Malware Analysis Report

2025-01-22 08:33

Sample ID 241027-qn4n2sxgqg
Target ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN
SHA256 ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9f
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9f

Threat Level: Shows suspicious behavior

The file ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 13:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 13:25

Reported

2024-10-27 13:27

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe

"C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe"

Network

N/A

Files

memory/2792-0-0x0000000140000000-0x000000014017E000-memory.dmp

memory/2792-1-0x0000000000350000-0x00000000003B0000-memory.dmp

memory/2792-9-0x0000000000350000-0x00000000003B0000-memory.dmp

memory/2792-7-0x0000000000350000-0x00000000003B0000-memory.dmp

memory/2792-12-0x0000000140000000-0x000000014017E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-27 13:25

Reported

2024-10-27 13:27

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\778a7dca38f5360d.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Windows\System32\alg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe

"C:\Users\Admin\AppData\Local\Temp\ade4604b1676ac608df357ff24b61c032770738817c44e01da305ca65cbe4d9fN.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 przvgke.biz udp
US 172.234.222.138:80 przvgke.biz tcp
US 172.234.222.138:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
SG 47.129.31.212:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 212.31.129.47.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 44.221.84.105:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 172.234.222.143:80 fwiwk.biz tcp
US 172.234.222.143:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 18.208.156.248:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 143.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 18.208.156.248:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 44.221.84.105:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 18.208.156.248:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
SG 47.129.31.212:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
SG 47.129.31.212:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
SG 47.129.31.212:80 mnjmhp.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
SG 47.129.31.212:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp

Files

memory/2624-0-0x0000000140000000-0x000000014017E000-memory.dmp

memory/2624-1-0x00000000020D0000-0x0000000002130000-memory.dmp

memory/2624-9-0x00000000020D0000-0x0000000002130000-memory.dmp

C:\Windows\System32\alg.exe

MD5 06bd8aef133f1a0bef93da98ec0fb9f4
SHA1 d5dac6b498b9fb679ee1e81feb1874ed5b391309
SHA256 f0ab3968ebede22e7512ee3d3b3a2d32ecd3b197db494c801a6a1139a4ef1a25
SHA512 804838ca8a397ec72657fd93bf55fa20a7baf404747e7f7b10c68ed88dc84dfc8dbcb8933f40a6fd0eb171e2955171e9c9eab0976ef34d494d76a251f5a64721

memory/4596-19-0x0000000140000000-0x000000014014A000-memory.dmp

memory/4596-22-0x0000000000510000-0x0000000000570000-memory.dmp

memory/4596-13-0x0000000000510000-0x0000000000570000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 53edb83bc549829b8494902fe9c2b685
SHA1 e0363ee16e8a07647fbd171fc808a03da84763e5
SHA256 a3756c5501399ad54ecd4106a1a7255e08a328b2e5ac1f10ca61f0ed17268575
SHA512 de15ffc5f4ec137b432cb823590cc56f5088f0658fac7cde3eb092d007b154f12632eb9063ca16420c7c2478affd23f383b8eb402c9a3a0586fcfbdf51aca1cf

memory/1512-29-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/1512-38-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/1512-37-0x0000000140000000-0x0000000140149000-memory.dmp

memory/2624-39-0x0000000002AB0000-0x0000000002D20000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 88fc622a67ba01d1416e8a8235f099fe
SHA1 80a787629fe250d722c5fbfb7ecb59c498575702
SHA256 3ed74fa7699d2b8043ff0c29616da3517ed5e70984e316ad81c0a2b2ff31477b
SHA512 f537f34c5f5ef402c7f755e1ac498f9b01b3d33a85223919593f35b6a53e9e40ddf27849361240ed84d7294319607cbe096dc3c6d9f8680afea53722ac6169f1

memory/3120-44-0x0000000140000000-0x0000000140135000-memory.dmp

memory/464-61-0x0000000000C40000-0x0000000000CA0000-memory.dmp

memory/548-66-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/548-72-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/548-74-0x0000000140000000-0x000000014022B000-memory.dmp

memory/3120-79-0x0000000000530000-0x0000000000590000-memory.dmp

memory/3120-83-0x0000000140000000-0x0000000140135000-memory.dmp

memory/2624-91-0x0000000140000000-0x000000014017E000-memory.dmp

memory/2828-103-0x0000000140000000-0x0000000140170000-memory.dmp

memory/2828-105-0x0000000000CD0000-0x0000000000D30000-memory.dmp

memory/436-109-0x00000000007B0000-0x0000000000810000-memory.dmp

memory/436-117-0x0000000140000000-0x0000000140170000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 b217518297ea300a9976bc9a883b78f9
SHA1 e81f3209a465542005715dee7a0e847e450a2132
SHA256 8a6d6c6a3737c46f316b5c230608fc03433fba4a57e4e654977f917bbd91fa21
SHA512 538e48ce8cef50d5aa43ffadb9b9d671eb44257a221fbffda14a2b111c3af94fba4638809083b2159e337a0fda25cfca00e1745a7b0196128b67e43a7e97be61

memory/2828-107-0x0000000140000000-0x0000000140170000-memory.dmp

memory/2828-100-0x0000000000CD0000-0x0000000000D30000-memory.dmp

memory/2828-94-0x0000000000CD0000-0x0000000000D30000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 bbb4438acc2c99cbd4f7e62f8dad0b58
SHA1 fdaf675524d7baf1d57ca7384c841a379149efa7
SHA256 d27a6d0d6356b21d9d4c3a61beff50feb27b965270eb189bb8bcb304a28a7aed
SHA512 51a8348bd3c9ee83abce43c21d7837d91564c75859624cd70bc0f2f21d1e9a26d06f9f9aa6b2bf3bc6e01cdfbab90203d7b85daa23a4698fd05901e5e588464f

memory/2624-92-0x0000000002AB0000-0x0000000002D20000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 26d9580b434f38474a35c06955a4163f
SHA1 a1b26e7cf68529ae33ead7f529f6197d5afc2d58
SHA256 55fbbc05ed1561ebe8213ae448f7f0b5d4965b03ae699c55b9470279968e8ee9
SHA512 330f5a554487f9321183e758af7c6f6a92e9e60276463b46a5acf416b85bc382cdbfbe18acdaea1a7f8fcaa82b281b801207a833be38a5c4ac402583d0c1ac1a

memory/2624-86-0x00000000020D0000-0x0000000002130000-memory.dmp

memory/2624-85-0x00000000028A0000-0x00000000028A1000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 96935751a62967d96b7bbe0838bd1ff9
SHA1 683dbd023cef30add1bc44110b3e922653f09aa6
SHA256 2b12d19312dc03cd08b08dca85cd4c65179a827e3880ff2e7b3caf2dea6460e7
SHA512 a3bd242b68f6d000b4900725fda3b0b619355b562cfc73c54ba1c72969f4d5e3d312cbccd962c44be9ca7d61d3ed8b4fca121b445643c4fce2e73a95b6503f56

memory/464-63-0x0000000140000000-0x0000000140234000-memory.dmp

memory/464-55-0x0000000000C40000-0x0000000000CA0000-memory.dmp

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

MD5 d6bb05ac256199fd6edb96efd0fe746e
SHA1 ddc63d6cefa584a67520ef6fe7ced4f11e0f6ed1
SHA256 6595c3c8c0413a3a3e0a190ef0b12626c27131c195ceb8a4cffde4def09a2520
SHA512 be5c219d8afc2a34cc30bf18b85f38d1e7d2a5a868d646de16ddc1082d0f869ffbc441edcdb6c022c9c873d21db1987d7b63d32440f617c1ffb88d506bb199bb

memory/3120-51-0x0000000000530000-0x0000000000590000-memory.dmp

memory/3120-45-0x0000000000530000-0x0000000000590000-memory.dmp

memory/4596-214-0x0000000140000000-0x000000014014A000-memory.dmp

memory/464-274-0x0000000140000000-0x0000000140234000-memory.dmp

memory/548-275-0x0000000140000000-0x000000014022B000-memory.dmp

memory/436-276-0x0000000140000000-0x0000000140170000-memory.dmp

C:\Program Files\7-Zip\Uninstall.exe

MD5 f546486ceb427fb3872cbbf27ba911df
SHA1 6fe139035351c9b96343b49abf3192c48c930ca3
SHA256 f06210c6b274069901d367ab222779961fd861428306302669a46f908d5f9b99
SHA512 ccd83352583297863ee661a5f126377b46c7ad8eb187a4de6e8aae64453f864b8463ae94be76567e0a3cb3f18121ebbcdba1e581de0e5903ffc4dadfe20fe8ab

C:\Program Files\7-Zip\7zG.exe

MD5 85a0a7c2a3201be73fdada234705e492
SHA1 5c5bf386aada312a31db4d98bfc7f799642bbf83
SHA256 85f1e93d654fbee78a3d69770263cfb5c0cf63bc3f1b0203c57822e78335f246
SHA512 1d0c576a5459a34c8e938ee8f268c8c86fae5cabbd53b66232da8ce238a9c34d1665c8c5926690099b34bae36b3768560356569674b0ac3145065248963e57d0

C:\Program Files\dotnet\dotnet.exe

MD5 c1c005bcd48a923864e857fdc1f748bd
SHA1 ec38030fdb802706e360ff3f9d7ffbbb14996043
SHA256 97c7d1055412f7b033fbf6807b1209241695e46f940591101a6ed7e27d4780fa
SHA512 a48f035b899dc58f3c81bbe4d4da3bf7a880fc03c7ad005ab4abea934280f16bcb5ae243dcdc2e166fe27e40fbc78228eaec8011dae839698a1549de312e1060

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

MD5 fe7f21d971ff35042fee6aa2a5e5fe20
SHA1 5e2fd341337369fef234d9531315370bdecabd1c
SHA256 382b57474399b02d166017646e6c06fdc2924da2fb0a7020974219c8db38eac7
SHA512 c1803a8d9501a6c68aa0f6fff3022d3d2122e85cc86e6956da4fed4277c030cef1869bdecd1c9b3ddcc0b071cf5dd3e4628de57f53a08bc8ca4867bb4f742917

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 a59782d668434ff94dc97551f18c63fc
SHA1 a0b234a49381b532fd32068fb6288dbfaff0d67f
SHA256 08f428c0a2fdd25cd0ca22e6a0dd291868375bd53bed6cea5889497ea00d23bf
SHA512 5e37034839a24991a62e962b55d6680a0512179d6216dd8c1557e529ef02d3464e9df585fc0ee7e44c4840e8dc688e3fa4874ca519c4c1ad742a039893b0b667

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

MD5 5dc5cd7c521cfc9960817fde648ceda8
SHA1 6e4262fd294f9db5be4443117f20c0877be132d5
SHA256 d824ed019fe3db73a0bc26aa4df54122f9a2f4ecd0c0c44d52c81cd74dff59d9
SHA512 03aed776efc4b3b53b6f2a4de1a7c762fb2c63cdd8c8aa31fb2c2e2704aedd5d6bf2a5b9477f09da4469731905fee7780742c2c378674725ba233473e6ef6e3f

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 bc06d49f6cda051a9a3bc9fbcf517002
SHA1 40d983458ff399b30e195eac18a3fb3c36d0595c
SHA256 201f869faf2270e43dab219609f75cb45009fdaadbcdb3ede89723996a7dbcff
SHA512 47d4ce284754f251352351785d22a14ade0b65db7aabec97408469922c8bb2411e27140f090fe47513a1156a8c66e72464ab89578011526aeff3e966c9b126b2

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 ddf37296f64ffd16df407228413fc1cc
SHA1 23c86d51f2cd00bc8af9b87095e5806e5b5e0b24
SHA256 8849e20df45be1185906260675e6f07e418fb0ca08998c32224d4574154ee7b9
SHA512 e6a4e1f048e0992421d2ec5b5579867bbdbe779e210db4bfb0254e3d675f1761141d8767510179dcba7869b0b893534cd2493002748a5e389726239de6f470a3

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 adcd0391bd12e52ec154788c6024f3da
SHA1 65e012a42291e0ae25ecb95a73a676fe2ffbedec
SHA256 1f210caea4c3c6ff6e4cf101f8550da026a96b77175c9691dedb5f8f88071dc2
SHA512 9e15d1c5e2b08a0ddd44170babaf28fe58c155a95de30c3501e7e6b5294642a90dcd65983513c379340190ac3ffee615cab1593b56640ba27383e11d4af5b8cf

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 4390327c781a5442bb2c2544264690b7
SHA1 3cbb7e40c6001c6187c6c3730c0a7ef1137ac8e0
SHA256 590592abc1742fcab9b3ae4638be28fbed0ced04b8d7ce75a033029a0c04f2b1
SHA512 88bdb2abbf3e3075fe95edba199fe18eb38675a9ecc26e17664975ce1548eca1438dd9aa8045f1a8855f9ae57d4d7a4b2c41caaa9322879729d8b6b0bce86954

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 028cd3e3e288164ba5e0a60e39d84672
SHA1 dba0508039bdd494c3d342b94f226f989c2bdb80
SHA256 06cff36cc71e8d59be509b411a8b0606c17a55407b28014f01be398effd24539
SHA512 a06feed85962231b893593cba98556ef0090beda2a907341544f882e26950de1e944633244a0a42a8dd003423e2dc0f139fe48c4f8a421ad9847518d934dd2b9

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 6a8e964bd1dc0c25c292d4d090f53c95
SHA1 08d5e49c68fab12e0d46251cca71d0f054992e7a
SHA256 9e6f2813c8e1f498896d43466d6e8a6ea8f41295eec35b670ccad8f9aa332cbb
SHA512 02d733a194eeb9706ba80c141109ea848796406f0822709ae7366b6f3ce4e211c629d00bf10ff26360710a3e8adaabb517cdf22cd335b1b650b0fd73e0b86218

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 796d7fed36c08456319dfc321ebdfb61
SHA1 3c8af046d8cd58f795b7d8510ff9df7123ff60cf
SHA256 03834345c454405d38769a9a525f3b0f2e3086af6f8174ce2e49e2dd134a8dda
SHA512 c75db3c6c68b80d462dcdbdac3f7ff58e5dce78036b5a7e0b93d8168caff9cd78b61d5d7c04e925ea1aae4e344e7f4a6651971a8bb591730746c93e7b700d9a7

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 71f6e19052ce908f41a17617b79c4a74
SHA1 0d246a86b3d53bcb0a65284a07c9fd27d31b04a7
SHA256 4e0f50f43b93f2021069869c49897b9ca4cac280a02060bb50ae28780f802970
SHA512 e6413fbfd2fb27df0259e1e17ae04ac7a2443df55f022b694971fd5a16d04be8d526b552e2ab89c52e01947328cc284303f4515d93b0c7f35c3c445468fa0b45

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 e1126e19539e5ffda567c7c35c962a1a
SHA1 c812fedb92caa5791e6f62e3386be772fe1466f6
SHA256 8d0f229dba36ac6763b59ef1fbe1e6051e3df0e5bbec3669cf2069e804df4e1a
SHA512 af59f1bfeadf1260508a74ca393e61236f67099d924687053fe027c4de8fbdaa793512d0c0d455e4011c1836f5e703f76b664fccd416e5d3cd5c0751ac81e60c

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 baa4fbbc3d557a3355b344c9b94402b2
SHA1 2a4c138d54760103a0da3861af4a487886abd9b6
SHA256 638317ae0cb44aa5b11580e3be757bd7d40313a395b009eacf4a1e65b4f63c3b
SHA512 a568de3e0cf484e88fd636ac91eea71039fcd8f2d425fda58b867df90c01c577d9c80d2c12b6ad8c60c0fa9dcb0581dbbf7206d0912565e935f2afd22155e637

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 57e8fa6cd0bc8ce213545cfaa6bbd377
SHA1 4ef03e42298b0f27d024d44168418216b44656a9
SHA256 e40ab8b99ddc44a7d3e64c24a4904b186eb3cd9d248c957d99dc85b35fdba5a5
SHA512 d5f46366d0ef60ed4b853ccd6d1977f5556c46302484a01a7475942bc3386d2609fc77173ffa51e47b7b24655b8bc5916b77c2cad7af715b7d413216a4a51123

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 5602e1f51917aaad75f63417dd299f15
SHA1 ed45330812fd96f63835e753619fa533ad21746e
SHA256 c1ddf117e2fece498ac669bf813b535952a086b0ec34de2ea0c0a9f2b828de45
SHA512 10d14353aaf928e5b5c300f41481e8d1fb1bd3e7028f155dcd2374801f2a628d1ceb7c43f0d6c1a0c15bbea4f2c8a7b7feb9fb48de31e524fe6efb86286222db

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 64a42376d9d4459d55b1a21535e90190
SHA1 86b5554f9928dcc3f7fbb13febc904033be0c92e
SHA256 fb692e11ecfec2afb4d058fcea2d5223fd965a970d42d86538cd1e49c475e97e
SHA512 54629d17d1fd2bb283a97277ce86a5e3efa5ef3226551fd1edd62e184ec10c7c13c6704078c1fa6ad90bd23cbe88f4a467b516b082343f1f63dcb3aa70625709

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 3fbeb965ad4de36a5c5d32a0a51809ab
SHA1 afc6117820a00892cd4f91efb0fac81f6ac3a25d
SHA256 0c3d09d28d8ef2cc39709e8e201511da315380849974e5db412d48f1088de798
SHA512 5264c5169e643bf91e8847a542c17497651d01f8acd86e89ebf9fe8d5db76c5669b915279408c8f7287860313308a11b065293f264cd30c8d3b47c3563ffef57

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 cd854ae9a1d0ed3fb4323090c5d07a22
SHA1 c4c7204c729a0b27bccd2942e3b02f0b09933eec
SHA256 38adb0e08a72d765815c81f6d76f4e004c68f98084e8a38e6670f0745d04adee
SHA512 1c0e2337defae4d1c8590e3d2fba5dc960192b6911dd2789a3d80edeaba2491f49fb57f2bab932b3370d3ab92e3a1139a56849373701f9d5fd0f2460f1c708b0

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 d3998e922518732cff87c0d915e1e810
SHA1 bded5000f3e512b0aef0269a74c8945e8cc8c286
SHA256 52dace2d18c165bf1cf97383fec4e8f7e4a813c49479b38de586de95c7eba5c3
SHA512 c0ce45a2113f158255637d6ab54388023fffcd5c4ca61e44cb82ba7fe1116ab3580060d6df9fbdc670477357b8b542ef76ead9de0f210b10b7a4dd4dc74e0617

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 dd6bb8d855b2ea4e916bbd1eccc236ef
SHA1 bafd525496925d376e4db99bf4e825b8068f9913
SHA256 cbe32b4ce8a417d62eec6c379009611523b6aed66240ad2aefa76812d3578e93
SHA512 40ea262be8365bb6e75fb2e4fb558590bbd04f231428002e153ab78e305b1a0623a2b8759e8c3fca2a4981b2a93b77f54259e24a3f0ecb278f91767890f64a27

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 9fbb2f5c9cd5c3244a72dc91a4b205bf
SHA1 e8c9326f63dc2fc0348f98795690f1498e37b134
SHA256 73d1f047ad243fe13d72e515263146f2b30e8609032a28c3e5f4f5d419b4a743
SHA512 693da4d35276d4e371e4a00e052a9c7dfe8b503eb20d6fc37251c63a895fdc31f2e048cddfca4e28e56c8bad02173689838467875996aa862e8040d069ce9947

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 e4017f3bde2da5968570a8162558026f
SHA1 f656ed80128372469a98162e6afb7a0e722aa255
SHA256 0b7de22763cbd8ef5e032ce8c37718ccef3c01bc39983c6829c8f49a620a1f5e
SHA512 f42a4bebb618496232f85626b27a29df769e8be210a3f5017281039f1c007225a7182b94eac1392f77dd373516951bec48e627c95258ff0d1506f31caf67d8d5

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 7addaeaf0b672c05b152e6bf3e9c99cd
SHA1 c6b7aae1e5750e025ec0e682e2503196914a2468
SHA256 8fcd28ab4bd5a4c8229736285f8ff288544178f5f8acdde9d3112c0dbda65c79
SHA512 fbd58ac2157f5cd4053c7faee25473bd0ffe139b2bba70b9de8c4bcc90f106485daad91edf24f3fd998985f406625b903e1c765ba9f70db8c4ccd53e08dc5f1e

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 f8aee873be566636950865c1e6904e75
SHA1 cd2d8fd7c09ab69ead97736b4ce0d197cd1e71a6
SHA256 3a2945ed2110e3f2eb1840ad58f3d1e4c0198cf4343f9d6765bcfc33bf8a75d8
SHA512 885c18a96cc1c621ccd4a381bf5074148d5e2c94c22f9c01a9e856f1ea7ae85975945609e118abed095640109161b8778498615e4bf4926a351802735277e556

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 f930779eab081284c494474ccdbfb277
SHA1 d5caf93663550ccaf087e1ea76d601f42374e80b
SHA256 41b08ae773627b8c8af2fb2ddc8589719bde17fcb0860e339d533c2e228f56d8
SHA512 1fa982379616da2aae5662cad52da8be7ec0b306e3b6a901d10776eb3eaa1b44ea8c99b0588479c3dcd42cd4851c33c878aeafac7ce65673dd5f79e82632f96a

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 f3844cc708c914c3ae6409e6f6885f1e
SHA1 8099d669c4bb34af7bdce89a2003cdff0291afc2
SHA256 6b47a85367646bc6340ad7566dc03ce33ba9f4194e6780067f070152394b2f93
SHA512 f979aeddbd5fe54b5a4bba82a76ddc20fa042c923ca9425575abf76035debb9fbd7accc2a8234a81a589c1c9541cdaed9be1ff8592d6b83491344103c4e97f94

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 2f0d4e6a31d9de91f6dd901f1057b295
SHA1 45c6928e00f920c410cf91051d0dc3ca27548b25
SHA256 12e0f63f322077ca91c2cfa158e040b0e0aeeeac85415b92c149fb43770eeda8
SHA512 927b07936fa5699e32b86a7d0f65aff078b295aa549249c6fa24331eefb6be053a792b711751160212009449e367445e05448f6321023fc70ca9663b1cb525a0

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 941898caf0214e9c47c6afd445b6695b
SHA1 76b190354dcdf66f094c63cb268ce3aef0ad9025
SHA256 ff3a36ac9ec56fb3241cc7231ee6ffe1b20773d12d296c6a4d36401080a48ab9
SHA512 bc7025cb94fc0f3bc1606d69b04da63ef9262ec44de560a9272ba18d5154dab64c3680f9aac50c5cfbeb7a95e97fd403078dc68e4b0cc0a7332be2f349b68cbe

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 47cd9aabf78eff7eb26129b5c08c508e
SHA1 e7e9cbb7c20b16808d662cd57800b4d3ae4c33aa
SHA256 e9a97362da4678c454b54e5ea902f93114cc6a68e322d975f243affb46410d19
SHA512 d8c340c12caa1037d3e2d8f951274eb67effce4a6b4ddd8b5071a25849926bc8bd5070a262c0b1f7f20ff6654682e72e3518fc0320331fe54c233143ccf55e82

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 63584d0b63f1960df8169fc7d725974f
SHA1 1d71cfeeb601eecb73c8ff9671a7d40737d79b56
SHA256 b50fac7b0942032fd8c1db63227a71d0ddc5e69e731228a59d2643e7cbc1d87b
SHA512 c4badaf137ef7d955979c714e7b2fbd7e781ddb11c5c3f7dbd314aa121f7fe7be52d748ec38c3b79dde32471f912f6563064b55882513ff895b95b8f8845f9b8

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 0baac728c0de23b93218d0779934091a
SHA1 57b90a38aa3723281e13d433d67b5970c40552c2
SHA256 577a31683d4e7a5fd83c48b3b494a960de58fae246c0cde9a0b1dcb3c88b7a65
SHA512 65a7c59da2db547f5146455c24ec0c3ee35e35a71eff5abff7391448aebd3648e0b355c6bca401afea0adcc7f46e5cea4856a7ab0f147e25edce47dd2a1b8253

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 0d0b8833a20b68f57bac0d9af67dc40b
SHA1 8a64f75727599f9fbd61a981083f3fbd83d634db
SHA256 7fda5d0ecddef69745094038856041746c766f5eff89ffdccf18b978ae176fe0
SHA512 3866f39fbd5c77daeeee762b4161fd9349906fb1e6f88afc013534444b4115bf3277de6c0ae1212884eb8bb6b1e0a7fcf5d4de1c169e5b5df568b2700ad3458c

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 1a2df0277970065ed8d67779179e3750
SHA1 ffb8c13bea33b0b98a2449e8134add51522f9d22
SHA256 8531fca3a4b19d3f32eac3f9f1bc915fb4a2926bf3b489174990c3f82d0a5588
SHA512 8b8d625c908dc36ef320bba710b13ddc061b9c0d8ce7222bda12bdb6fe69aad16aca21211c0622a13d55468128927522408cde7e2bbe10829a82e6f32381405e

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 46a2355138fd8a32b56de1a49f19bbeb
SHA1 d85fb38f2006b90f69debfed9dbab63c708f9dbf
SHA256 66ff39f9d7123505f6609548a9222f87578a016cc18b78b460bcc569fc1fbb3a
SHA512 13d3bf4b4c0df36a00c84e1d730d45c1295ec6823d832637b50738950835693e8b1742c06e37827138bf8a017a4c8b3d5a428ab36d399374dee15c73d48e4581

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 9eafe2e3cd34bf6fbe7dcfa3681be109
SHA1 0acd61d7d989e487bc54681bae78f728f0796942
SHA256 7e679da6cdb64acef8fff4c6a1913d5cc1f204db9aadd8562fd6615847721263
SHA512 85f560fd2eda05a60da0eda2f7506e5f6dcd176e188ec4fd700e3db9603afdaf6810cafd994eb17212f9b3e47809afaef6cf16ba907ef81b83338ce32c6a7fe2

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 25a08ac8021271623a98f326883fc175
SHA1 8b5128a813451c333ff5ca68834d047fbb20df71
SHA256 0bc267c2729a6427cb2d386efff1aad5fc5da94aec270fe42882011b11c8c380
SHA512 e332283856e8220610eb8722475f7d17164f4cdc4680238d92f43af416911b3d42f431a59d44cd665021d96e2dc000445acfadcb9d0a39cd784035234d4a65e3

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 9207812316b9ac3dbe7b2204a029739c
SHA1 c0e79b9c555ecc8738cb9808f3bee9767ff88490
SHA256 758a051352e589bccd4cfc013cbb3aedb7041324de19c98f6e75fc75aa2ae4e1
SHA512 62c43cfbe17be47a3767126cd7986b43602f622d3fc688399619b502bc68ebaa463c3b74011b8e30edbf47fb11d337cfd1aff5f96fb8d88304e60c3286cb94cb

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 82c26bbb4ee8b3b8954de69f87c05336
SHA1 11ecc6c7dc774ac519a6403fb43edec4774ba311
SHA256 52ac718daa02513397fa6c7586dad0a40742f210f71e6f2e02f8f4ea34c8024d
SHA512 8ac2c148de05a865ab8f152900b79739654555e1311b5cb49d9080d84597fb44e938853c75594664b64ca363790032cbc412dd1259b4caa35a3ba408fe9adc4b

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 c7d734678ec2fa622c87e36a8750080d
SHA1 3bcdabcdc50c3a786e608827ed48b41914124c62
SHA256 2f7daf5922003c6984e3412e23c721b7f54e2ac2f2bc749498d4389ff3718446
SHA512 8ffa01f2f2ff3e9fce8883c337fb023685c0640400f03cf9e427b54c30bc29a0f35f10bef85804dd87e990975c5b7d92e7c43fcb72e20da9a6ca854893cf594e

C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

MD5 cd1e0e9bb6698d9fa174df98710eb412
SHA1 8963c982208da79a120400e296584a89515eee37
SHA256 09a4a8f0159674c74b8746af33b6e6488ac9ab14ad6bf0b9aa9ffd230b39ee97
SHA512 ebdda28abf26d79472f06d5e8e89bb5ed1fabde6ff284fa11bca2c9c033961ddc4d0fd753ca020f7a008c74a8f8518adf506d523c16c4e189d04441299720223

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

MD5 2ff9c8faa1a1dd7a7807e9f97262e61f
SHA1 286413995bc6a398631262a0605931c5c925b3b4
SHA256 970f5aa688b4a2b803831f46542c3cb417e0fd39d684f18835f8cce1bd46816f
SHA512 10ba109119fb9353ad5328e98913292d57f6a5ce0dc5347bd864eafbb1da8d84630019ed4282bf14fe2a738b56c9533b2ec63cccee4ad15c3f3aaaf95d213046

C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

MD5 477a8c4ef46cf2840f251e9c9b018967
SHA1 58526a2dceb58b805c47b080aa3fcdacbbcd1366
SHA256 f27040fc67a993653ae3b4ec10e02958ecc0ab7ba7715fdbf5444f85cdbc7006
SHA512 4532cfb880eec9f74020d8bd997cc733fa9e63ea7b4aa2a673cf484b5b5053fe0039a81482d9c0bc8581ea7a3c4a29c0abe3b6ecd8e272e1326170d2d29c8113

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 00458d5eec7a7fa92403d02e57d64a5c
SHA1 1e960bd5f419b5e1164c58c9e9ed3b868b606460
SHA256 f89c3ce8e7c333d0c847376f4131c22eca2c402d53150c83e77f7c211fe57847
SHA512 30545de7cbe529d1c3893941f0546cf791103219a59fd26d2167d6a6381519ee8b900830fd40816fc41df0a40eaca50b8d0d939f4e83f7b45e5bc7df123ebaa5

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 ccf65919d09863683e58cf4aac4182db
SHA1 427adc2267b2d449b3d88ac835a32062bd0d6a86
SHA256 d3976cf54ba9a8b0b6a2b18ff548143c18aacdf836f6be6770118703f828548f
SHA512 22da56b9db4c51a8dcf127de5aabb66bf60dede7bc3155c7b26dc4028399a4fd7df12b5247dcb574c33b36271371511d16e889c9bd1f9c21f0e4530b132a91c2

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 507780fbe939c76c5c79f6c3e3df92c3
SHA1 32edfe63450143d572664aede6a073d60435d77b
SHA256 3401fae47f25732664ee315f6f2f10a5d2c031d76993499755a506de64a86f83
SHA512 f7b40418af683e5284540727a46dcc0691f6b23da71386fb255a3ad6f90fa0813076ca99bdc1041a1cea6ed58b3f1668725240ec902d41988f0a98a42ecde9a7

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 013446413b6b4f1c3d105a08633edafb
SHA1 14a919c4925451d0dea0e2ae71d8d6e292416278
SHA256 b1f28d982043b934b61655be9dee7337c2b37395a0fd4b38bdaa76c09488cf02
SHA512 33d9e0bf799bcc8ca5d67fc09958ed842d1369247f51a8856e78c21078a361b8993eb0cad636a90cfca9ec5f4893444e9cea71475eba455ceb6b3b5b7ad0262e

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 18066fcd3b6716515fd194ecdf875447
SHA1 55b976d985451ceb27f1b2dfd93d964b5f6f6291
SHA256 5b6b31b3347c69cb0b6323b9993b8aad574b504fbfde74632ba6e4f49131f2e3
SHA512 a1668cf7c8a79fc94bfabb7861e8160ced6984a4714b51f0c805fe444e355303f256b58367a6e37f91de501dacaa42d89a5b37f2c81c18c32edbb4119f800137

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 4312b87574b0cbab96fe721bdcf61d49
SHA1 d09d141337f64ec8e7c4e58a0514d1e2561e27aa
SHA256 cf4d00c221df7c71898df216295fc5c764172fc58c980162cab648704a404957
SHA512 c9eb5f39ee74c1b99fd48ee50e1f26d309a4e6d28b72b6062e5b847f9822a488d9d3a09c0eeff350844eb6c8b1a2d96954cc69d7b411ff659f99e02e8600a62c

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 17707c5b4bf595cdee9fea88dfddf711
SHA1 5515922f35ff977cc2e75caac02bd2bb24e0aa29
SHA256 eb287a6fdc49a1479fb02d767f58f9e2233462fc349e14a12ad20f0c93221015
SHA512 308496797c62048baf63db723a25e8df7f493ac05de445926ff214f9d9f20cfde171ea37fe5560040d84ca5033e364427f4f0ad799fd0ae1efd171202b70c975

C:\Program Files\7-Zip\7zFM.exe

MD5 856cbcc8edebf4e4fab365332a1f2722
SHA1 0922d8dd214a11250c8704634d5f3a9786ccadcb
SHA256 c390bd9930d579c23da81d8331220c666e772f410d11c2bc455ff6c734ef7484
SHA512 eec3f7df1a485f18802a81425f4ea4d6f9f25447f40468c0840c473ea0f054af4f17905a985561535bd762bf3465b667c1c074007ab77dbef31115e496853230

C:\Program Files\7-Zip\7z.exe

MD5 8b51866f2afd68d0572c426499cf7ddf
SHA1 eb7771d7edd82e9ca41bc3b22dc7379b2836f3b3
SHA256 da3162f065cd8c7f6b6de90f4a1997e1c14a22f823fc6cc7f3dc3a633be3e3d2
SHA512 7f463c2070faa5b9ca6ee0caaafb7bee18b1e223e6f8ba43ee527c2cc5d78f3534280049c083d455937bed0b41e6b198cd2aa7de85dfbf00f4b4d21f1d128980