162d7aa26b397dedf9b1bb53fadb3342a02ecd228108fdd58b5c3f63fdab44
SHA512 73a7b051dbbc3288252f981ff4267a5ba29358ecd52c93f273d84879be2540caa8575a5002a8a0614f4cf43e4465b0b2c90c4d86ac0d01fd7f4578de9105a4f1

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 36781526e5e0fc8238572e24dbcbc319
SHA1 8d89e29ec881aa6ed986411a13d717a3547782e8
SHA256 a1bde29a84c763cac98f7e2013db19bb71b119a5fad804da206522ad9dd97c9e
SHA512 7edd29fb8c147c9da5f287915746cb4208a2585db41e5e1f036d2bf981f24acc7696fb6b5cd45c0f1ef71486062fff475a6ce6d4bfd9a3a11719932f83c5273b

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 08ca589716605180b08747ad4305e871
SHA1 07c3f362c3e1aca797a584b68f87775998477ecd
SHA256 30bd199fa85aa88331e1b026c73121cfeaada118311c072ba1c18e2d269afb74
SHA512 318e0cfd59b58d3b3c1c3d974a66fa1b33aa7a85ae3909f82e199e2ed44d97b50311bdab519985d549abbef1b59b59b3c45e1f6e447c66f1ad81c942f332d11d

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 97ca0028459f6bbb56506588544c2e6d
SHA1 357c05b499da99e1c16b9c8b9af825d25cd93df1
SHA256 7b2a5fe76e92677bf03c6f5fa06b42cc3478e13a40cb14c0627a364d522fcb7b
SHA512 6e298bc68bba5ac72ffc1d41fa0d065fc20a11594cc7fbfa8cde2dd83e43af3897c85ac8217f69655fedcb17311029b37190a62e90f32a031a21751cd5ee1491

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 232852a5201d54066851e76eda73e1ac
SHA1 f834a4bf3cf1e4bc73a8c0f13dc38e09e988d4a8
SHA256 df552a4ddd263393daee8ae6d36caedc658c68091f6a1520ee0e35b34a412306
SHA512 b34d119f74f31b565d290b03c17e4ba81d57ea259e2489355a318c00c28550938764069866340b3a9b8f15cf411a000b4786c958393e087e82d3cab5d1b684a4

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 da79c090591fc7a27556c85909d0d0b7
SHA1 ab52b0f1b8261386a082a958def5ae750482a9fa
SHA256 25a1f76733a068b4063ea9ea048a6f1f8fc802faa326408ce2d5fb4ab6eeab63
SHA512 571c26c21be6390d950b32826583d9564e207a619034de5b982d37707e533e7c962650a10fb2cadae0e3e299d00434e19df6ee83adf35c1bfb940fa8b9527e40

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 75162d141a45a3228e905c995bdeaf81
SHA1 a238cb9dae6405999d2e357b7a1524590b62e07f
SHA256 a394beb4afdead1271795b69aeccb9e568b74c45b5c98f50fcc84bb36c106170
SHA512 bd3f0ecc367df8c0fbc2763312c4dec91b63ada89c29d83f1a9c3126cb3e6303434625c6429c1909c36a1ab0ac0de8f91cc4f3751ee7206dd8ad957bc9ade8ef

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 4822f91c7abac51d21060f723dfae035
SHA1 ec0b694045891eb78a3fb983467f0a940b94db31
SHA256 ed93838d957ed41f35dda27d000e7eecbbf3cf002a44ce9beb449e9acbd37cbb
SHA512 86ae79ef6dca681ce3bb98334a2ae646e05cd824fa53a2c8aa4b6f48ffcc35c1c3233cbfa739c5dfcd3cec720348206afd1efd101df7871ea5c983542debbe2b

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 85ac3759edc47dcce9700a6c2385928b
SHA1 c874a7b79a80cc52e11521bea110170e49744992
SHA256 0a4be7937f223bb2d8efac7b5f7afa6cc0c9d56c1c0bd4e36f51d65059811bfd
SHA512 d5adc00a841b9d51d4d7cf819e74250d8dc5acc798dbb5ad2e70922d239b0fe496c101b58a46296958e544ffeadfc9ea107c7cda98b71ad0862f09adf5cb288c

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 8f6575e6c5cd40b06a11758cf188a33c
SHA1 a4773ff1b4b310ab59645b9ce8fafb4d31f6bef0
SHA256 faccf88f2eed94438d740d3d90f2746b14c61376fc4d9c4628b1f60f197347ba
SHA512 24209e15c04964723ee00897bf6f6faa1eceeb31aee4915b128514294aa8312445fbbdfcef7fa22644e16848afc6dc286e351ea7ce240e14810acf9fc0159abf

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 cebb57c65930cc196e38bdaecba97675
SHA1 f778f4bd130d509d44ab205a07fb29dc613f92fc
SHA256 20eac295088b81f6df98b7e5fe294d6c894b705412e253885ae60b6a13067159
SHA512 049c8c992336555442b7ed9d45625fab17608cbfc68d4ccc4db217c26453d08fcc5da9ee2e7350d835e00510c2bbe9257a28d7f99d07b78a4e73645b87633a73

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 51a1b2961668cd93cddc38b3321eb560
SHA1 191f9726b95dd0575c942c2281a40b2b6569ecee
SHA256 4a26e03a94b8655b20ce089838b59411e90bd71aa3869bb896ce84ecaa8528ad
SHA512 4fa003927df05568142a732a8f13753474f3f11b0d97b9efc623efe19bde4a3f21845321fcfa813f7a05c2014372fbfcd2ecaa9f02263d06e3603a558990fb16

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 6434a49587aa1b0bceab1630de118023
SHA1 ac2eaa06f2a3850ca961ee24d89a166912c08307
SHA256 53ae9e6ffe214bdc58618b582a58b6a677ceb2a46847f7cab4cb5a36efd0dd5f
SHA512 01d4bf7ffd58273e58bdae99d6bdf11fa2b47b7a22b375ebe426002b7e5e993d776af082bd9c03197ab9d992a15a4a028d6afe382f9cdf7c5a6ff89ce04cc3fc

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 26f27fc0be4b53fd7ae4a8765cac28e6
SHA1 eac6694847fcb59861d5d31cff0a36e59d2099a5
SHA256 db8898bd79a38d1c8e0fbcd256f8334f3ea4a436af6ed7b54d187d08a9f15b33
SHA512 24bae3903e258e7a962261b1044ce8a0cf449a944b2566b60890237bad84f3442af8e709c7e9eab3b1a8348a307d34349b05c81c4fbbd05831f5b3e3467a2aec

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 4d749216bb70ce79b688eee696bca7d6
SHA1 3880a1421881e23d5ab1cc5373004e8ea95f0500
SHA256 429b4e65e3ec712f926ada069ece6a8f84ecacc4e77ba2660f064acdb3cf7943
SHA512 cccb1d778510b9841be8dc655c12873eeeaf3c7b48a70385b08fbc6eed0e25c4bd7ac241385630a37fa4acbbd23c98c617844bf730a0f666332e5bf5fcfcdac5

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 688d2044c036fbac5eb701dc129e5070
SHA1 0b74ee5ea6fd4bd21e81538b5570f6a3e20b553b
SHA256 a9d9d00c1a76f54300d968329706039aff8b04c2b0c4f3f7023e21ea2ed7423e
SHA512 026055314bdc080991fbe366cb5e6a635d687e006b2bc7222ce0e807f3e4c2c1131c267f7e77e036b1944cdf5d65e358892808ad10a2ca135fcd4851f85b141d

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 b08f2154c59a030a7f378677c8dc0c61
SHA1 8103c74a4a1a5edaae20918904d3936f141c860c
SHA256 c80ddc8da39a6622ceb0f7e537ef7a0aa75461431eb6d5a6dcb3adcab87458d2
SHA512 e76e3a01e558d17ccf7b1a25213a106057a3f11476cb59ee1fcb24400d2333f793c89299c01237bc457ee63ba12edcb948b6a6d31a46f555a704c71b696b38ef

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 9faee67c75e2a44f00b8ca508b34c8c9
SHA1 1fedd0b6d6c9ced7cd9e03c389b5fee2fca63064
SHA256 e7ee45637e401ad99f19027a9de832cb595b4204d96f25d573792d2356a911f5
SHA512 d2673cea69b08f1aae9b9e0a1102e88fd1abf3cfc1bce5fb146d359f2e7476b9cd68379edb8cc7cb2f7577ce03f36e9c2a6501282706035be1eb7b2768f11a73

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 3a4ff5e0eeb91a9a47163a59eb4816b8
SHA1 daa20323aa7514dee533c3c8bda6ed3e5849485b
SHA256 e300836cb86b3d25dbd8e0a7cb12138c75cbaa84828fb3e9ea2b19f4cc3828e4
SHA512 6a30f80fe11ed820b477652bebc6d24ec5603750564c0b9436c01b9c1c52a5810c9b59ea419dc1c7c75e58137ec49d973ce73cc8b4a898031466b231ec675b58

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 225e35b09f4097ce981c0b0e975b2469
SHA1 595c228326bdb72368faae4aba528c173940cab0
SHA256 1f0a345cf911f59a35176d8613eea359f168620b98cfab6c7060c93dcd470b73
SHA512 067ac0c8ab638f7c26293805bdbd085f77dac84687dd8372d98513087da211066013aedcae1b51dac25cb2dd8fe63ebb024c569812a7d65254dda08edf6b9cd0

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 f5adf52b0d54ac3e0c2e94d546a7a15b
SHA1 2e2e23c37432d276f44e9ddcfb98df124fad3214
SHA256 252ec58c764f86520c7f08594751f669e81a7f96b2da6ff6b2eb4bc136dffaf0
SHA512 d53faddc84c0a0b94789022d3d26d84d37d4da57fe5cdb9aaf3e6fb2b73dcde6601d77507a459bc4f617d5b7913f811152876dceab87df4d6fd9a1af0b01903d

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 1f6026d6e220aba6fa171bd8dbf5d839
SHA1 8648295ae6e7b5c1a3423dfd4de22ebdbdc97dac
SHA256 ab8ba5841efd98d00d668c4b2ea78702d3b8245e0d771a30d353dfc026b82082
SHA512 e371994643e6166b6d0c69300de887ee16769da7faf008d10ddb44800a7902a103567baab4e40692e48205bab7237f3813fd6d3fef66c7c28c578404bf93231a

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 c1b6367c4fc47c6403df639381ab00d8
SHA1 108ecdf33b6b3ee0ce46c1c1c27b3a0ccc391c7e
SHA256 e32d1e1d0f125007ca44f2f932ce1624f12266496c17a5f3135c917990cf68ee
SHA512 da7c7d698137faa2da88ca740b78c3c3ddbe1b46fb13a250b1e0045728e54f69bc4d644d706e53d53df4526f75fdb4316a1031ef4b8572b95fe2fc3a046616e3

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 27dc80244b4919c528fe6f762f0f3100
SHA1 a12e1c1c63d0bbd8db3e349f358ab4f44cff33c1
SHA256 b6e4146848b83f5eb70088f9f95c44c909779c3e802974f09ea5c10872774e04
SHA512 7fa37443e5f83409c1b328d64446e4a49b5068ac6d401e38cfabe5a655e17c98bb0cd38c8e1fc8c7d344948ef00ca3f65c30950132a01f9c455df318db02fc62

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 3b891aa6f150ca435219b34427c03a9f
SHA1 592cf23f6f4e20398b0afff90d36a53f2057925b
SHA256 10ca818f85052e6a51829cc1b2f2ddaccacd8c11ce5316a94d9fd12d94c2055d
SHA512 0b4fffa49d08c326d8d722e90ff8cd3fc0076e185d4210f193ed069c22ace1ee82dbe1bfb2835b73bdd84c9b8f9050bb5331740d66ca665c1960f025969e66c4

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 9af6516ba5eac788676dc329d8a2177c
SHA1 1c7c19fb4e60459a2154b375bbeb09baf3608a0e
SHA256 c590f68ca1885deb1a7ef27f38265db67f925d7e070ea9a89233e748f0028551
SHA512 52decc6791618d14223f982785f45011bc664e3b7ce6cdaaa3ab7e2d9b90cdaab26709e3b7b539590f1efd5cdb1de80209449ee71cbac532d2d7942b80ae1ecd

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 c4e391b4d7d5e4d466442899daa1cc88
SHA1 467cffd331a471c844f78d216c8ec79a04a6abef
SHA256 95891fa34b46c1cb835d0546d5dd4b8f581e11e47d8b665e4fb141d7c4a2ed82
SHA512 6fb6904b8b3bb26d08d242cd72fd15897e172d61c16102c4f7d3645751b45c3e70db9e8a387882b9ee0b9286ba890dd1e72cc7cc95a9cf60e5cce141eadc20ca

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 b77ccb35b4b0fa99a9d5caffc86dcf97
SHA1 f853e723d94b0a388b661a6637dcfa9762dea95c
SHA256 0cbe6c8008ee50d6fbe27b386789a89fa2fa448df3853ae19a93be715ed8b141
SHA512 250072344af2cd482db93f1cde22d164808288551a0b9c8d2cac722b8e6165853ff71988a36146b0653b6b8bffa63b392044027f512d95abb970afcbccbdf9e8

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 a80aa84f853626ea2fee25c09acd9ea8
SHA1 45b6f234feaa6e34e4d57b63e7770eb5851bc973
SHA256 76e5cfa652941f481004005709600937741d86f8b19321b15a5d5e0a4945a01a
SHA512 1c6edee28351222501d78782ac5519f23c5285221407a61df42e27364a3dbafde2e4c56dc0f559dfacad18a1d6e62c08c05c9ee33a0a0d12138c8b2727efc03e

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 8088a83d697c04dfdde28ccf162f839b
SHA1 b0c4b5f9a89cd6079208d444e4147ac4574c9117
SHA256 60e4f00a900f6053f23cf33b028803eda51033260e9be9d00d9a9b9a290be9a6
SHA512 2a164d090f4051fe4bac552f6b0e084e279bb8abe0629c87dc4125b9eadb2fda53f290e8f8a75ee3dd9207d2d2e43ead8cd5b24ddcd5856fb55d2c37e1dc088c

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 e2f916430e036c0ee11e0ddb40906478
SHA1 8bdac9694d20da2b40c101439a87afd275cd6608
SHA256 f3f9184d2a0ab958400ad42ea7d89bce924434772c7a89420909e6593304c978
SHA512 588bcec7592dd5acc25ea3a5f03c7937e6a61623226088bc61c1086b2d700b1131c81cdd167b9ca68d32977dd7cb9487a54956400b57d25eda98a260e7b39e7b

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 1fb8b6df0638fe0ad6d72d69c45897d4
SHA1 3821c1dc05be6e41253f187030e0cf8c66af0922
SHA256 1c4c2336105a767e3b5f39d872fa215a4d9ad6b80e7af56b0160555da23e9357
SHA512 3b5162c08c7cb86a74582054e414a2a31eba3e560256f3d83452a2dd2a8ff64228d8ce6d2e1e408b7c66db259b37e849692a5d0cb64080ba1feb9a22caa26c61

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 44c69297e69194dd26d39e0df52f1c9e
SHA1 f0a097c447f8b5256e71fd85215a2953f16d56e3
SHA256 e4e129bd6308b1d98356a6d42422f0be908fb1bf258537a7676366eca7aff391
SHA512 e73e6c92bbec9549a4bc3885c024aa6899aab33f8ae965fa2d24367e9730189b786f910e5180b0799afe307226280317901bd91beebe779eb8d4f4e416940748

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 86ed93325b5a95039c022292110ff7ab
SHA1 5eac1ab0cd6b330dee1651b04c6e7f85d49ffb8b
SHA256 4d0c4156bb1961e48ed4d166691951efd3de8c0e4fe8ba8d622046de7e8a57a6
SHA512 9276d7b51fcef9c297327d1cb46dd3b9d5c7fe9aa0e81aa08564dacc3c1a4127e387454caf1cdac945165ddffabab7935d6e14dd7697a7ce93b4bf74418a0a27

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 b3dde0b6b5ec1e179adea686826b5a40
SHA1 2c969e60edec23021f316dadf9bf31dd5eef4391
SHA256 6ace16e730476c7c77c599b108b04cc225e8578e3c88747192aa041be8b3be7c
SHA512 5925aedab626e544d81687b59fbfb363f6107c6d9cea0029d63a0ea9e4a777b859f7055a3dca4e59849bd6430576d698a5ed1eaefb07d232ae704f19592b5b44

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 c8fe3cfee4a4296cf9cf39db889073ca
SHA1 1180665ae2264fe1f7bc8840616d131eedc5cc1f
SHA256 20b4eccd18926da4bd483e6316f321409cdb2632cd44f51ff498d01b4042ac07
SHA512 9196b96f59e0634bdfd594c3b94b99c26d43b31e55ff7acf333e4436fd8a63bfd232d57ca523c4f75c2fd8c7f8616796afcb80244dc203adfdd3fc1862a06f25

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 4f639cc5633796e449877d72a1f1ffe9
SHA1 6be76bcc0b1800d7bb05f2800cfbb6e3eb6c5362
SHA256 1f65fa66a2a2dbc20b02da591c65f5417a7067af46d04454ca1260e83f2a9bf4
SHA512 b226388f5918bf419af02fef320cd4f6438f30ad97a32d143eb66172e6f3d9e9bc976133593c954289d153a609a273bcfe102e70d0dcdb1647d72ffda1c2b046

C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

MD5 52aae1a0cb11901bf0e3ce28c54b710e
SHA1 22d07fd9b1baccd51c40eff067cf34aa85ed0328
SHA256 0ab76547d99745c208890c48b903d1a8560c23287a026812a22cfed59ce3df93
SHA512 dc093d67922c8e08d64903cffe90117968b8c10e6585a163e4ae77cbcb829247fa87337ee40e52d4ae44f67b8655d57a30692c358d93085d0447918b9f3dca70

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

MD5 688b1c9cab5ad1259b62f62afd5a2ae0
SHA1 6d605ef0bcdfd38928590626c4833ed43b9ff812
SHA256 535c72978519b33d1fd1a6b639013e9b0f03ebd696ce47cbce055df8c1fd560a
SHA512 8a1d6421ff4f1773b183cf9c10012ef7e3d46264e9100eaa8fa07585bc5fc30b245eb68da90d2bfdebdf4f786da246942004cbe0fa7debfa4ee43421922b9e60

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

MD5 570357d1995a74cd6a4ab9a6d5ea0b01
SHA1 1ab06f9b7b0eb85e2d6bc8c7f081379dbdd8e542
SHA256 3a7948ace53129ccb4eaf73aa17f738e1fd07a070ed58bb4207c83d5bae329d6
SHA512 0b2930ab0c118732e56aacf27dd57d1390fb1518decdaca2ceb48773da7ed4daf464091a474b755221ac672a78126f1601ed533a54f88b4b7dd44e44ed124008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

MD5 0573b2f2f412261b8e092729a2983f98
SHA1 35d65c5ff61d552812f1bb09bf0c168c9afa1e47
SHA256 99906b7f519c764f15f1d81ce68e1c11a8d99240164b1ac99d8aebd2a5d342e9
SHA512 5b6b58c6e8a73c9c1552192d7bd592c053d1224b47501b68bcddd3b79e8e7004575745e101b36b64f346194756e35555ec4573815025ebc25576b833e15a9036

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 e680f5603cc003ba421675f809fd4d91
SHA1 701d9722c4c1f6d33d27d1e68040156e7db43df8
SHA256 ec96c33d4bec10e72d3c2d07e8e44d5f166cc140910ad44df05a9255472e345f
SHA512 56a943994b49b98e9d7aa430eabb137c5e7e02a062490af382961fe704b76d47f03efa66c04716e2aa2a8e782dc6d7a7198ec2fe06ed6a263c10eb62060b6d47

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 8f17d59a58cad64f10eddaa10f1681d7
SHA1 5ddfcd51bd0cece70123e3d4f36c369a4a02e604
SHA256 3b09147dbe82a5a43f8d5f22467bac7a7d1f8878097568efade368cc74ac6e12
SHA512 372e7fc25e7b9133525b84a1fe633a8237b7aebe7cc25d2e355bf8de9515f6e8e12d35658a7b1d0ef6e83ac3419fa3f21f0df8e8b8052c733a0782486124d727

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 f3211d3e90e1253f6dfa79561a444996
SHA1 fd830ecac7845c26b2c86db4dd5f3f02ce7dabde
SHA256 efaa46dfd99657cd8c8db9f015661a8e1fe87dbfff3aa4b7289c41cefded5b1a
SHA512 b026fb7fd0c59920761237461b8b47fb6476c0ffebf5836933fbf0da5385db16823b725e9b771cc05de039db96ebdf2b0883ef1edb8f202a72f9fb7ffc5231c7