Malware Analysis Report

2025-03-15 04:32

Sample ID 241025-2e13caxann
Target 2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker
SHA256 de4ad12945644babd042d5e088cc884a9eedc99785f2478026961dc4bd29d9ea
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

de4ad12945644babd042d5e088cc884a9eedc99785f2478026961dc4bd29d9ea

Threat Level: Shows suspicious behavior

The file 2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 22:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 22:30

Reported

2024-10-25 22:33

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\pcd.db C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db-journal C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe"

Network

N/A

Files

memory/2408-0-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2408-6-0x0000000000340000-0x00000000003A7000-memory.dmp

memory/2408-1-0x0000000000340000-0x00000000003A7000-memory.dmp

memory/2408-16-0x0000000000400000-0x0000000000554000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 22:30

Reported

2024-10-25 22:33

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\ab3b6e327cad7dd2.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_92812\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_92812\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_92812\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-25_63981e225c300f29f74d7748936e78b5_avoslocker.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 172.234.222.143:80 przvgke.biz tcp
US 172.234.222.143:80 przvgke.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 knjghuig.biz udp
US 150.171.27.10:443 g.bing.com tcp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 143.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
SG 47.129.31.212:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 212.31.129.47.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 44.221.84.105:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 172.234.222.143:80 fwiwk.biz tcp
US 172.234.222.143:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 18.208.156.248:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 gnqgo.biz udp
US 18.208.156.248:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 44.221.84.105:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 18.208.156.248:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
SG 47.129.31.212:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
US 104.155.138.21:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 21.138.155.104.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
SG 47.129.31.212:80 oflybfv.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
SG 47.129.31.212:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
SG 47.129.31.212:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 reczwga.biz udp
US 44.221.84.105:80 reczwga.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 18.208.156.248:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 18.208.156.248:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 44.221.84.105:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 72.52.178.23:80 wxgzshna.biz tcp
US 72.52.178.23:80 wxgzshna.biz tcp
US 8.8.8.8:53 zrlssa.biz udp
US 44.221.84.105:80 zrlssa.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 xyrgy.biz udp
US 18.208.156.248:80 xyrgy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 172.234.222.138:80 htwqzczce.biz tcp
US 172.234.222.138:80 htwqzczce.biz tcp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
SG 47.129.31.212:80 qncdaagct.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 18.208.156.248:80 cjvgcl.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 44.221.84.105:80 neazudmrq.biz tcp
US 8.8.8.8:53 pgfsvwx.biz udp
US 18.208.156.248:80 pgfsvwx.biz tcp
US 8.8.8.8:53 aatcwo.biz udp
SG 47.129.31.212:80 aatcwo.biz tcp
US 8.8.8.8:53 kcyvxytog.biz udp
US 18.208.156.248:80 kcyvxytog.biz tcp
US 8.8.8.8:53 nwdnxrd.biz udp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 ptrim.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 8.8.8.8:53 znwbniskf.biz udp
SG 47.129.31.212:80 znwbniskf.biz tcp
US 8.8.8.8:53 cpclnad.biz udp
US 44.221.84.105:80 cpclnad.biz tcp
US 8.8.8.8:53 mjheo.biz udp
US 44.221.84.105:80 mjheo.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 jifai.biz udp
US 44.221.84.105:80 jifai.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 8.8.8.8:53 uevrpr.biz udp
US 44.213.104.86:80 uevrpr.biz tcp
US 8.8.8.8:53 fgajqjyhr.biz udp
US 34.211.97.45:80 fgajqjyhr.biz tcp
US 8.8.8.8:53 hagujcj.biz udp
US 18.208.156.248:80 hagujcj.biz tcp
US 8.8.8.8:53 sctmku.biz udp
US 35.164.78.200:80 sctmku.biz tcp
US 8.8.8.8:53 cwyfknmwh.biz udp
US 8.8.8.8:53 qcrsp.biz udp
US 34.211.97.45:80 qcrsp.biz tcp
US 8.8.8.8:53 sewlqwcd.biz udp
US 44.221.84.105:80 sewlqwcd.biz tcp
US 8.8.8.8:53 dyjdrp.biz udp
US 54.244.188.177:80 dyjdrp.biz tcp
US 8.8.8.8:53 udp

Files

memory/4388-0-0x0000000000400000-0x0000000000554000-memory.dmp

memory/4388-1-0x0000000002440000-0x00000000024A7000-memory.dmp

memory/4388-8-0x0000000002440000-0x00000000024A7000-memory.dmp

C:\Windows\System32\alg.exe

MD5 4eddf62f78bb2661dfdbff88351ae457
SHA1 50c962cca882f84a8e285ef019beeda1d87abbee
SHA256 afd550ada6b2a4d273f5a357ce46f5162f0fc1d98a9adea10740832be1dfdef5
SHA512 a1fb1bfe20686cd84ff671a8d3a67ba2fa485738b6916f0e5cb543cc069ea30394d2ada431f9c14fe1471ff0f6f72aa73d6df7f30e5bcb5f6f9d068c7e5340c0

memory/988-12-0x00000000006F0000-0x0000000000750000-memory.dmp

memory/988-21-0x00000000006F0000-0x0000000000750000-memory.dmp

memory/988-15-0x0000000140000000-0x00000001401E9000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 ccbc78e461a506f39984b6740ec0b41f
SHA1 1e1ea09c59c6040d6c2d86611bccc49a87cb8775
SHA256 575e6716cb642d6def2bb08562f9a37def8901c705f323528ec8a6ea7976b3ee
SHA512 7d73e13cf4c16d9390d808ab25f1a26a2c55d062f6e4b303386e401666271b59a2fd4eee6c478b5379dd758f5fdfcd9a6c20fb7bf683fde42a8399897594cf32

memory/3160-35-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/3160-44-0x00000000006A0000-0x0000000000700000-memory.dmp

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

MD5 7d5e51445afbdf79cdf6d2ccd7d7c5a5
SHA1 22c74a035bfc9e0948b14227c5334a5f6cc4d85a
SHA256 3c14cf356701bbb471211d5b01e8bae025be19708b8a9faf7a7c80daddc643b1
SHA512 36cf8b7c243cd83e880c48f41fc36353978dd02f25684de960760605060ac8013affe10e35027dbd9b6f0ca123a953e44c62ccc0f4b14702edb466666442bdb3

memory/4740-55-0x0000000000CB0000-0x0000000000D10000-memory.dmp

memory/2312-64-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/2312-58-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/2756-69-0x0000000001510000-0x0000000001570000-memory.dmp

memory/2756-91-0x0000000140000000-0x000000014020E000-memory.dmp

memory/2756-88-0x0000000001510000-0x0000000001570000-memory.dmp

memory/1904-86-0x00000000004F0000-0x0000000000550000-memory.dmp

memory/1904-80-0x00000000004F0000-0x0000000000550000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 3b23a3f2ea1e3392d7d6815fb932669f
SHA1 da01ae33ff0a2c24de6d4cc3003be39982a6da4e
SHA256 da7b7f1e9c9d6f7b21c13ef108fb541a01a527cf173d9f9ab6920f2d115c6557
SHA512 4893fb9e46636cd55d5b6e4e84961599880987db193e36e95142dc2d2a22efdfb47438ad16811ba4c5c3881482c0e5c50de827e36d6e7a80cd060250596c5400

memory/2756-75-0x0000000001510000-0x0000000001570000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 b7d1744076adc82cb2f6dadd46c15b1b
SHA1 077166bd3f4584a8cd6b915b2d07846f1f936833
SHA256 78cd56ce118aa4938bed1c19291ab6bd97da21410dbeada10a58b105a5883e70
SHA512 0dce65164d78d70d5c81177b61a8143dc5ac3ae558410302ce515e3e3356b4194ebf40dfc7196906e2cf6a1a009579706b0ca6616ce1568c81d83fcc4e17934a

memory/2312-67-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 972232c2a5427c22a9e3a6ee5d156845
SHA1 de85023294a737881fbbc204d2fc826ad85e72b4
SHA256 45dc6d53dfca2547e5f6227e9c9d54dccb904526d9b943088d0627cd089bea39
SHA512 5e4444a45f9dff2af3fabe5d1d316167aeb887108adf0d0d48f272344b5bae40b364669a4223c6db86681f25da845049848c611ade1b6c2d0b660c04ae3493fe

memory/4740-53-0x0000000000CB0000-0x0000000000D10000-memory.dmp

memory/4740-49-0x0000000140000000-0x0000000140234000-memory.dmp

memory/4740-46-0x0000000000CB0000-0x0000000000D10000-memory.dmp

memory/3160-34-0x0000000140000000-0x00000001401E8000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 afd3076d8916440785d5932673b8d700
SHA1 be45f2ed25ff50bcb5289778592ae1d0adf807eb
SHA256 3fa3218a8a7dde14a812d086f220160015c9032a58c6647eb6754623df282cb6
SHA512 39b2ef7e8355e6fb97ec1b8702aea3eda30a706b390d869ad371d1c4e158c0cab95454c3c5073fcefd7aaab94939b9c4137f133bb8f294860c888984de83164c

memory/4388-32-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1904-168-0x0000000140000000-0x000000014020E000-memory.dmp

memory/988-243-0x0000000140000000-0x00000001401E9000-memory.dmp

memory/3160-248-0x0000000140000000-0x00000001401E8000-memory.dmp

memory/4740-249-0x0000000140000000-0x0000000140234000-memory.dmp

memory/2312-250-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 33f03734db8b3ea80b1d95dbaf23141f
SHA1 a4dcb5be96146201e07d5756ff4085684ea2bba6
SHA256 91fa2422d2e302189bbeb10a060767f7aed48cc6b13c6b831066e2b28c060f89
SHA512 a7b84f82bbe3700bb4c2843418ba79db0970acb0c3e6c259089fa8193b8e7d65366e50b7f378ea773346271bdd0f73e46f87cdcb9d5f0ab7a4440b441f92a13f

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 470979685187b6d7e0b2136bfac6a8fc
SHA1 80dee6fbb0589bf4e69a4cd2b9dff786fb5abe63
SHA256 efc6f47481014a779376508a176b096bd46523bf9417abacc090e1c764ec6abc
SHA512 c536fdc554a7cae81d7db42e7ae414d0a4e30fc9b513e2aabbf5eea84d7eb7e9abead74b8ec5781ebfe5c1de07b84ef4762b45022cf2bd57063216c3cae2a625

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 b5992da787137e0b4d2c355cb321973f
SHA1 87ecde4d73258d74c04d3ecbcbc1f2b6d1b53a92
SHA256 505641ee2fd745111d81b5cf77bf522f5918358b32b8ddc23cd43375626b774d
SHA512 592ee0b2af792e923b9f125dfdbb100998eae3214ff1942befb8aa928f7da1683b25c205c2707e4f36d6e70923b55236951250317013a5cccaef865e9ea897d4

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

MD5 5b2e6cec81bbac98db6a720e07f42916
SHA1 c3291dc558bc0407c9166b12dd309ae19415c933
SHA256 1e361f740effb38e3fb634ae440e531a1d7728be97a5c18359e58fc2c28e0713
SHA512 322f57d6fa8212d1bf365b38d787d95dbe3b54f49620176f4ecdaa4e1ec65b2bdf8e92ade29783be87bb187463efc03266036b246dd79db0e2ca0a1bdcdccbec

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

MD5 af6c00e639608d36e392f386d6668061
SHA1 394fc12619bb0eb21e2c598d13837f5687e32f1e
SHA256 2644e3ae313dd0a87b5812d463640d1849b0e111c154fddf49d6d9082ceaa4c8
SHA512 d23b8d16bc012ca2ea746b6d9732052efc6f85607d1d00146409cfd4c850b8fe526a24cffdc69db94ca2a3249f427a97b8710486cfc338b9a4ac1e1586b0a32d

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 2f46225258eba610c37380ddc9594a6a
SHA1 89e3d9f669a0e3d6cdcd32dd8cb2dcf6671ef813
SHA256 d1d8c9e35f1a1772736097559d1663f37c0cbface028f4cc7605e599aa5df250
SHA512 c7970a0075f7779799d01f421ceb10592b8b03ae0da436ca0c18b77981b78598c68a6cb0af0f3e24ad3e1faa71ea298c7a3a509fc39aa0d27d13d2ba2c11c09c

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 1b4c51764feed1cba00d1c92f4a4d3ae
SHA1 366b13635a68b50f3da447119fcd8307364fb9b1
SHA256 47c18941459206c7af9f5136d5acd6f9518aec63a824a1b8df614ac2fa5ba4cd
SHA512 edffc91ef8de6d7f28d31e523150fece79ad6520c7e8c5f98df781941f013b11894d161d3473c0064596b0569b8a85ba377118cc6026ce1f823b6eee3ea7b216

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 470dbda4a43843461ef9e238a846dcf7
SHA1 69c0c8858b1a5384105eef5a3551738bfd27f486
SHA256 5575731dffbbb60209c71f73622678c0c6381a18783c0bbffb0e67162d55fb6e
SHA512 663d1b2e32bb7db4fc848c70090ffdea9b2492a42eb17d975dfffca6763a7f9569e563c6fe70f736509e9fd823860fa381c8cc828762f336d92ee793f9c38ec7

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 70fa25b7059cc23ddcfa060f3064438d
SHA1 3b1c0a33e667864b48fd8baa68288fe0bf3e392d
SHA256 0c06d6782e2b3bcc243a593b1982b703e1b6c26fc1afee12cd4829fe3f409bdf
SHA512 3b6ee7fb79c51cb80afabf8dc95161836d621208cc88ed6b04662dc0236a3256c94e7fde41e83767839db9a525207c5b2540e83f2d67091d86707066065ac639

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 8ffbb55f476f713e6dd03476ba76962f
SHA1 5d4f0e14cb30ec1691260e959d5c0fcc628214f5
SHA256 3a5ec8238280d4cdb35ffb5b02b1367198c671003f383f5419538dd957760f60
SHA512 13ac565718c166cdc0e5bb445c293e35bcfc10ef426c6cd1229b373fcd5fb01fc7b705f1a3d3a533515765aca7f28d1d08365e8c70ee1d430f9908ec8be8b3c8

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 f1272924eee310937b3d4a3ff7f20469
SHA1 ab08a74e2e751e10961b2359702fa4d71e36f633
SHA256 a51e1a1056fe0d05e1738f924da5c1ce40bc3316bf1b1b3a068731025f1a0518
SHA512 2b80f1b445ede1f10b61480dc2c063e16516ba2c5b8cc02f94465e47062bc1147a8aaf787994057108e650cd6e98357e72c6011db068d9142ecd06e343aebb16

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 3a0bcb7569c8ecfe9ef92e8a1d7f4b46
SHA1 8b4564360f4da4b756f44e80b1464665e3555171
SHA256 8586e7aab7ea291744923fb986d6069a3d0b15697918bc1c5eb399faf9d14411
SHA512 b98056ce44f7f9b3a90745a5617abf9ea338102e3b90eb559788ef4a1384bd6d142b197280ad4d6b7c7a9fbc52c315b2867637243634a329fd696eb2d46de517

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 0156d8e3371333444e9b2800b5c3108b
SHA1 53a280ca72e3b69feef6b71c217954daab15a444
SHA256 2b010231c0280ae7449c8915e386168243ec067ab12f892f8e41d8ff47e38de1
SHA512 fad78e853d65d28225d93008640a8986af32794d71f8fca6cb2f9306e02629c1bf432c051b7f4fa803c96f7f3aadfb6fa8fe4b7537d6e394ce01455f4d32b060

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 fb29a6c64531815d2d2bec12bccfd56d
SHA1 aaa8d12e7791071a5103abfa9440de34e8e78924
SHA256 35731b3af56034a56d48ece9c1cc6806f0e236b1b9422715a8864cd05208ee17
SHA512 28b21a9fb3b551b5807c0ceeee5764ab7822cc4d2a76c45b2739a4486b318b15960d5625755003a87b47c8460ee949f996a71902ad348077cf5effad0ad05e27

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 f5b7f62d74a93998ea012f8c8d9db503
SHA1 2bcd5bbc40dd2d75b98170d7e35e106bef2ab87b
SHA256 5f54e6a1094aed58062513d7ff9c3445907cb93df3c7186697f01ebb952f37c7
SHA512 f6c67e784af67c526db6c0957dd526cdeac6b6f72aeceb5b9759c904e2a07e1141fbbb35a718c83c5dd30bd3660b862a8d43f55e424fd6e990fb4806ebcf78e0

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 1c55ab0aeb97f16b9d5b5fe116ad1f9f
SHA1 2977f2d34775c64c0fbcdacd660ecb815249248c
SHA256 c42b6988d5fb63efab8cb94b29c21cdee080b0e914335af8e0de532cb28c9f61
SHA512 10888a319eb982a9e2e488657cb6a260150f0e215e0657ad0facbae7a19fd5faac91da1c4fd77c4101313ab011a749365dfdfff041bd86f68a4cca4f035510d4

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 ee9ab8be0e52748acfa9646fb26a8662
SHA1 a65c197e003c54e64f0dde4c3d48ad6b24a96c54
SHA256 e16c533b7b5bcc87a97e839ca6aab8bb772e72acdd3bb630066c4765d7ba4e08
SHA512 ecc7e5cab455f03cc1955d22d99067c90738933f63aa27ea26bcde8c9af6837cd94fa00de7c6bf7eb1ff2d8a4f3e793e6dd2fc9cb2d9c9beb8932ab2caa6dfb2

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 78ced7198383002eb1b875d8b5ac2580
SHA1 cce32e22a2ef47927a0cc94490f7384ae97d15af
SHA256 09621c9736f5a3495a7436034263829e1d1e28c316c9a626bd60cab1e2d35b97
SHA512 3a80f1e9e9dad338662f3929b8eb902d75c92368f3b9a2fbc877f4c9dfee8fbec7579b228306a850f7428e7b74fbaa29f20a2dfd4ac1d54385a8326e12fd5a53

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 2974cee41d1ff314935df87497fb6f6e
SHA1 c3f85b0b501076bfa916d8be2cebcfac0e1f2770
SHA256 b617748fa4a6c4baee6832189f994fe9708c1c8746d7dd23bf7abed527901c5e
SHA512 a9b2d52a590d8e9f9d24b6204e2daf7ba92656ada90f645cab30499e086a98134b99c9bf9bd45632de7c8f4210ce5e1a23a88cc7001495d6abc70adf9d962f9b

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 025883e5cde449b59ee4ecf4c057efaf
SHA1 e18ac7036693e5f7228519b8323870ecf7cde53e
SHA256 d8713492dcfb463e5f796663764b697c9bfef6ef633e77d65359888d9dc8aaa5
SHA512 aacdb70fec111ef29cc99ddd6d7ec2c1ea235923ce7cd6cb00ae5a662c762bf4daa4dabf2bf994e09271ce4c9b592cd3840971e8ffad23e7b11e40bdc13803e9

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 aab759605ab4e2d460f0eb2fde308652
SHA1 7ae49b500411cf0feccccb19a024ca22cb55f1ff
SHA256 aaa794f5447103d27629f210bcf3344d03608b48a34580afd174f98155340768
SHA512 ad39bb1435e1c3ce8ed403079012790d236c176712723e2a2586b72ba8c2149b2747c0c14c8a9de94644810d9aca05d08d84e19d1676861704820a248437afa9

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 5a55da334d67f7c1363892bfb8541ea8
SHA1 5122da1dd9282457da8d45f88026916fc27bab89
SHA256 230b4f4bf70a67bced11fdf94f5546d29205da7f9b04fe6e90affd5df85fa67b
SHA512 fc5045a2fde21393371026fccca3bd55fd153f6e006de295fe4c79018413069fcee054475bfe9b666fec81907a9157bc8c4dedc8cbdecf886918ad2f03f93498

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 7fcbb2c3d0f5592571d62275307dc521
SHA1 b40d1897c75cac4373f7994c7289484b9eee8b82
SHA256 d6b007a25037907e884ba0dae89ff82d5cecf896afee2f4911ab2e0ebd039bef
SHA512 53605b16ef2b778415ebebea1bfb40f31b72e925448d4b220ef50af927cb412d4e600ced23b8d5e3ccabdd1f58e6fe7312f82d3b1ec57e978c14d9a210c2b60b

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 ee6b608c04b8b6700d7ca97c306bb829
SHA1 f10da50bbb01099142267275fea3ebecac77d89f
SHA256 4676c60f94f510767d99487cd9f0418d98f05052c03dd435f49355b1020ee2a9
SHA512 4e98449bd55397de3854bbeeb8b660563ec3768420b9057268cb1f8baed9467760abad9bb8ad43293366528e669492599594d69beea14b1864584a8388dc2914

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 0ad29429649e79e4788da92fc2961305
SHA1 3dc82a3e768c408cadcff21f151a3f9e4a043a6e
SHA256 eaffdda92af6b67fddb7b847ad1a92d60f08ef0e760787b3fb0cc56dc9997fef
SHA512 a02d60bd972e309d219df2f9b55a132f5036be80cd5326a57f4244a5c17ccb49fc4401f2a4d0df677fbe9e521a3f57342d0034a547edc70b243572625dadd4d0

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 ed6669f4c58fa573728419a07e8b1986
SHA1 d58d97eaa50fb79270992803878ebf65399213a9
SHA256 61d698a35c1ac0141df6de24a3f796d5b21caaa83c329f10702991ca8a8b1d30
SHA512 ac8b8e0ec80d3407c06b4e90188177370a24d3b2501c2591fb75174bdfb2b57ac106a968898245d3ff1ed935b2996fe2d0ccb75faac6746c864ded8fbba2aafd

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 d010d06c26c535a834ce29c5983d81f6
SHA1 2fcfab4c50ece516fa490fa569a64f526da50250
SHA256 a99b26d0796017164942d1927562592e4aa5ba27688ce34194091a640c5058ac
SHA512 3744a5dc349541d12c25c7ce61d7423c8f852d1f7248c48c629c28ab1765bfc2b966211762eb56036fda37a5b8d39f0a6c537967aabac99ee5e2f3371cadb451

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 64731f887d56af91acadb9518109aa6d
SHA1 a70232a5fb24f12a0ee860219930042feb39e305
SHA256 37aeda590c89124e3ee8dc7aa371b22c477d422d3373f8c202e6fb99705f715e
SHA512 dc288b55b823894adc61dc9668f1c939e2ef3634913457a9740b4f86dfc7e7ec68eaf5b2be0d803159c363a8abb09ae2a45a647d524087c27499bae2ce3c1a6c

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 44d7704e3c9079fc1400a69f875723d6
SHA1 313d7b182a8027f18408d6ec21771b8753330ab3
SHA256 0f87e34ed6ead7d6bd2a19d9e86aab9cfbb5cc4a60a504d77c003fed3e5f5cb9
SHA512 60c3cc3569264d39c181ede3935ad56bc0423f0d4736595ee36919c48d661806b07e3d317e0cfb45c2f287638e77060c2de6c7d4dff8c3202d8f050dbb837c64

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 178c36552c293642dff1ad0780ce5189
SHA1 43e4fbd09b6708d18803d8af7b71cdc7ae7d6b58
SHA256 7431959c7203a224240a1136c7202b4268ff43836c9a987fee9fb68db75b971f
SHA512 cb09fa76678c32a4809e60d6e6c763f3a01fc4217e14ff6aeb279c8aceb033df6b0ae441a82026eedf3e9634e7ef2a5e9ead59f65977062e3d934bbb9f9fcd4a

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 dd529e4d26fed2cd404ed46d2e81882a
SHA1 6644ba9d506e4921fd580df0d2f9083f45f22cdc
SHA256 4aec659c12a5bdc502a34c77a5f62e3a981dec2b3dd3a795e7156150c7f00c4d
SHA512 ebe61034d18acbb5186ac060702ca7e2edf20c0783fcc3c688b3e423f679e5c4fc9b88aa5b2f84c1642128e8cf0cc96eccbaa63f5aa285caff83a0dee931fbe0

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 088e29192bd1473461e62c7d32959945
SHA1 086a7257dd2d74aa421f39cca79c31ff9ee91a91
SHA256 b574aa75195c34907cc96dbd4e2f45e4ccb2c2f38f96465ebf9a09739e3374bf
SHA512 d0639a70477855d77883b4949c2b6633e19398012a992c5ed3b24a2b3a8ad67159a3f9e754c2e7ce65849a4f856cc40700faef1bbb77ff5568c8770321de6ca7

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 16a51086c9fddbd888f9e7e7518b7c8a
SHA1 d6eeda89ca626685e80c49868cb13d77693b6d28
SHA256 e9673b37594a87a38fc017d561896d07d32021e2b838e0b52c32cb80f223f385
SHA512 00b1bb9adf221923cbea22ccf34b0216d1ca849ed7048314f7ad0fb43324a94dea663719b7f3fea63400c99d743c7431b1bb1e208b64f622251d1af9e046339e

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 9b5d620b4660620df3d079a32695a55e
SHA1 1500fba560a9e977fb90e80612e912604e1b9e35
SHA256 0ee38c90b970398c461bce6f2a63130edb16d7001464e4c157621d53bc4504d5
SHA512 307bdd1f7728237ea97008aeb23d091aee06564d803220e6980e8792ad99aaaaa4d28cdbd336bff3ace2b435a95e1090505d3fcb0420d4d95a6c77de23bc8e7c

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 bc02a37903d332c46af2ad6eb49eca2c
SHA1 7f3665f763128d3ca66ce541df3ede17d5830077
SHA256 a73a08b578c6057370768771660d5848dd8c4a9098b83d4374bd997d6263348a
SHA512 77e76248d007615cfa22296e5bd1e936310ccd8262b5b59a15c103dc9751b8856d8ad20f8f680b6c68b57febef1382fc7fc80f4951f23b0eb32eff39910c1ec0

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 59991ad94e774d65e79603a39011db63
SHA1 7f1783e74895fb0b5263d9f5175eed9cad00ed8f
SHA256 a47488efa791322dee100b4864c04efe141020457d984227aa771b1638a7658a
SHA512 77802f7c4109d0fac31e30cd863193eced9021d7945fec3ed1c9cf53d6015eec34c21cd6bc6b4929af24c621821b77b01532f73f424c24647a2f167adc42003c

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 ea329fd8bdda5d37f1f17003d2638933
SHA1 b45221e112dc08b7410ead4c7cfebfa5439552e8
SHA256 fea241a2ca048de5b1f6ff9c2ccfbb0738eea8f9cce06cbe0f1d135f47e1bea3
SHA512 0d6bd77edb6a2fb543222a2f293b14d9cf2c2ec7403924ede602f32978cd881a24249a551459df2a51548bdcb18c7d11c7120002233a1d0c56fb378125c374bd

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 75dc878b62b0fafb8a345f05d5580841
SHA1 768dbf0c5f2360ce17d2ae4a4c389289ea1d65bd
SHA256 23a9a582dbb858c67caa2e9d7cd6b4f8f5e731ab9b90ee291ec2bc01f8ba61d0
SHA512 de947d93eadd4108e07eb501e9da6415c0a57224956a764f78b718e3475a45c72a0c87f43369d191ad0bc6dc2057bca870f3082f8693b7da39c10907e52c2205

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 22b47afb827a307da2ae37f5cbfaa202
SHA1 a6880c3ab6d940b2d62b28eb5a6a4d182dc9f2fc
SHA256 f102d5000d1264a448636981b2b29db057a1958c9636b304245699a11f730bc6
SHA512 620087db3763dc62e417f57dfadbf185b7fb31b81e732c568808b2a2e1083032b407f61fee5454f5c8d9765aaacd95720db3a3ddc41b82da620a5833cd3ea300

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 6a730bd9459056f39e0cb77b82b4cced
SHA1 8e248a6c9dd7c7449e7fd53673b030f9c7ef79ab
SHA256 8ed914b46441e82c8fbfe323103a0fb218836b11544d1807599bc243c10e017a
SHA512 d552ad3bb9a54adf87754512e57a070f3ccd559094783f3ffbfed76f36196429c313fb35cd4bc90964133080b21a93b4954e632bfbd4cd784c591a3fb88f5887

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 2cb24b87362fc244cbb2461ed7d3dfaf
SHA1 ad386729f1806646ba0885440db4deb37892b85e
SHA256 c6ac5d9e1d1e04499cba3da5e1b16fc3b63a980bd5884bf7bf0b4fcc68422e79
SHA512 a7a1378590cb466752509f48c68928eba7c4f89b3c5c3d7fb632e3e50fc4ffeb8d734b9c8324b6fb88cc5507b98a7edbdd508944edb04b963f7f22b16fd64fdb

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 20841600b34d4eb2da9b218e76085494
SHA1 93cf5968682f6240e9658d4296fbc85a6e1a4ae4
SHA256 32ee0e1812057590536dae98be67c40bd52f48412de30ed5c715a213a7dd529f
SHA512 b4790b72a19a035ed0664bb11671f8eaa6c8546d30b34dad907b9fd81b3e5e89b3145b654dccf270372cdae4b94219db80e09fae30099dfe8f32593f21f945be

C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

MD5 49a03a770ee2ed65aaee560192a04a04
SHA1 a10b11748bfad12426f24df0939ba9238b228f64
SHA256 fcf9980372d1f3ec39dead9eb906cba2030c38c11187e5a2f07a3ec40a48f257
SHA512 90f002b669c115dffa702cff9092c1c92ab0250c581e639e625f660d491d65f27daad7f5178bf1e00dbdc7824ef0e045bb86907e65eb3d72e8d69af8d248f161

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

MD5 fd6ac87fb20e188814744c4eeb9f9f19
SHA1 5f1181f4024785ef804acec0b2a0342f41036ec2
SHA256 d7914eb5de1f91a2bf9ff0acd8af2b4536eb1e356bc003c0d5105cc6c657c459
SHA512 e677c14dab526731cddb3c68cdc62c4e67d7ff1ccf414f9e7ae7b5ff1de59e262992bae2c56262020da6db0da19be64182778dfb3862a2e520e76c66bf72c83f

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

MD5 4aaad6407ef935ce1ed1cf84f2b8ee17
SHA1 a379c854e4ca7395f9c0a4a0b64c5a313b67e680
SHA256 f556f86e49613fe4afa92842c0f2c7bdbca2c6df1c73b0e0ccd82572c8a38bdc
SHA512 cdc9bc937010863b4b1d0b1d83a370b45a899037c0688241cef7b90c93b7c62c5e9fe3a395091b72e7b21441db08f437409163c0c5193919e7dd4fc2f6d0d396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

MD5 09787e4266e2d11e99df31ecf240c50e
SHA1 667b8cbb4332a70bdee369a2beaff95e32c55b0a
SHA256 13f483c3b3f745d9596cb1c99e6f8180956a904f0cc22933f7371ba09d1544fb
SHA512 57ae141d518b423e12424bfec2706d5058043ee67a06cd512aa024b3e8c05fc5500b5e03bbd73afadacd4e1c7f68bb5134d921895712718272b8c7770f832ff5

C:\Program Files\dotnet\dotnet.exe

MD5 e377c7d7b3de9a25024331852a3ecc30
SHA1 7d8085b09f72133a828ab41c0fa7c9779728e0d0
SHA256 7c197196734e746a0745be91209e42ec792109b50a8ecdfabea1ad0aa0f13f32
SHA512 fa9414b3a78ffb6b21fb2a15b2bcb9a14bd4457dadf776fbea83ff27854d12d1b1784aa833e0d5bcc259a8961a614494f7a70c2694bdb00ee1b826d7908cbb3d

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 35d746b4588c86de25a0da49f33a9736
SHA1 c05dad9c40a93d6ed75398993e2a4a71da58d24e
SHA256 9472955c3d7ceaa8dc8a6867968ac78f62b27a9d28284fc56cfd10db14784bfa
SHA512 fe576b17c0972eb247b29b268ddb124bde6749dd2ea3b105b8a59aaf6b89a6ea960f34c5d7e4dc7a30cad167ae98f8fbdccfdcd6de291d7e87e8b12a90030fc9

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 b3adf0096f012c7919d3e78eeac0d539
SHA1 53485e7600ea65cb7c2d964b2cb8238e44ebac5d
SHA256 3089c9bca70c35b2cf1682db50f87ac04f9be13103cbd1ea3d57918910a142b7
SHA512 ce0185ccf0bd56ec8849a162c4970498dad999dca870cf43fba796462cbb30d6f0ec33edbe2e3e5d4770c80030e30ad167b42b08872c5bcb40350b43dd8e0372

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 9898312173376155bfe212f886d4b41d
SHA1 3b62fa60370e6c0625c3dbfb7c981aa476acd283
SHA256 cdbdc942d14cfc337b3056249374cbd174e1c48805ebe00fbd177dde255207e3
SHA512 853f3bdfc263bfeecc32c44eb868611622e7fafa497c34e17984b0b27e2eab47f94bee59f8d8dab7d4f14c848dae0d003d066b5a608d315e390ad5730423f9d2

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 de88a35dcc2b3095f418d0ce775009e1
SHA1 1ed3dc1b4cc94cdf4a02691c69ad881a592a6333
SHA256 76f03785c5764448a587058182b3f6cc39d0219a9f3daf9cbf085b373930eaea
SHA512 4f37ed36b4c653e649bbdf0feb27d4325321fa72d9c79908d7b2cfbcf1281ce23824b381dd8473228ca5d9e187222581798497349ad9207e339c553efedc6b8a

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 f90337fff326a61183c4cb9de33eb141
SHA1 979ee9fbd5a3e7a018a1f088acb7716829f804e6
SHA256 c8ccd4467e681a688edf2bab368314150d24a95c5656f095a07a7ddb8a69acd6
SHA512 2b36591270db831f360ca5f0e7bf8335ca1c0b3fadeed41847036ed0e6388bd15026527b8ce01353f814fe2534e50fc439dbc24abac60853b95abde1f7e711e4

C:\Program Files\7-Zip\Uninstall.exe

MD5 2e6379db4313490291e53905d4592e4a
SHA1 c61b193fd27275c7ff65ef39f9ee409514410cf1
SHA256 7f84d551a5e331e0addf2d7ef65d2d88fa46aa8adc11e8599a870e2753144159
SHA512 88e03dd8c784df20b05bf99affad187a4357ac661064908391c877eb9ff8b65123ee92b3a61f7b0ab1d37833f89ffd4998a52f08f88b447d44210b31456b5075

C:\Program Files\7-Zip\7zG.exe

MD5 fc26da638537a9e7513b748b827f8db8
SHA1 f9f297dbb2bd9492c467c1f8809f1479249cae28
SHA256 23f389f529fcba84b2ebd6d810e9cbbe381681b365d653d14ee1ac494c5f1852
SHA512 0c9f75a7dafee6ab2c2410600058e31187dd44eb04430fdd15a632e77971d4f3c5ef9da9ca7fc703d18a211d73065cff6231155f3c98f5a351b196a8ec8be672

C:\Program Files\7-Zip\7zFM.exe

MD5 823deb39e04801d4b569006ae5a205f1
SHA1 8e30d16bba3229fb2baeb1d7e36f43a1c753c67b
SHA256 16a07a1b1d6fb640a81c73f089a166474f64d1e1a10bcd5db889dee777ed1595
SHA512 31b7d29001ee7750c8f636851c50dfcc3ad3565d18fad4b3b912c4886a2f1ac3e8f9b01fd3e25e81d0ce0f1d7cd9d50eb75640d236cef80f0adb8ecba82c301d

C:\Program Files\7-Zip\7z.exe

MD5 263bb7cc1e33d067df218a46b0698f02
SHA1 b835a428ab8034d51dc3af32c157c07cf9c1a62a
SHA256 c4c8eb8b45125be788b9d46db0b38464e82082e7f47d4cf94ddccb7e623acd04
SHA512 5ff32ed7aa793a220d6fd9f6b7d133e9dd63511e19b21aa10d1d13386020063c07da8b789e3b61f9e32af65fab16a1d646e66400b664e055d7e30b76d4193ecf