Analysis Overview
SHA256
ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9f
Threat Level: Shows suspicious behavior
The file ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 13:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 13:25
Reported
2024-10-27 13:27
Platform
win7-20240903-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe
"C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe"
Network
Files
memory/2792-0-0x0000000140000000-0x000000014017E000-memory.dmp
memory/2792-1-0x0000000000350000-0x00000000003B0000-memory.dmp
memory/2792-9-0x0000000000350000-0x00000000003B0000-memory.dmp
memory/2792-7-0x0000000000350000-0x00000000003B0000-memory.dmp
memory/2792-12-0x0000000140000000-0x000000014017E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-27 13:25
Reported
2024-10-27 13:27
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\778a7dca38f5360d.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jps.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaw.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\javaws.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmic.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\idlj.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\System32\alg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe
"C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.138:80 | przvgke.biz | tcp |
| US | 172.234.222.138:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.222.234.172.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.31.129.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.143:80 | fwiwk.biz | tcp |
| US | 172.234.222.143:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 143.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| SG | 47.129.31.212:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
Files
memory/2624-0-0x0000000140000000-0x000000014017E000-memory.dmp
memory/2624-1-0x00000000020D0000-0x0000000002130000-memory.dmp
memory/2624-9-0x00000000020D0000-0x0000000002130000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 06bd8aef133f1a0bef93da98ec0fb9f4 |
| SHA1 | d5dac6b498b9fb679ee1e81feb1874ed5b391309 |
| SHA256 | f0ab3968ebede22e7512ee3d3b3a2d32ecd3b197db494c801a6a1139a4ef1a25 |
| SHA512 | 804838ca8a397ec72657fd93bf55fa20a7baf404747e7f7b10c68ed88dc84dfc8dbcb8933f40a6fd0eb171e2955171e9c9eab0976ef34d494d76a251f5a64721 |
memory/4596-19-0x0000000140000000-0x000000014014A000-memory.dmp
memory/4596-22-0x0000000000510000-0x0000000000570000-memory.dmp
memory/4596-13-0x0000000000510000-0x0000000000570000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 53edb83bc549829b8494902fe9c2b685 |
| SHA1 | e0363ee16e8a07647fbd171fc808a03da84763e5 |
| SHA256 | a3756c5501399ad54ecd4106a1a7255e08a328b2e5ac1f10ca61f0ed17268575 |
| SHA512 | de15ffc5f4ec137b432cb823590cc56f5088f0658fac7cde3eb092d007b154f12632eb9063ca16420c7c2478affd23f383b8eb402c9a3a0586fcfbdf51aca1cf |
memory/1512-29-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/1512-38-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/1512-37-0x0000000140000000-0x0000000140149000-memory.dmp
memory/2624-39-0x0000000002AB0000-0x0000000002D20000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 88fc622a67ba01d1416e8a8235f099fe |
| SHA1 | 80a787629fe250d722c5fbfb7ecb59c498575702 |
| SHA256 | 3ed74fa7699d2b8043ff0c29616da3517ed5e70984e316ad81c0a2b2ff31477b |
| SHA512 | f537f34c5f5ef402c7f755e1ac498f9b01b3d33a85223919593f35b6a53e9e40ddf27849361240ed84d7294319607cbe096dc3c6d9f8680afea53722ac6169f1 |
memory/3120-44-0x0000000140000000-0x0000000140135000-memory.dmp
memory/464-61-0x0000000000C40000-0x0000000000CA0000-memory.dmp
memory/548-66-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/548-72-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/548-74-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3120-79-0x0000000000530000-0x0000000000590000-memory.dmp
memory/3120-83-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2624-91-0x0000000140000000-0x000000014017E000-memory.dmp
memory/2828-103-0x0000000140000000-0x0000000140170000-memory.dmp
memory/2828-105-0x0000000000CD0000-0x0000000000D30000-memory.dmp
memory/436-109-0x00000000007B0000-0x0000000000810000-memory.dmp
memory/436-117-0x0000000140000000-0x0000000140170000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | b217518297ea300a9976bc9a883b78f9 |
| SHA1 | e81f3209a465542005715dee7a0e847e450a2132 |
| SHA256 | 8a6d6c6a3737c46f316b5c230608fc03433fba4a57e4e654977f917bbd91fa21 |
| SHA512 | 538e48ce8cef50d5aa43ffadb9b9d671eb44257a221fbffda14a2b111c3af94fba4638809083b2159e337a0fda25cfca00e1745a7b0196128b67e43a7e97be61 |
memory/2828-107-0x0000000140000000-0x0000000140170000-memory.dmp
memory/2828-100-0x0000000000CD0000-0x0000000000D30000-memory.dmp
memory/2828-94-0x0000000000CD0000-0x0000000000D30000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | bbb4438acc2c99cbd4f7e62f8dad0b58 |
| SHA1 | fdaf675524d7baf1d57ca7384c841a379149efa7 |
| SHA256 | d27a6d0d6356b21d9d4c3a61beff50feb27b965270eb189bb8bcb304a28a7aed |
| SHA512 | 51a8348bd3c9ee83abce43c21d7837d91564c75859624cd70bc0f2f21d1e9a26d06f9f9aa6b2bf3bc6e01cdfbab90203d7b85daa23a4698fd05901e5e588464f |
memory/2624-92-0x0000000002AB0000-0x0000000002D20000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 26d9580b434f38474a35c06955a4163f |
| SHA1 | a1b26e7cf68529ae33ead7f529f6197d5afc2d58 |
| SHA256 | 55fbbc05ed1561ebe8213ae448f7f0b5d4965b03ae699c55b9470279968e8ee9 |
| SHA512 | 330f5a554487f9321183e758af7c6f6a92e9e60276463b46a5acf416b85bc382cdbfbe18acdaea1a7f8fcaa82b281b801207a833be38a5c4ac402583d0c1ac1a |
memory/2624-86-0x00000000020D0000-0x0000000002130000-memory.dmp
memory/2624-85-0x00000000028A0000-0x00000000028A1000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 96935751a62967d96b7bbe0838bd1ff9 |
| SHA1 | 683dbd023cef30add1bc44110b3e922653f09aa6 |
| SHA256 | 2b12d19312dc03cd08b08dca85cd4c65179a827e3880ff2e7b3caf2dea6460e7 |
| SHA512 | a3bd242b68f6d000b4900725fda3b0b619355b562cfc73c54ba1c72969f4d5e3d312cbccd962c44be9ca7d61d3ed8b4fca121b445643c4fce2e73a95b6503f56 |
memory/464-63-0x0000000140000000-0x0000000140234000-memory.dmp
memory/464-55-0x0000000000C40000-0x0000000000CA0000-memory.dmp
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
| MD5 | d6bb05ac256199fd6edb96efd0fe746e |
| SHA1 | ddc63d6cefa584a67520ef6fe7ced4f11e0f6ed1 |
| SHA256 | 6595c3c8c0413a3a3e0a190ef0b12626c27131c195ceb8a4cffde4def09a2520 |
| SHA512 | be5c219d8afc2a34cc30bf18b85f38d1e7d2a5a868d646de16ddc1082d0f869ffbc441edcdb6c022c9c873d21db1987d7b63d32440f617c1ffb88d506bb199bb |
memory/3120-51-0x0000000000530000-0x0000000000590000-memory.dmp
memory/3120-45-0x0000000000530000-0x0000000000590000-memory.dmp
memory/4596-214-0x0000000140000000-0x000000014014A000-memory.dmp
memory/464-274-0x0000000140000000-0x0000000140234000-memory.dmp
memory/548-275-0x0000000140000000-0x000000014022B000-memory.dmp
memory/436-276-0x0000000140000000-0x0000000140170000-memory.dmp
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | f546486ceb427fb3872cbbf27ba911df |
| SHA1 | 6fe139035351c9b96343b49abf3192c48c930ca3 |
| SHA256 | f06210c6b274069901d367ab222779961fd861428306302669a46f908d5f9b99 |
| SHA512 | ccd83352583297863ee661a5f126377b46c7ad8eb187a4de6e8aae64453f864b8463ae94be76567e0a3cb3f18121ebbcdba1e581de0e5903ffc4dadfe20fe8ab |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 85a0a7c2a3201be73fdada234705e492 |
| SHA1 | 5c5bf386aada312a31db4d98bfc7f799642bbf83 |
| SHA256 | 85f1e93d654fbee78a3d69770263cfb5c0cf63bc3f1b0203c57822e78335f246 |
| SHA512 | 1d0c576a5459a34c8e938ee8f268c8c86fae5cabbd53b66232da8ce238a9c34d1665c8c5926690099b34bae36b3768560356569674b0ac3145065248963e57d0 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | c1c005bcd48a923864e857fdc1f748bd |
| SHA1 | ec38030fdb802706e360ff3f9d7ffbbb14996043 |
| SHA256 | 97c7d1055412f7b033fbf6807b1209241695e46f940591101a6ed7e27d4780fa |
| SHA512 | a48f035b899dc58f3c81bbe4d4da3bf7a880fc03c7ad005ab4abea934280f16bcb5ae243dcdc2e166fe27e40fbc78228eaec8011dae839698a1549de312e1060 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
| MD5 | fe7f21d971ff35042fee6aa2a5e5fe20 |
| SHA1 | 5e2fd341337369fef234d9531315370bdecabd1c |
| SHA256 | 382b57474399b02d166017646e6c06fdc2924da2fb0a7020974219c8db38eac7 |
| SHA512 | c1803a8d9501a6c68aa0f6fff3022d3d2122e85cc86e6956da4fed4277c030cef1869bdecd1c9b3ddcc0b071cf5dd3e4628de57f53a08bc8ca4867bb4f742917 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | a59782d668434ff94dc97551f18c63fc |
| SHA1 | a0b234a49381b532fd32068fb6288dbfaff0d67f |
| SHA256 | 08f428c0a2fdd25cd0ca22e6a0dd291868375bd53bed6cea5889497ea00d23bf |
| SHA512 | 5e37034839a24991a62e962b55d6680a0512179d6216dd8c1557e529ef02d3464e9df585fc0ee7e44c4840e8dc688e3fa4874ca519c4c1ad742a039893b0b667 |
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
| MD5 | 5dc5cd7c521cfc9960817fde648ceda8 |
| SHA1 | 6e4262fd294f9db5be4443117f20c0877be132d5 |
| SHA256 | d824ed019fe3db73a0bc26aa4df54122f9a2f4ecd0c0c44d52c81cd74dff59d9 |
| SHA512 | 03aed776efc4b3b53b6f2a4de1a7c762fb2c63cdd8c8aa31fb2c2e2704aedd5d6bf2a5b9477f09da4469731905fee7780742c2c378674725ba233473e6ef6e3f |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | bc06d49f6cda051a9a3bc9fbcf517002 |
| SHA1 | 40d983458ff399b30e195eac18a3fb3c36d0595c |
| SHA256 | 201f869faf2270e43dab219609f75cb45009fdaadbcdb3ede89723996a7dbcff |
| SHA512 | 47d4ce284754f251352351785d22a14ade0b65db7aabec97408469922c8bb2411e27140f090fe47513a1156a8c66e72464ab89578011526aeff3e966c9b126b2 |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | ddf37296f64ffd16df407228413fc1cc |
| SHA1 | 23c86d51f2cd00bc8af9b87095e5806e5b5e0b24 |
| SHA256 | 8849e20df45be1185906260675e6f07e418fb0ca08998c32224d4574154ee7b9 |
| SHA512 | e6a4e1f048e0992421d2ec5b5579867bbdbe779e210db4bfb0254e3d675f1761141d8767510179dcba7869b0b893534cd2493002748a5e389726239de6f470a3 |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | adcd0391bd12e52ec154788c6024f3da |
| SHA1 | 65e012a42291e0ae25ecb95a73a676fe2ffbedec |
| SHA256 | 1f210caea4c3c6ff6e4cf101f8550da026a96b77175c9691dedb5f8f88071dc2 |
| SHA512 | 9e15d1c5e2b08a0ddd44170babaf28fe58c155a95de30c3501e7e6b5294642a90dcd65983513c379340190ac3ffee615cab1593b56640ba27383e11d4af5b8cf |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | 4390327c781a5442bb2c2544264690b7 |
| SHA1 | 3cbb7e40c6001c6187c6c3730c0a7ef1137ac8e0 |
| SHA256 | 590592abc1742fcab9b3ae4638be28fbed0ced04b8d7ce75a033029a0c04f2b1 |
| SHA512 | 88bdb2abbf3e3075fe95edba199fe18eb38675a9ecc26e17664975ce1548eca1438dd9aa8045f1a8855f9ae57d4d7a4b2c41caaa9322879729d8b6b0bce86954 |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | 028cd3e3e288164ba5e0a60e39d84672 |
| SHA1 | dba0508039bdd494c3d342b94f226f989c2bdb80 |
| SHA256 | 06cff36cc71e8d59be509b411a8b0606c17a55407b28014f01be398effd24539 |
| SHA512 | a06feed85962231b893593cba98556ef0090beda2a907341544f882e26950de1e944633244a0a42a8dd003423e2dc0f139fe48c4f8a421ad9847518d934dd2b9 |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | 6a8e964bd1dc0c25c292d4d090f53c95 |
| SHA1 | 08d5e49c68fab12e0d46251cca71d0f054992e7a |
| SHA256 | 9e6f2813c8e1f498896d43466d6e8a6ea8f41295eec35b670ccad8f9aa332cbb |
| SHA512 | 02d733a194eeb9706ba80c141109ea848796406f0822709ae7366b6f3ce4e211c629d00bf10ff26360710a3e8adaabb517cdf22cd335b1b650b0fd73e0b86218 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | 796d7fed36c08456319dfc321ebdfb61 |
| SHA1 | 3c8af046d8cd58f795b7d8510ff9df7123ff60cf |
| SHA256 | 03834345c454405d38769a9a525f3b0f2e3086af6f8174ce2e49e2dd134a8dda |
| SHA512 | c75db3c6c68b80d462dcdbdac3f7ff58e5dce78036b5a7e0b93d8168caff9cd78b61d5d7c04e925ea1aae4e344e7f4a6651971a8bb591730746c93e7b700d9a7 |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | 71f6e19052ce908f41a17617b79c4a74 |
| SHA1 | 0d246a86b3d53bcb0a65284a07c9fd27d31b04a7 |
| SHA256 | 4e0f50f43b93f2021069869c49897b9ca4cac280a02060bb50ae28780f802970 |
| SHA512 | e6413fbfd2fb27df0259e1e17ae04ac7a2443df55f022b694971fd5a16d04be8d526b552e2ab89c52e01947328cc284303f4515d93b0c7f35c3c445468fa0b45 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | e1126e19539e5ffda567c7c35c962a1a |
| SHA1 | c812fedb92caa5791e6f62e3386be772fe1466f6 |
| SHA256 | 8d0f229dba36ac6763b59ef1fbe1e6051e3df0e5bbec3669cf2069e804df4e1a |
| SHA512 | af59f1bfeadf1260508a74ca393e61236f67099d924687053fe027c4de8fbdaa793512d0c0d455e4011c1836f5e703f76b664fccd416e5d3cd5c0751ac81e60c |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | baa4fbbc3d557a3355b344c9b94402b2 |
| SHA1 | 2a4c138d54760103a0da3861af4a487886abd9b6 |
| SHA256 | 638317ae0cb44aa5b11580e3be757bd7d40313a395b009eacf4a1e65b4f63c3b |
| SHA512 | a568de3e0cf484e88fd636ac91eea71039fcd8f2d425fda58b867df90c01c577d9c80d2c12b6ad8c60c0fa9dcb0581dbbf7206d0912565e935f2afd22155e637 |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | 57e8fa6cd0bc8ce213545cfaa6bbd377 |
| SHA1 | 4ef03e42298b0f27d024d44168418216b44656a9 |
| SHA256 | e40ab8b99ddc44a7d3e64c24a4904b186eb3cd9d248c957d99dc85b35fdba5a5 |
| SHA512 | d5f46366d0ef60ed4b853ccd6d1977f5556c46302484a01a7475942bc3386d2609fc77173ffa51e47b7b24655b8bc5916b77c2cad7af715b7d413216a4a51123 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | 5602e1f51917aaad75f63417dd299f15 |
| SHA1 | ed45330812fd96f63835e753619fa533ad21746e |
| SHA256 | c1ddf117e2fece498ac669bf813b535952a086b0ec34de2ea0c0a9f2b828de45 |
| SHA512 | 10d14353aaf928e5b5c300f41481e8d1fb1bd3e7028f155dcd2374801f2a628d1ceb7c43f0d6c1a0c15bbea4f2c8a7b7feb9fb48de31e524fe6efb86286222db |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | 64a42376d9d4459d55b1a21535e90190 |
| SHA1 | 86b5554f9928dcc3f7fbb13febc904033be0c92e |
| SHA256 | fb692e11ecfec2afb4d058fcea2d5223fd965a970d42d86538cd1e49c475e97e |
| SHA512 | 54629d17d1fd2bb283a97277ce86a5e3efa5ef3226551fd1edd62e184ec10c7c13c6704078c1fa6ad90bd23cbe88f4a467b516b082343f1f63dcb3aa70625709 |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | 3fbeb965ad4de36a5c5d32a0a51809ab |
| SHA1 | afc6117820a00892cd4f91efb0fac81f6ac3a25d |
| SHA256 | 0c3d09d28d8ef2cc39709e8e201511da315380849974e5db412d48f1088de798 |
| SHA512 | 5264c5169e643bf91e8847a542c17497651d01f8acd86e89ebf9fe8d5db76c5669b915279408c8f7287860313308a11b065293f264cd30c8d3b47c3563ffef57 |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | cd854ae9a1d0ed3fb4323090c5d07a22 |
| SHA1 | c4c7204c729a0b27bccd2942e3b02f0b09933eec |
| SHA256 | 38adb0e08a72d765815c81f6d76f4e004c68f98084e8a38e6670f0745d04adee |
| SHA512 | 1c0e2337defae4d1c8590e3d2fba5dc960192b6911dd2789a3d80edeaba2491f49fb57f2bab932b3370d3ab92e3a1139a56849373701f9d5fd0f2460f1c708b0 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | d3998e922518732cff87c0d915e1e810 |
| SHA1 | bded5000f3e512b0aef0269a74c8945e8cc8c286 |
| SHA256 | 52dace2d18c165bf1cf97383fec4e8f7e4a813c49479b38de586de95c7eba5c3 |
| SHA512 | c0ce45a2113f158255637d6ab54388023fffcd5c4ca61e44cb82ba7fe1116ab3580060d6df9fbdc670477357b8b542ef76ead9de0f210b10b7a4dd4dc74e0617 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | dd6bb8d855b2ea4e916bbd1eccc236ef |
| SHA1 | bafd525496925d376e4db99bf4e825b8068f9913 |
| SHA256 | cbe32b4ce8a417d62eec6c379009611523b6aed66240ad2aefa76812d3578e93 |
| SHA512 | 40ea262be8365bb6e75fb2e4fb558590bbd04f231428002e153ab78e305b1a0623a2b8759e8c3fca2a4981b2a93b77f54259e24a3f0ecb278f91767890f64a27 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 9fbb2f5c9cd5c3244a72dc91a4b205bf |
| SHA1 | e8c9326f63dc2fc0348f98795690f1498e37b134 |
| SHA256 | 73d1f047ad243fe13d72e515263146f2b30e8609032a28c3e5f4f5d419b4a743 |
| SHA512 | 693da4d35276d4e371e4a00e052a9c7dfe8b503eb20d6fc37251c63a895fdc31f2e048cddfca4e28e56c8bad02173689838467875996aa862e8040d069ce9947 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | e4017f3bde2da5968570a8162558026f |
| SHA1 | f656ed80128372469a98162e6afb7a0e722aa255 |
| SHA256 | 0b7de22763cbd8ef5e032ce8c37718ccef3c01bc39983c6829c8f49a620a1f5e |
| SHA512 | f42a4bebb618496232f85626b27a29df769e8be210a3f5017281039f1c007225a7182b94eac1392f77dd373516951bec48e627c95258ff0d1506f31caf67d8d5 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 7addaeaf0b672c05b152e6bf3e9c99cd |
| SHA1 | c6b7aae1e5750e025ec0e682e2503196914a2468 |
| SHA256 | 8fcd28ab4bd5a4c8229736285f8ff288544178f5f8acdde9d3112c0dbda65c79 |
| SHA512 | fbd58ac2157f5cd4053c7faee25473bd0ffe139b2bba70b9de8c4bcc90f106485daad91edf24f3fd998985f406625b903e1c765ba9f70db8c4ccd53e08dc5f1e |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | f8aee873be566636950865c1e6904e75 |
| SHA1 | cd2d8fd7c09ab69ead97736b4ce0d197cd1e71a6 |
| SHA256 | 3a2945ed2110e3f2eb1840ad58f3d1e4c0198cf4343f9d6765bcfc33bf8a75d8 |
| SHA512 | 885c18a96cc1c621ccd4a381bf5074148d5e2c94c22f9c01a9e856f1ea7ae85975945609e118abed095640109161b8778498615e4bf4926a351802735277e556 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | f930779eab081284c494474ccdbfb277 |
| SHA1 | d5caf93663550ccaf087e1ea76d601f42374e80b |
| SHA256 | 41b08ae773627b8c8af2fb2ddc8589719bde17fcb0860e339d533c2e228f56d8 |
| SHA512 | 1fa982379616da2aae5662cad52da8be7ec0b306e3b6a901d10776eb3eaa1b44ea8c99b0588479c3dcd42cd4851c33c878aeafac7ce65673dd5f79e82632f96a |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | f3844cc708c914c3ae6409e6f6885f1e |
| SHA1 | 8099d669c4bb34af7bdce89a2003cdff0291afc2 |
| SHA256 | 6b47a85367646bc6340ad7566dc03ce33ba9f4194e6780067f070152394b2f93 |
| SHA512 | f979aeddbd5fe54b5a4bba82a76ddc20fa042c923ca9425575abf76035debb9fbd7accc2a8234a81a589c1c9541cdaed9be1ff8592d6b83491344103c4e97f94 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 2f0d4e6a31d9de91f6dd901f1057b295 |
| SHA1 | 45c6928e00f920c410cf91051d0dc3ca27548b25 |
| SHA256 | 12e0f63f322077ca91c2cfa158e040b0e0aeeeac85415b92c149fb43770eeda8 |
| SHA512 | 927b07936fa5699e32b86a7d0f65aff078b295aa549249c6fa24331eefb6be053a792b711751160212009449e367445e05448f6321023fc70ca9663b1cb525a0 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 941898caf0214e9c47c6afd445b6695b |
| SHA1 | 76b190354dcdf66f094c63cb268ce3aef0ad9025 |
| SHA256 | ff3a36ac9ec56fb3241cc7231ee6ffe1b20773d12d296c6a4d36401080a48ab9 |
| SHA512 | bc7025cb94fc0f3bc1606d69b04da63ef9262ec44de560a9272ba18d5154dab64c3680f9aac50c5cfbeb7a95e97fd403078dc68e4b0cc0a7332be2f349b68cbe |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 47cd9aabf78eff7eb26129b5c08c508e |
| SHA1 | e7e9cbb7c20b16808d662cd57800b4d3ae4c33aa |
| SHA256 | e9a97362da4678c454b54e5ea902f93114cc6a68e322d975f243affb46410d19 |
| SHA512 | d8c340c12caa1037d3e2d8f951274eb67effce4a6b4ddd8b5071a25849926bc8bd5070a262c0b1f7f20ff6654682e72e3518fc0320331fe54c233143ccf55e82 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 63584d0b63f1960df8169fc7d725974f |
| SHA1 | 1d71cfeeb601eecb73c8ff9671a7d40737d79b56 |
| SHA256 | b50fac7b0942032fd8c1db63227a71d0ddc5e69e731228a59d2643e7cbc1d87b |
| SHA512 | c4badaf137ef7d955979c714e7b2fbd7e781ddb11c5c3f7dbd314aa121f7fe7be52d748ec38c3b79dde32471f912f6563064b55882513ff895b95b8f8845f9b8 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 0baac728c0de23b93218d0779934091a |
| SHA1 | 57b90a38aa3723281e13d433d67b5970c40552c2 |
| SHA256 | 577a31683d4e7a5fd83c48b3b494a960de58fae246c0cde9a0b1dcb3c88b7a65 |
| SHA512 | 65a7c59da2db547f5146455c24ec0c3ee35e35a71eff5abff7391448aebd3648e0b355c6bca401afea0adcc7f46e5cea4856a7ab0f147e25edce47dd2a1b8253 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 0d0b8833a20b68f57bac0d9af67dc40b |
| SHA1 | 8a64f75727599f9fbd61a981083f3fbd83d634db |
| SHA256 | 7fda5d0ecddef69745094038856041746c766f5eff89ffdccf18b978ae176fe0 |
| SHA512 | 3866f39fbd5c77daeeee762b4161fd9349906fb1e6f88afc013534444b4115bf3277de6c0ae1212884eb8bb6b1e0a7fcf5d4de1c169e5b5df568b2700ad3458c |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 1a2df0277970065ed8d67779179e3750 |
| SHA1 | ffb8c13bea33b0b98a2449e8134add51522f9d22 |
| SHA256 | 8531fca3a4b19d3f32eac3f9f1bc915fb4a2926bf3b489174990c3f82d0a5588 |
| SHA512 | 8b8d625c908dc36ef320bba710b13ddc061b9c0d8ce7222bda12bdb6fe69aad16aca21211c0622a13d55468128927522408cde7e2bbe10829a82e6f32381405e |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 46a2355138fd8a32b56de1a49f19bbeb |
| SHA1 | d85fb38f2006b90f69debfed9dbab63c708f9dbf |
| SHA256 | 66ff39f9d7123505f6609548a9222f87578a016cc18b78b460bcc569fc1fbb3a |
| SHA512 | 13d3bf4b4c0df36a00c84e1d730d45c1295ec6823d832637b50738950835693e8b1742c06e37827138bf8a017a4c8b3d5a428ab36d399374dee15c73d48e4581 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 9eafe2e3cd34bf6fbe7dcfa3681be109 |
| SHA1 | 0acd61d7d989e487bc54681bae78f728f0796942 |
| SHA256 | 7e679da6cdb64acef8fff4c6a1913d5cc1f204db9aadd8562fd6615847721263 |
| SHA512 | 85f560fd2eda05a60da0eda2f7506e5f6dcd176e188ec4fd700e3db9603afdaf6810cafd994eb17212f9b3e47809afaef6cf16ba907ef81b83338ce32c6a7fe2 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 25a08ac8021271623a98f326883fc175 |
| SHA1 | 8b5128a813451c333ff5ca68834d047fbb20df71 |
| SHA256 | 0bc267c2729a6427cb2d386efff1aad5fc5da94aec270fe42882011b11c8c380 |
| SHA512 | e332283856e8220610eb8722475f7d17164f4cdc4680238d92f43af416911b3d42f431a59d44cd665021d96e2dc000445acfadcb9d0a39cd784035234d4a65e3 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 9207812316b9ac3dbe7b2204a029739c |
| SHA1 | c0e79b9c555ecc8738cb9808f3bee9767ff88490 |
| SHA256 | 758a051352e589bccd4cfc013cbb3aedb7041324de19c98f6e75fc75aa2ae4e1 |
| SHA512 | 62c43cfbe17be47a3767126cd7986b43602f622d3fc688399619b502bc68ebaa463c3b74011b8e30edbf47fb11d337cfd1aff5f96fb8d88304e60c3286cb94cb |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 82c26bbb4ee8b3b8954de69f87c05336 |
| SHA1 | 11ecc6c7dc774ac519a6403fb43edec4774ba311 |
| SHA256 | 52ac718daa02513397fa6c7586dad0a40742f210f71e6f2e02f8f4ea34c8024d |
| SHA512 | 8ac2c148de05a865ab8f152900b79739654555e1311b5cb49d9080d84597fb44e938853c75594664b64ca363790032cbc412dd1259b4caa35a3ba408fe9adc4b |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | c7d734678ec2fa622c87e36a8750080d |
| SHA1 | 3bcdabcdc50c3a786e608827ed48b41914124c62 |
| SHA256 | 2f7daf5922003c6984e3412e23c721b7f54e2ac2f2bc749498d4389ff3718446 |
| SHA512 | 8ffa01f2f2ff3e9fce8883c337fb023685c0640400f03cf9e427b54c30bc29a0f35f10bef85804dd87e990975c5b7d92e7c43fcb72e20da9a6ca854893cf594e |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe
| MD5 | cd1e0e9bb6698d9fa174df98710eb412 |
| SHA1 | 8963c982208da79a120400e296584a89515eee37 |
| SHA256 | 09a4a8f0159674c74b8746af33b6e6488ac9ab14ad6bf0b9aa9ffd230b39ee97 |
| SHA512 | ebdda28abf26d79472f06d5e8e89bb5ed1fabde6ff284fa11bca2c9c033961ddc4d0fd753ca020f7a008c74a8f8518adf506d523c16c4e189d04441299720223 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
| MD5 | 2ff9c8faa1a1dd7a7807e9f97262e61f |
| SHA1 | 286413995bc6a398631262a0605931c5c925b3b4 |
| SHA256 | 970f5aa688b4a2b803831f46542c3cb417e0fd39d684f18835f8cce1bd46816f |
| SHA512 | 10ba109119fb9353ad5328e98913292d57f6a5ce0dc5347bd864eafbb1da8d84630019ed4282bf14fe2a738b56c9533b2ec63cccee4ad15c3f3aaaf95d213046 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe
| MD5 | 477a8c4ef46cf2840f251e9c9b018967 |
| SHA1 | 58526a2dceb58b805c47b080aa3fcdacbbcd1366 |
| SHA256 | f27040fc67a993653ae3b4ec10e02958ecc0ab7ba7715fdbf5444f85cdbc7006 |
| SHA512 | 4532cfb880eec9f74020d8bd997cc733fa9e63ea7b4aa2a673cf484b5b5053fe0039a81482d9c0bc8581ea7a3c4a29c0abe3b6ecd8e272e1326170d2d29c8113 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 00458d5eec7a7fa92403d02e57d64a5c |
| SHA1 | 1e960bd5f419b5e1164c58c9e9ed3b868b606460 |
| SHA256 | f89c3ce8e7c333d0c847376f4131c22eca2c402d53150c83e77f7c211fe57847 |
| SHA512 | 30545de7cbe529d1c3893941f0546cf791103219a59fd26d2167d6a6381519ee8b900830fd40816fc41df0a40eaca50b8d0d939f4e83f7b45e5bc7df123ebaa5 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | ccf65919d09863683e58cf4aac4182db |
| SHA1 | 427adc2267b2d449b3d88ac835a32062bd0d6a86 |
| SHA256 | d3976cf54ba9a8b0b6a2b18ff548143c18aacdf836f6be6770118703f828548f |
| SHA512 | 22da56b9db4c51a8dcf127de5aabb66bf60dede7bc3155c7b26dc4028399a4fd7df12b5247dcb574c33b36271371511d16e889c9bd1f9c21f0e4530b132a91c2 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 507780fbe939c76c5c79f6c3e3df92c3 |
| SHA1 | 32edfe63450143d572664aede6a073d60435d77b |
| SHA256 | 3401fae47f25732664ee315f6f2f10a5d2c031d76993499755a506de64a86f83 |
| SHA512 | f7b40418af683e5284540727a46dcc0691f6b23da71386fb255a3ad6f90fa0813076ca99bdc1041a1cea6ed58b3f1668725240ec902d41988f0a98a42ecde9a7 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 013446413b6b4f1c3d105a08633edafb |
| SHA1 | 14a919c4925451d0dea0e2ae71d8d6e292416278 |
| SHA256 | b1f28d982043b934b61655be9dee7337c2b37395a0fd4b38bdaa76c09488cf02 |
| SHA512 | 33d9e0bf799bcc8ca5d67fc09958ed842d1369247f51a8856e78c21078a361b8993eb0cad636a90cfca9ec5f4893444e9cea71475eba455ceb6b3b5b7ad0262e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 18066fcd3b6716515fd194ecdf875447 |
| SHA1 | 55b976d985451ceb27f1b2dfd93d964b5f6f6291 |
| SHA256 | 5b6b31b3347c69cb0b6323b9993b8aad574b504fbfde74632ba6e4f49131f2e3 |
| SHA512 | a1668cf7c8a79fc94bfabb7861e8160ced6984a4714b51f0c805fe444e355303f256b58367a6e37f91de501dacaa42d89a5b37f2c81c18c32edbb4119f800137 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 4312b87574b0cbab96fe721bdcf61d49 |
| SHA1 | d09d141337f64ec8e7c4e58a0514d1e2561e27aa |
| SHA256 | cf4d00c221df7c71898df216295fc5c764172fc58c980162cab648704a404957 |
| SHA512 | c9eb5f39ee74c1b99fd48ee50e1f26d309a4e6d28b72b6062e5b847f9822a488d9d3a09c0eeff350844eb6c8b1a2d96954cc69d7b411ff659f99e02e8600a62c |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 17707c5b4bf595cdee9fea88dfddf711 |
| SHA1 | 5515922f35ff977cc2e75caac02bd2bb24e0aa29 |
| SHA256 | eb287a6fdc49a1479fb02d767f58f9e2233462fc349e14a12ad20f0c93221015 |
| SHA512 | 308496797c62048baf63db723a25e8df7f493ac05de445926ff214f9d9f20cfde171ea37fe5560040d84ca5033e364427f4f0ad799fd0ae1efd171202b70c975 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 856cbcc8edebf4e4fab365332a1f2722 |
| SHA1 | 0922d8dd214a11250c8704634d5f3a9786ccadcb |
| SHA256 | c390bd9930d579c23da81d8331220c666e772f410d11c2bc455ff6c734ef7484 |
| SHA512 | eec3f7df1a485f18802a81425f4ea4d6f9f25447f40468c0840c473ea0f054af4f17905a985561535bd762bf3465b667c1c074007ab77dbef31115e496853230 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 8b51866f2afd68d0572c426499cf7ddf |
| SHA1 | eb7771d7edd82e9ca41bc3b22dc7379b2836f3b3 |
| SHA256 | da3162f065cd8c7f6b6de90f4a1997e1c14a22f823fc6cc7f3dc3a633be3e3d2 |
| SHA512 | 7f463c2070faa5b9ca6ee0caaafb7bee18b1e223e6f8ba43ee527c2cc5d78f3534280049c083d455937bed0b41e6b198cd2aa7de85dfbf00f4b4d21f1d128980 |