Malware Analysis Report

2025-01-22 08:53

Sample ID 241027-rghnnsygrl
Target 9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N
SHA256 9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46

Threat Level: Shows suspicious behavior

The file 9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Checks for any installed AV software in registry

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 14:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 14:09

Reported

2024-10-27 14:11

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avast Software\Avast C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\2be1da8b99262766.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG C:\Windows\System32\msdtc.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\System32\msdtc.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\System32\alg.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Windows\System32\msdtc.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\alg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe

"C:\Users\Admin\AppData\Local\Temp\9fa9b23576a992482383cc7feb209a87607b94c296d925bac2e068be99786f46N.exe"

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\System32\msdtc.exe

C:\Windows\System32\msdtc.exe

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 npukfztj.biz udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 172.234.222.143:80 przvgke.biz tcp
US 172.234.222.143:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 143.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 xlfhhhm.biz udp
SG 47.129.31.212:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 212.31.129.47.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 44.221.84.105:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 172.234.222.143:80 fwiwk.biz tcp
US 172.234.222.143:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 18.208.156.248:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 gnqgo.biz udp
US 18.208.156.248:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 44.221.84.105:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 18.208.156.248:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
SG 47.129.31.212:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
SG 47.129.31.212:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
SG 47.129.31.212:80 mnjmhp.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
SG 13.251.16.150:80 tcp

Files

memory/2436-8-0x0000000140000000-0x00000001401CC000-memory.dmp

memory/2436-9-0x0000000001E60000-0x0000000001EC0000-memory.dmp

memory/2436-0-0x0000000001E60000-0x0000000001EC0000-memory.dmp

C:\Windows\System32\alg.exe

MD5 96c391d7851e902d72f26630ca79c0cf
SHA1 082a0c60efc2d8281ae6f61d9917fa0b43c46324
SHA256 acab6e7f251a84454980e4b8d6b7f0db518832caeec6dc72634237f0d4f0cb1a
SHA512 4baf03f06f28dedc83396563b7fdc8039dcb494413c3f7271763dc56c1a25626fd95540cfd5b57638894acdbc13c369aa738d77316f16114779d6cad743cb29a

memory/1092-13-0x00000000006C0000-0x0000000000720000-memory.dmp

memory/1092-22-0x00000000006C0000-0x0000000000720000-memory.dmp

memory/1092-21-0x0000000140000000-0x000000014018A000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 2b772db8d170158a7ac1bfac113e530d
SHA1 0b1ed01c30fe4f7ec7036e953fd941db8bdac33b
SHA256 9d01b6a87f0e34c76c3cf6b865d83aee40154b9ced2ba7dea72b9f6cab722c90
SHA512 1b5b757437a2c5e21f4d3a7a92125f7df4fe9f990fa7af8e3b68c7d688d204e5db34a324383a20b2172d560d7a157a48d33912f496d1cfe8b01bb92695082041

memory/2548-30-0x0000000140000000-0x0000000140189000-memory.dmp

memory/2548-27-0x00000000006D0000-0x0000000000730000-memory.dmp

memory/2548-36-0x00000000006D0000-0x0000000000730000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 9f2ce2097f4e33b80a748143d9211e3d
SHA1 3fb85bbd243cd6857986ab0d8595a53bb19738db
SHA256 7ec1350b4fc88777e10bf0f7bc288fc0819ad7251bec0e6d404b7cc59ca1549e
SHA512 8d43b4a5c89cb37563c7b049ab799d0ae7cd4c72ae6e204aa7b7c3fbdae6b02f7d9a6d207e38b8768dfd9a483c032da785c9952057feb999494e1b5f5761c43d

memory/348-39-0x0000000140000000-0x0000000140135000-memory.dmp

memory/348-46-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/348-40-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/1944-56-0x0000000000C80000-0x0000000000CE0000-memory.dmp

memory/1944-50-0x0000000000C80000-0x0000000000CE0000-memory.dmp

memory/1944-58-0x0000000140000000-0x0000000140234000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 033101e15539cc477182863c8fd120a1
SHA1 cfe0effaa7315997799deb1d106ddaff5c81c264
SHA256 53098dcba7a8a6a23fab936a5020b272b2f17436150c4824d1e0cc142b485806
SHA512 18864155cce89bc837081def18e97a3f71d81b5f2d5798be3314b65abe76d6c00d7cbeecf3d1ac4dd7551096ac9b53d1b68b67f1279b566008f9f07e9595ae52

memory/4616-67-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/348-71-0x0000000000D80000-0x0000000000DE0000-memory.dmp

memory/456-82-0x0000000001510000-0x0000000001570000-memory.dmp

memory/2436-95-0x0000000001E60000-0x0000000001EC0000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 604cb0c603437b0724e3c79a4f0b4c34
SHA1 eeba6dc981e853c349dabdd3679785b98c6e7e29
SHA256 ba84045d02488dd9b577ad679a1334ffa3c402e96a121c1092dcee6e6e31e6b8
SHA512 0b3c877510147c2d3333445245e346ed3dfe56d5fa8ad751844171d63d7f7d36b19e7677d4f272f846533458b48f05a05b7798d28cb556f64d32723047bcb097

memory/2436-116-0x0000000140000000-0x00000001401CC000-memory.dmp

memory/2236-117-0x0000000140000000-0x00000001401B0000-memory.dmp

memory/828-99-0x0000000000510000-0x0000000000570000-memory.dmp

memory/828-98-0x0000000140000000-0x0000000140199000-memory.dmp

C:\Windows\System32\msdtc.exe

MD5 3c174557320a1a9fa49d0825dee4f244
SHA1 09417c0ba7bdf6db4093c3ef7e9aef3adf4ed6dc
SHA256 03e2a88d33567ea08e5e98581d83661422604cb36d8dc152e3055e52662bb239
SHA512 c55b431618ac0da7c98780de59ed5f0949f36b25978d1ff879907df4bb2701d2120bafbbfe1215330a1ff01425b84fbe866c832a88e07b1efcd9583e29c26c69

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 08258bb556630cec0ddfc3a595c61dc1
SHA1 f9e9a22dd99545e6776d3b23f530d65848ff7853
SHA256 c72bf869f63712b988bf6fae6828330d1814993ce469d51f895467271e2941ff
SHA512 439d2d42e80e2b6de370b292393aeee1358052d71bae0f1eabf8df34261e3bfb10977d5dc8c324ba9c6ba46041128013ba5c8e130389d24f87e8bb71e425bc06

C:\Windows\system32\AppVClient.exe

MD5 c0e5b26f7a6dc2252b44152e4844dd4b
SHA1 b542e036621d6a2d5efa66a41ff80194716857f1
SHA256 ddb39928da396dcee10e9438373c203e875df1a7e3ffbb53bfa0ba7e789849c3
SHA512 774853d165d8d1adb755fc2d45f750342b2edfb1d7d2148b3f1fb649ba068e9ef21cf8048ff16dd9ba3a38d78330ec41fbe45bd8ef7997c5717da62a0e1eb20e

memory/456-90-0x0000000140000000-0x00000001401B0000-memory.dmp

memory/456-87-0x0000000001510000-0x0000000001570000-memory.dmp

memory/456-84-0x0000000140000000-0x00000001401B0000-memory.dmp

memory/456-76-0x0000000001510000-0x0000000001570000-memory.dmp

memory/4616-74-0x0000000140000000-0x000000014022B000-memory.dmp

memory/348-73-0x0000000140000000-0x0000000140135000-memory.dmp

memory/2436-69-0x0000000140000000-0x00000001401CC000-memory.dmp

memory/4616-61-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

MD5 b6f4f78b18fd88e06bb42af10fa6141e
SHA1 1d9dd841dad2b7d620857bc19df540cc3662a12c
SHA256 4574b2d52780c24e4479276b10ea512cf43663b4762705418858b9f172c82f1c
SHA512 af33438c0694532db24e6af6b40961e07ecb8eaed51cc00263d0d0b5987744a1058ad81de60a27cdd9fdc5cc8c028169a52dcf7576991958fde29ab1467515c5

memory/1092-224-0x0000000140000000-0x000000014018A000-memory.dmp

memory/2548-273-0x0000000140000000-0x0000000140189000-memory.dmp

memory/1944-277-0x0000000140000000-0x0000000140234000-memory.dmp

memory/4616-278-0x0000000140000000-0x000000014022B000-memory.dmp

memory/828-279-0x0000000140000000-0x0000000140199000-memory.dmp

memory/2236-280-0x0000000140000000-0x00000001401B0000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 89bf2728c104fe2bec15ff1d675bb126
SHA1 e49ff44fe43ba54e8e1d29204a01c5a1779b3346
SHA256 327cdef7a6a09ad6596e1e2dc3135bc9e22a1ff46464f290852f75dd1b40ad80
SHA512 7f135797831a765e5d9255b15e129aa98be91529c6d5b7affdc89e6a939679ae735689c50154df199542ce6c1cb50e49a1e689995b1b9a7c027c09a686a2f8b4

C:\Program Files\7-Zip\7zFM.exe

MD5 0fd8070ed92e4f601912cee2eb0d226e
SHA1 9ebce6ffea30630d6613b3e2f6cd2798de48a038
SHA256 22a055b245c77c816d82c671b99d031531882fea994ee4af49bd8c76d4975790
SHA512 dbfba5096df1c459138f2ab519ca424f93c69f7b2919f98c526185de7592b11166eaae5de410d6b7977124080ae4c54313cbd6bac6478c1ae62799d89638dcb7

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

MD5 f1d005b20e1d5fe3fe428b02222e5573
SHA1 c5abb629a7466afd9f93521ca6516013eb18f5eb
SHA256 0ea6854989f8f741a79b76154b268fad0dd72fe02949e88cf3d7db6f8c9eeb2b
SHA512 98cc1b2fcb5ddfe739ded8ff2008978946d20159d0a520f471fd3226c2f51968aa39c7d6f3f28a8efd8c9179b0fdea714fd15c7393cef3248bd8360deb754ed4

C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

MD5 76d16dc9dbfa574c659d2a705ad6857b
SHA1 6db78bd06ef10107b7cae7e99ab7e57fcf26ea98
SHA256 4f3bd46d26e0a382eb1cabd430b4fcf6f1e375cefa4c74be14b9b4987dd55a4e
SHA512 a0ad3d12f7dd235573e912099eb533396cfe0274769d3b29df880e507305bf349f337ae7a01c717d1d6cb5f2a0c438714633174ec0c0a805149e80f2c688ecd6

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

MD5 4d7a188e0c7a6b502d207cba2e2edf35
SHA1 2811faa817f961e7a4dbd7e3a313117567d7a833
SHA256 fbeaad51aa4555d60c4f8e78d469598f1401a841c7c86734ce393b4888a1fb30
SHA512 402598a097bdf9ef39c78c7ca7cea6f82924df2055fa1b310170f4966013a78bee1fc12dea1ea0cd174b6481f6e91699b420ab87e5c82c93510acc1667da1a5f

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

MD5 3d80c40c279366bd1fb6ef6d11dd9a1c
SHA1 76acf4dc392efba7e82b266bf9ac1aebe1761e4e
SHA256 fa02b8bc7bc4ee05ac82abecd6e1f2a14c230777cddcf39bed393a04995937f4
SHA512 90fed8d410c7f85ad93ec7ac09bd2105e55b9a8d0ff8dfc8cf77fb32aec2cf1f5dd091a73140b1153e874f936bd4c0c870bb99bd82e064d91b25b38672e7b6f0

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

MD5 a914fc52244710fa3ce6eb987d9b2b8a
SHA1 c314e1b39dd1be14d56bec20ea86e8fa317fbef2
SHA256 b430f3d96495be28fa975f2eb7bad82d0744166abb6f9a1ba883613bef04534f
SHA512 d69521651d28cfbaeef98b571d6d3ac1dc92f00d38ec7b257f77faf25f67e8bc2f7e78b5d643efdcf68df7d1568a1d316d310ea4d137ca5a72f9bf5185b220ef

C:\Program Files\Java\jdk-1.8\bin\klist.exe

MD5 5500ce848625b01558e546fc0f539c88
SHA1 61e331f4557d672edfba5529a4ab66beb84baf09
SHA256 689c5d2bbfb9579cc1b5ba9dfdd23b2490410070b3c1b3a1daed2a2148cb6a4f
SHA512 9379b8e8ac25e4458ec5d2a45bd3b196be252c67d712c8713d7f8ed85351ec89184468419509e3dd863b0b47c90d9ccc2afeff4f36f9121d843b303ecc5aa5a1

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

MD5 079ad10ec52785142ab7dca43f8f3f40
SHA1 900152eddff746914741073ca2f9c880dc037708
SHA256 5b2bc057ebd5430f5ae318a5e6b7f6a73e6a87390da40fb4db6f0c5b54783253
SHA512 aa6731f0c58cb9cf365a50092a7ec06cb2bceda8b9e6fb4aaed9d45ecaa7e6f5add0dc8a5492a9faebd2853888d5536c9fea6f617ec58fbd3189c55caf0cf5f0

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

MD5 94fb6aea451d44b6598786716eaac0db
SHA1 323c165d432dd599d3be55164d7a328d68e883c0
SHA256 6e8efcbaf263a89c5b897b1877c8f326c6dd3a414b4b3434295c6c8c570966b6
SHA512 67a109c202a42000090af1b2b51f0f5504df351baf8beae4d7938aef5e797de2ca0f85704a8b3d755ff25a6372d1984349ff04f269294dd5fcbce0fd5ddbb5e7

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

MD5 05180b94ea98daf1524fcf1562d0591c
SHA1 633f6c1d4616f4c3cbb5148979b3664f1c454326
SHA256 8449ca626dd515d108ab67440eb9e9acefdff86769ac129d3ab228e0673cdffd
SHA512 d580c62f057018b5595c276a05d076540dc1dca223f4fe8f4880085564127227e145fea74fb84683199ab607fb15b0b532f8ef08064c93c11321122d5ce05f48

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

MD5 f99a71e9c3bc618c65b2e099ee94fedf
SHA1 c4f1cc63e99505a0fdcbf7c4819ce83e040b0e21
SHA256 11f1913b92df3af118502a21e3d2e379f8fab3bc3888676ad63a0d0660e5e19e
SHA512 81235ea7232c5758147975289d18a113a1480b3ac9cdd22639eac468e9d8e79b724a152446ea14822fd93977877e9115680bfcdf124f8273ac35f29dd6bf63dc

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

MD5 40875d3637a8d8a31844bde67259cafc
SHA1 d08e2c40ed4be5de2adb0fa5b3e841ce7a94ad9c
SHA256 382fb281676bf3708a467eb3804aed154ab00f48ce0bb7854a7db5ae8aad08f5
SHA512 420022f883dd2c4993a8e044fda4d7b28e807b6e7adbc76b8ff627bb167c6de75f8fed903da1e3a0310169c6eaaa71a9765a4cac7992c521fc1a05fed32c1b74

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

MD5 4070174ca018920ebeb68e7229e1a37c
SHA1 b6d5fa3fe42188f2f113eb35978d533d5d400451
SHA256 d008e2099faf09fcf59fd9f2d02695d95c2ed78b86842d57db6a733d600d6830
SHA512 1fed620c9fbd339d40d905455fdd5e1e9981e84c598c0208dec6bde9fc5d193299493df53d7f86d72299e53d8027ea468112e73fdfaa24ce58c085b02c12703f

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

MD5 af7ad8167c44f0ac491e9a90bc0f2252
SHA1 03bdd50793213c9c5519d219040262a569cfd0d8
SHA256 a0e7267e74cbf6a0e8ad97811eeda084a79cbec0d326c8b0b310c49d67374aa6
SHA512 22fc117fbc3dc2950c0208ffad3c47785636dbfc97ebbd9496b4e38cae8e48bde4278cc2631dbd7ca6677397d94d87259759810f0ffc329127fed8deac220172

C:\Program Files\Java\jdk-1.8\bin\jps.exe

MD5 7929f13a7a95fcf2f4186c60652f9525
SHA1 6adf9f287d74c299040902c06ea25a1cdf40b31e
SHA256 14fa4b82a5ecd860c976a5cc6d5e6c7f23504662149a623b0670c1d48077e96c
SHA512 13870c2bbe4a086a51d50c020054b7aa20d18f37c2597f47c71e0591cc259bf0978ca72b7685ad7c27b70d29dfd573e4c4db85336d442fe7c596a23726e2715f

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

MD5 2f5d2a0a67fe2a4c0f839e0695306c23
SHA1 017146ea1bee8c30a43bddcb22f7c4a7f0adf3b8
SHA256 2b52aadc0fead95813292063eacf8870e906b1ba0bb3cf4e706b06d90c225c06
SHA512 8e009e189076713c1be1263e45eeaaf0b7f3d4150467a1f1c13c94a21213d874584184eaff43ae493ceefbbfe4d757d83b53c1d8a9ce6181af283abe5ac930e5

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

MD5 c6322ebc0138d4cea528c0a3bf87720a
SHA1 a0a0e31562a0a157f307429012399c48291c223c
SHA256 39eb71e99fb1183c37a161c619e3e1e79bbacfcb73beed866e41053ae5064a4e
SHA512 35d218f11752ec606d48a9ac58431b33a64aec8d086a3623528011671b4cac200d912c485d53c9343b4716bc007c41f5607961a517ff9d5053057052598a7497

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

MD5 832e950a98a9f85273a6b2231dec73a2
SHA1 ced76033cbf0dbdf1e9f200443631140dcbe9db2
SHA256 25c09614620219f134239a47ffdb82489324bbc204b9d721287469f93f0588d0
SHA512 b5b29c753671281ccf3b12830e52ddd4aaab87025842cfa5dd9b08890b0315c13b83efb8751afc1dbc47194eb3ba3e9bd5b6823a5b61d7df2598b117b267730f

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

MD5 015993ca8d68d127ab161962afce9da2
SHA1 5a7529c3044a4bf260c882eb8f31bf01f3d93fe5
SHA256 6038bf2d6ad798d4e85dbec1cb25b78929d1059effaa35ffb4cee2d35bac32af
SHA512 3dd4139c9376bb8c771c02dbbeb896238b9f56088c6b42e77d28518ad72ce53a082b2efeb942a398fffd56efcedacb5323a4acb95cd476295d92d4bab61df71a

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

MD5 5a8183101fc6016a75cff7e093756321
SHA1 03394d9059fa0787b3ec1a2cefd87a31dbe2fecd
SHA256 b5026921251080b2d65bfc1270b2bb22d18ae4ecb3059e54d95dff22d279a76b
SHA512 9c8f473595fd63aacb59939634bfdc0e58530c77186311d55d9ceb03657b315b71b9977afb83fd1f9d2c4ed24d7ab58b072e2922b76d6f3842c1cff5df971db1

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

MD5 c909b9c32d02cced5136cb0f8d5271a5
SHA1 9ad26ec8c40db64f03c2fb0c75bf4529ebcb9844
SHA256 8bf0a8ef80206fabc0d4a85966e14c2fa34ebf6d226240ba2785fecf63c4be29
SHA512 cd56ac15bfe60b5c88a191fe8f98c5bda847b2ee874103eda476ccec4c4959222a37cec2e1dcd3474ec36d03599750b1c0681daa8b9b1bab63f61db724b4b235

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

MD5 35d2a8f67816688dd7342010c42b2984
SHA1 77baba145cfc3cc684fe86f6dec0268afc099cbb
SHA256 89a3f705b569fd4943b9eb4888dda47ceaf6a6f93d8cafae3f7d2267628048ae
SHA512 95234a49fae1f10555afd121b6f70e28f97d7c94cf991167887ed21d307953c5860d0fe1dd62a8a94da1abcc58994921aa51dc369414bccdc19275f07819cd5d

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

MD5 37d43d07340d62164386518a9a6b7e30
SHA1 0c9090006d942529dcccab48ace230dd3f7bf4ee
SHA256 efc9c137b905e36179ff718bfa80339ef0d7f70f4235d07ac41aeb947325514c
SHA512 64926b5975374d523812be70220531bba1a188e20410f58b5ba1d796f3a9e8fa314562f663156ca8d3e8ded156e5033431eeb1b24620bd877e71353eb4ecebce

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 52b75e13756883ebba60d8fe97e08a7e
SHA1 4d8206a5882535f66e616453e5cde49c073b285d
SHA256 6e9272004bf2dffde694561793a040436f6b8e44304921c34d29776d1b4145f9
SHA512 7e79f3309bdd81f0cdd95ed200b7e72248ab611bab5a0d8ef716a6dc426b213817807997846b050a059b12609228adfb6ede569879c82360d0aa826d7225c8e9

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 33b966487e2cc7c10094ee4e8f9b37ed
SHA1 32d2d698f4520691d64277a2a8dea406ea7fecc8
SHA256 a6ba5bd5b2bc1039681fffd25f4526cacc24ba78ee37a330e3f7dea8b9ef3e4c
SHA512 4ab75e2c627ee041d5a10000a41d7608a3145650f9668f7d42c5bddd5c3f84a6981c686d458fcadfeaa5b5c26131171c9a4db812890192f863c0fbec8a612750

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 46cd5609ec3c67178c4ee341f113dbdb
SHA1 fe2d7e51e7b610bc249961b8707b9c9f5b28c423
SHA256 0ecc9da2a3dc67fb463c778d3e57439f4185211f969d7dbd293d224bbfa70025
SHA512 29c5473aed7c495f6a59288677197efeae2b213840d5d93809cd2b819eb6c4ae607d684796f65d55524bf33126ccc2fbe6dac1416a70055ea729e287d712f19f

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 491cee92a7ebb10a9f4545294313dfba
SHA1 830148083b216ba878495ecec5d8182a5ca5d664
SHA256 a3fb1d1a9e3431e6522b69981069a0a5a38407419bcfeb54aefc3275d026d6e0
SHA512 26fa1e241ed91df0c4d94612182599bf28988768c766106d3ce951d893834a2ffa2f744d21c8b86e9d5fd4c8faece38641feb48156265603df0a8f20c48ee502

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 0f1f34578973b16086367c68a3620ca7
SHA1 1714e3c0228ce47d54dfd1008882349fab708323
SHA256 ea07cd10ad45b6112a4e29b2297b16948f96440a63dafadc8e395c7281067b55
SHA512 4fa5cea11bdb3b2c019e14086394681bae0c32fc2d44e868e61893c58839a4a860b329788771b891b31cac54c15f03437cfa77f0ebfc37c0143691bb1c5cdb82

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 7f542fd1b8ddaaa3ec7632163d9972c0
SHA1 c4bb965331e2c7155e5de4d640b353128a91f82d
SHA256 d23f41779880aaa6fd15c578fadd153d011381e34927480554c3688c85e13f1e
SHA512 7e91e83cde4f51a1621f1244a581287673c5910e7921e012435d0c8c2b41b756a299abc9f38d83a1b9c976fbb49a1ebf74f121aa5d95a2846840a6859df8237e

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 24ac4e01c32cd6a8aec35da3ce7b9f1d
SHA1 9ab8d71abb5d81f7a9af1c8d88b6385381b1104a
SHA256 52ae967d99df9ae2335cbf1a200630c63022694010e8afd31cff05d11347660b
SHA512 9e1c4aef60cc67383e8f7675a529dd8a2343c65d03d4b7c164927354f1dcbb55a96ecc66b06c6ea123e0417e5ca96d6bc5bf7557a04023d5e6e604c51597e05b

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 fb633bdfa330bd8ff64a725ec3d6421c
SHA1 efadf995e22eb6b57ea42691c8ee37c39fde3e6d
SHA256 15bda4c69fbaf3993d2c3ceba26b2d313d79083e842f46fc3b3ebac7557ea2be
SHA512 bae212b34ed545d43eb9cc3bf071a7d8684c9be41af4092472c0589cf97543ea1f88172c703742944119feff295e720b9cb8e93763179da5fed4b58126c08678

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 7157a526993c92f872979e3224bf581f
SHA1 6501f2bc8ef0b062da6c791c89e26c2245a36eaa
SHA256 d1b0a15f37f886cb0b3b4e7cd7f351719b3c089f67d4f4799e76c641addc1b4f
SHA512 158076c2828ebbccb87c57fd0fe289b3f390cdfadb72d6aff0fe1c4c25e5f835db8a5522523cf416c308d126712f428bb5464318c3330a885dbe6266ecfaba69

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 b2866d419d81ee8223929a663bb080dd
SHA1 6a25051a6ab9e8f54cf7cdbb9d819195729602d7
SHA256 a09fa63e0e7aebb245084b5ca266f7e69738c585e83c5255aaf123df7c50e8ae
SHA512 fb3828ae41976c20e3678b13b0b6efb0f5f2fcf377faed7090c408cf39d2117a107341f2a5c01d7dbe9022784aaf5e909118e9e574e037c24b52b937168667b8

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 92de4602cd56c52a12449f80ed5bab74
SHA1 06d3ab062c5685048769ec69367f3e0a718f743f
SHA256 09ccdab78a812be4aae5464d729b3d7a184204185eb440a8ec846730b051f498
SHA512 381c110141b9a8e00e6c328a3a8aefa04a42929529ad40ed354c1218c19087d73f3badc13f8da249331d820a02bb5d9f63238901f07c013e192cb70a600071a3

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 338817d5816a1bde1e485a24f5710dcd
SHA1 e1c51be1f3f45953123a4c8ce59dcbaafe894f30
SHA256 f6683666cb268afdc8b634f95482053350f8d25a2c7321af64643969e76d1b76
SHA512 fadf5927a693eed1c84719398509a8f306f84e355c82350cbc10b4c009c01f84e385b64d9754f04a2881d3eb471caa51a0842d4c076b6c816883c17c4a3ea169

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 349bb5d318809d22cae497626122802f
SHA1 33b2322946818b041fabab3a275571262bdcbe22
SHA256 23048c0e2b3cbfdd547402174ebe1038f3086d4542dbb36ca329f76d51643de3
SHA512 5fe28b16797c9f270310740ba9f42197606cdc7e574ab40727964bfffe5da207a9ecb6838298f1bae350cb6a3d9c4ebacc817ad16a125fcba57fd4e5c0d7aa03

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 8f1c59294b2c7f37047378b1046db2c5
SHA1 3a99148f91e69a646a33a4430642b94b21a199ae
SHA256 6551bbd37ea1375a30ec0a7f0ea191f258ef94d49cef83e65da34bf2ede840cf
SHA512 4299fc9da1d47d199997dc5fbb0b231c1d64a1ea36d9875d038a18fbd2b8a832ebe48e7aafcff153607f8102087ba5cad7bdce58ffa778fe7f7b10c966dbcf63

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 241d870a61eae9ce8e73c4a5224f9c61
SHA1 80cdcf34c4e9d5c285afe7184d8fa7ad9e03717b
SHA256 ab04c5ce5f819b45dd923d972842b39d6ee1f21ddb486b5c9e9716eaad71b484
SHA512 7375a7144156b6b68e6fc13ddedc41f4f6607d357ab0f0c3790f5c5e14a77302bd6319ab05a326722c3fe4998a1076e8e9150d7df9571db5a5f199f93f54e9ea

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 edc6da18b6c9f24c29b84d30fb33b09c
SHA1 fc2a770918d91db6542a63846888177f744cbecc
SHA256 1e5735925622be234b8e1c71e3fcd1395ff7741320cd61c6a76e91fb948cd2e1
SHA512 9ce6ebe026e7189d8a2806529b6a8e8d5e9453911aa6f190b25ec003dc3188c5122fe82ec2066388834e4b2dd1bbceff7c359de667b3b0552cbfbbfb88401acc

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

MD5 d17ecd9aab9919f62dbc4b83cf872810
SHA1 ce0a20091e106d46b3913ad9521710fbd4e44ce1
SHA256 73693c3ce7158df1d756dc961893302b97289414c9b1f715513b150e2e6fb396
SHA512 c2d9ba54a6030773a16c21a230da9d696c0c8a939dc8090169dbc1941b9f549dda6e92d4c61fe71d52236e7dc664d4f69c1f58d3f3e7fed94017d3b5f48b1384

C:\Program Files\dotnet\dotnet.exe

MD5 9083b6d977d9e70c585fb654fce98f34
SHA1 deaac5ba9deb07c2d77d21e7f14c59ca61f0189e
SHA256 135259ef9b5cf61465f54c43feaa05173399e51afc3e8f3c1a0fbd1970e47393
SHA512 9093e430188505316452c6a3b7322a8006dac361042f1f6fb36dd1ea0dfc3606dfef4d8142511108ba560e104be5c722f52bdd23dacd1fcaad836d2d8f97d832

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 7f69aca4b49ca46b63bde488d94fc1e9
SHA1 44c69e304fc1cd3ada8705ad7927b594870fda50
SHA256 4325e6624d97ddf41de9d5d9cc285c5190335cdd778f11c37dc1e0a90de4988b
SHA512 d5e206694a21e72a624d3657fe7a11ca59ac438329dc44acb6f81e01c82256c7d9b71347429ac198293390cea94e0b395c7fd14ce95b7c7534faa4f1f42ce940

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 f71aa049eb3319bcc21ad3cd872370ef
SHA1 7d9b888fd44bd24be5601c72115372e515eda726
SHA256 44864c43d907d45ede44a75a381a8b7552e3e5676c6880d8b4bea6e6bb34daf3
SHA512 70f2cdabad91f88fd26d63ffab495683a00b4b94b0dc86a9c13e80319155ab067b9e0a5142852446cf65b113adbaf55a5165a7272e852a97c85053c4cc310a34

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 0a4e0db64783b71a9a0bd882c3b3b416
SHA1 a8fab83649bf06961eb3a260367ea27480a026ef
SHA256 419b710e14fd27dacbedf46b6aabf8e500feb2cda0845c68269283354ecd6f39
SHA512 7d5ea3d88ee61740a09debf6415815f470d6a53760b77ef98ab43d42d5b7f369e7bb0b3391886932e15b51ad05c0eefa1eb9d517779b435a9a534a8db20d7337

C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

MD5 7d82d0acf532dc7c32299afe748f067c
SHA1 45f9843ff1eacdd93723cbc00f8ee12a0f25571e
SHA256 ca4a4f3c56af1243e231ff0257814eca72903608d056f485eec6058f4ae863f6
SHA512 dcd30e51ad5ee97d68c54fc719bb851eb0cfdcde7f64991c569fca47b6eb1098835d8c6ef5498226559bcd03c9eef94e4e154405c24feafb22e1dc4f559d6903

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 65e34dcdb042ffe60d119d18b5fa93ec
SHA1 ef7075c5f8733e916715d44ac28c134065ef7bc7
SHA256 6c1cddb83ee391fd5d46cfd7a60e24598ed20cf6479fa2ee8019d0a47a5f58e3
SHA512 7c18f3bb51206daa32e9ae1a3d8c56a91b742e32f8e9d638be300a22639ecc31a53028608e2ffd673e0c98fc33f815c496fe5a2e67206032023d33d98160f70b

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 4a894e538be1bbbe3aac078eee144e07
SHA1 fefb765e93343163da2c00a47970c63b2a202697
SHA256 0266c7e0ea3c723935ab4f298d0a7d52f7130dad5f15077bd5054808e1689a17
SHA512 5f070ae8014a14655f14d888bf89da582ddcb1c972c9c8711a332d3f5a1c80c94459cc5952878b0dcbc887cb05045577a1205ca9abb73961ef7a478c0c1b4b36

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 20ec19562f875c6646d475ec171980ea
SHA1 e555163f459c3fceca4e36da6a524034f6e00c06
SHA256 1b5a453241eb40f07379d80b220c1f600a0090cc2d2fc4f2776bb3ac27b7bceb
SHA512 e3726336a5c2a2b9370df063c24d6dfe47e32f30087e1a49c1053040b2f59ca74b56b7194a20d14cf157a72e6eee2de7d6a01954b5b23a5351ec5fa817d3eb83

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 d2c9335c67b149f0f9376ad143d240d3
SHA1 50ba5046247b212c6f10cd9a860cffeb8ee09f62
SHA256 27201c0a3683319cb2b9ec596e37d4773757ba44f1855119c138a5c85ee7a074
SHA512 c688fb6947d81f036547e5e885c80a6b32871ead4152f3e8f1bc9ecd413461ad4baca699248c4ee68107a602791b37d1f8e1db09808b6db36f2ac62dd3068b02

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 e56a1c0c0f68102584066da18de589ec
SHA1 9e2ed37d7a909d5f86f8a110100610525a1c1a00
SHA256 afc8e2b314ce5e416ca2f72e415f49217669a2bb956e6162128a304f88344c8f
SHA512 1a21fa33cf3c63ce420a60684ff6fd18c52c4aaf6d5603cb189d8f19499e4e231bf5c1f93d7d79eee6673bf05c857073b654c31ed30cf6e74f8efa8722c31671

C:\Program Files\7-Zip\Uninstall.exe

MD5 3f3f99300a0021cbf35339f144712982
SHA1 8d484d616defef80552652723b76d95cf6a0b54c
SHA256 58c7d23a53ed0e8df29883d3f36b95fc83daec19cd9c3aaf19d0e43c81ec605e
SHA512 7faf9ad9d243abd1d55a8b4015d82347073520e405b6be6432834132b1ad10d80913a615e8387fbe93239e88e25b68f6ed0179f649bb0a54adbbb057b0fb0d4b

C:\Program Files\7-Zip\7zG.exe

MD5 bc06d20a9d92a459d80c3046a9b988b5
SHA1 8efbd32e2034f2ab4831b21dd35897928a4e6dea
SHA256 06d97c25d83158b7bd1a14dd61829c669e676d8f1aa41aa20aec96724621345d
SHA512 0ee6c815e7ba84ca185506d8a29837896e54409689682d758888980bd0b5307301c22e2475fbc6e9ee33c2642ac7854b6f882cf69d1704fc5da09458ac889e0b