Xcitium Cloud Verdict

File Name: virussign.com_5c9bbe8e5b749efba278eabd96c9cbe1.exe

File Type: PE32+ executable (GUI) x86-64, for MS Windows

SHA1: 3b48a7ed61ab4ca62ecd8591bfdec38c3cf0493d

MD5: 5c9bbe8e5b749efba278eabd96c9cbe1

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 64e01bbb18db9e55bd62859aa84aff6b SHA-1 : 4a1da05e02790820fd409ab1b6f8722e2696b90c SHA-256 : 1170d0a3c1dc29d71994adffc1d9a15197547b8863b90f778adc8811b04b979a SHA-512 : 768f48278a061e7b27faa9051e8fdad3c7edf3f834eb7c8dd0d9df276607930d6b92f3d7c4738d1325e279e53031e2b664701684c7dcf8bab512aacd833159df Size : 1563.648 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\policytool.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : d94ac19bc4158dd24ecb857f2a184599 SHA-1 : a10600b132b1654b24adb49ea685ebdb1e8671de SHA-256 : f75f660897b72703badf897974163098beeb2762e5ffc4e530ec6690fa42a916 SHA-512 : 9bc7ebe25796b8f9667f4ba40583d8a389f514c523f9539e099b776dc915f34f5d9831d6481b222f65c632cb037422ec1a957c56b62ccd68cc615440ba9c7cfc Size : 590.848 Kilobytes.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\nacl64.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 2fd303b97b164f44e94ec7e408e91665 SHA-1 : 9d151d69b10df8faaf2089739a5f193503f09ecd SHA-256 : 8bf9d61d12790aa0aaf81c90885951a30e053b32719eacc3df345deff6ec05fb SHA-512 : 26b0581d8bd60f42724c46d24b3b035c81493a33e0103c2f71e03fed1d692a2042b4e9fe6b1d9bf6d5dacb392ea75ebf5ea09b9e0b55dec014d544788086708a Size : 2732.544 Kilobytes.
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : bb82b31b36287c97455455a68a5a485f SHA-1 : 2ea3e7efffd49b03b702ff6cecdb38af248aab08 SHA-256 : 6580c717397abda741ca9f9e367eba8546d070b7636fc8881e2bb7a0fe905384 SHA-512 : 756ffa3bdc834a981913e84c0ed113e575d766c74640c23a708c88e786d5171321d89eb0cfc7007e70bd9df838d8d17d510a4ed65083d8974d7f61092abf453c Size : 1640.448 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\tnameserv.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 5e0aca0a33c98160b3f7e3e7807481a7 SHA-1 : 476f675c925bc71ff5259b12a1b97be63ab423f7 SHA-256 : 65f18cd73d518510308a299cb428e8383be77161087b25f9c4835067cde65792 SHA-512 : ae974899d8b0f139c294310095300fc15e06ec9afb22e4aa36f9e4aa5b10a323c4217e9346d83def26d76e261216ba083976d73ad336fe2067f893f2a7461911 Size : 591.36 Kilobytes.
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : c98c5b92214a597808339db17d8c2ca7 SHA-1 : 254c2797d7a959ffd09c06c3999e97c15e315876 SHA-256 : 7c490080a406465cb19c1ae11f10bb912c4186b5411a4f638c84de3d7700f852 SHA-512 : 366033332ec7f739cfe6d3c9ab23fd9714e61870782a9ccf77aae6a502f8a0ba698f1d70c1c1bb14b4257a3e66d0eae84367684956b27769535e6f114da05aa5 Size : 3095.04 Kilobytes.
C:\nidguu\bin\nURNEMUK.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : b0844118a790db2b40da196cf0e0a4ed SHA-1 : 93ae20ecdade9c68a731eaf41fca6d78e54a3263 SHA-256 : 69d8bd5427fd2095700ed9a95385463f120bddb17e3bd39ccface1fadf6544d4 SHA-512 : d78e157d8ffca54d0cf330ca67408606f262fac6d2ea2bfe724b3693339f434098becfff703aa50038ba71710c928243553c5bc2ea6170504e7a3ea3d2da1bcc Size : 1593.344 Kilobytes.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	Type : Little-endian UTF-16 Unicode text, with CRLF line terminators MD5 : c1ce18c9d41c2125ce6a99ef80b97b93 SHA-1 : ebfc418cdb9cb4b06122fc379024d871ec262286 SHA-256 : eeb682a476199b40238f01bf40646bcae201bb55fbbdf86a3e95a7fd1a251a8b SHA-512 : 2c82826c227773c3c159aaa506ff90238f5cee35f424f36c16a214af5efeadf7999e7ebe0dadf79cdbf03f7458b065537cac7a8cbc639cbeb395ec5087150b23 Size : 1219.95 Kilobytes.
C:\Windows\ehome\ehsched.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 4b75b33fae42f760befb242fa7ae1728 SHA-1 : 7febe52bd491b4711004f3d1b558991b3c3e553d SHA-256 : 20ee967de9a1779e0057aa1735cdfcc7278e3a01de9e13fa5932232356c3d233 SHA-512 : 34e120691f939f5c9e81f3ebcaa83bdb51b75aad32f0241e3d048453271f0b2eafefe5b052c1479eae5c5c82ed34ae993a43346c42a5b96a0afa1da7a0ad3ca2 Size : 1625.6 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\kinit.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : a3195bd8ea09b292ba4f433a85195005 SHA-1 : efa3d385bf743f078ca18cdf067890e7d7a035fa SHA-256 : 005aaedb4dcbafd58cef33b19465b0a30c436b627e11a3ed2313ee7e8a5478c9 SHA-512 : 79fb2fc4641993d77cf73d8b0e8bf27cd6365f80e343c09d7bb771e23ff99bfeeaebed74cfc03130c48c70875bf75cbff05053b1d02b0edf89cdb58ed11286fc Size : 590.848 Kilobytes.
C:\mctrlc\bin\qyCwoNN.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 1c1808c49626baf9079a03534a459e17 SHA-1 : f807db840d24577183366c13c496e040429a98b9 SHA-256 : 47ee48041f11bd350bfb89e8e028deec03abff0147123f91b73e444c1038191f SHA-512 : ca3b3f5c0918d5e563b48fd0b2ae76a214575e4cb4bded0172dd31a4e7a7cb515f1f467e40434a9535d9160e69a1cddd9dff3147805df4fa69ba4a5fb85d5d0c Size : 1577.984 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 085f2793b208290dae2ef3961eeaaebf SHA-1 : 514ba6f9e4be829046e4cd10e74fb88ae6214d9b SHA-256 : eafde8d27627558cf4e93d50d2df5a10bc44c1f5d5b31317aed3e0b613832904 SHA-512 : 4b95561ff613c5543d405f7392b81ca89b1e220f43c3cf164b010df5510faa9a9b65e5dd6077cec84f30671d2b40898edc20adf612874ba860c1048bd514da90 Size : 2043.904 Kilobytes.
C:\Program Files\Sandboxie\32\SbieSvc.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 58075942e76d13ede7995facc16e11f0 SHA-1 : 6a332345237ba4ccae6f7ba4f347c3656cd3188e SHA-256 : 94f7480a4bf757571360b488123f95890c0c9aecaa9c606ab452d66bbdc80ea5 SHA-512 : eecb255800ad9f509c3cb0787c8dad19cce3c1df1d18c4f3823d7b6db0d3bc795f056f2b0b51879e8e7b13116d7574a392431789ae77690883b8273848a1528b Size : 1637.376 Kilobytes.
C:\Program Files\MPC-HC\mpc-hc64.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : a0c95e481a7ef70e0b5d64e0f5ef7ed4 SHA-1 : 5f95ad26e202f9e7424552f20f66c156b40bbcb9 SHA-256 : 1dd924fec4553c3dcdc427a8010dff5d38f85de50cb9061510b11f9bf12171e2 SHA-512 : 06c0a8b44d64ca7cd0cd7bc03ed3d85d935501038920b839cffd51a7d2aa0bcd319123f9c30cc4b87c79465146643b3ef5453a8f022c8a6c3fb08664dbcdbb4c Size : 12779.008 Kilobytes.
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 6a0a05881c55882bc341364677fe4590 SHA-1 : 8f3ddec38b2d935bfeb8fa569dd13b7f92760d7d SHA-256 : f7ade2dc54f5ae9070fcdfee2cbd2eb76fe61ddbbd9331dac43a1b8416f73911 SHA-512 : 4fb2be0568a413bcebe7c815a86e37b4494b740a860a739eb3b4648663212e98b5233eb7a9cfdf37df513dbfd573259de83073fb018826c8fde60f1cda4b1088 Size : 1168.384 Kilobytes.
C:\nidguu\bin\loader.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : f84f31c96875e56bd3195790618738c7 SHA-1 : 5bac8809ac4739fd7f175978e6ad688819374066 SHA-256 : e8886952a12d9a7613a2454efcf1de2886e004ce7f8442346799740ea78130f2 SHA-512 : 61032121557a1e0ccb8becb5d3fbfddc20a6b990b8116ad1e658fe7692bcd8809e5805cc3dca02538ddf80bd7ffd16d547e20c1d0afd3cd72152eebfd45dcbca Size : 1577.984 Kilobytes.
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48	Type : data MD5 : 97e6c9048ec0c17f857e84a14998896d SHA-1 : e4f23c4a5534269d0df34a69f6c9e4d9d7608e39 SHA-256 : 42f73b4182a670cbad397f1d0f19de5285561ab2afbf9f6bec78a7e45e54ac44 SHA-512 : d5701845041af1d61be87d80189dcb9137ad5a6a76da9fbebb68a9c7b9c440396222a8d51baee4d856266980993ed12104d8f3cb43b690617ead4058645e5782 Size : 0.012 Kilobytes.
C:\Program Files\Sandboxie\SandboxieCrypto.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : b455fa322b8b50d4ed0645963f2e69c0 SHA-1 : 68d01d6c3426f022a329d9e4dc0a65936dc22061 SHA-256 : 3de9916c2b7fca32724ad6cf886942132a43579bcd1122c44951f05e5d680c0c SHA-512 : 79680e40f658a87d01cce17161501558ffdce372b8959def7e1f258a90c3efb8f21d1d3fe4bee0c91a59e82e8a408c8e3131cf8f03955565b2401476d245f8fb Size : 1510.912 Kilobytes.
C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : f4541c9e10a99606c2595cc0faf19d67 SHA-1 : ba50175c657cb5174c355e6b235dbe0a1c925ccc SHA-256 : 13818a3bcf29d0439a1d44e6770b4060151e0ed9454eb1772478745b953c5a2d SHA-512 : d65450330273890c9edc47842856f632a02a9e934d31adf6f41cdfd5a513988e7c96df0d999a7178bac04523f5e3db40e5797a19cca5b09e5bce9a78c7623ff4 Size : 1859.072 Kilobytes.
C:\programdata\microsoft\eHome\mcepg2-0.db	Type : data MD5 : 443f1105b798e6fbca5eb8b86538e575 SHA-1 : 03d7a47203c635afaca32e05be92047dbb7f49c8 SHA-256 : 31acede97f1c7c06541a9cab7b9afdd99cef5905745353fc49117e4ea260fd74 SHA-512 : 5b6aeed30b25dafcba714ce51d72c3f810396516cab49ea4ad50e3c0f3b9c67fef9aaa6a7b056235a8f7fb87272323760f128c3691a1b164b9f24c8532a7112e Size : 20.48 Kilobytes.
C:\Program Files (x86)\Notepad++\notepad++.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : ab0eac897177cc974b4486e1a2e4c279 SHA-1 : 9bb02d4cd58aab2593cf5cb35e02b554271c5555 SHA-256 : b7bc6089d56501e05e5321718644c1d4e8e319f4c9c8d1a08eb11a6b2309e38f SHA-512 : ab78f38fa9e21439a45c8347455ba1932135c5d0cbb803add2c5568c43f632ce79f7efc29ccbc1843638e8800aefc2f49ba3e2fee9c45cc69c124325e33b31f3 Size : 2641.408 Kilobytes.
C:\programdata\microsoft\eHome\Counter.mem	Type : data MD5 : 33cdeccccebe80329f1fdbee7f5874cb SHA-1 : 3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe SHA-256 : 7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8 SHA-512 : 991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20 Size : 0.008 Kilobytes.
C:\Program Files\Sandboxie\Start.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 5d20c5acead9cc117b8d92c034587de0 SHA-1 : 189b1bc332c4ecb111e82ac987887f22a4930846 SHA-256 : 2ab6051741ad37b80c5c9b0521b9c96d15bebc092e4eac5bd8c79974260d9ba9 SHA-512 : 387316e605cfa2ef8024368da1a63c339a4883697aff01a1cedbd57b2242ec92d988c539fd2c639630d4e144589d462593ff024fd08481cf83f0faff9740797c Size : 1629.696 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : b4b6e1285d0c93905a1a28d63422263b SHA-1 : e46bae4f2baa98c1eecfa6561b776c91b7b45c5f SHA-256 : dd470025d3c027ade0ddc2fa61e791ceb732dd029c1f9c6be950e7409c5dcf4e SHA-512 : 75ae5764096b118949da7d765f282a4813ed829cee4d6720b99701d5ed720f88b55c8b97d9be605f5a4e3f896c30f46bb21d93b2e848cc9deac735492558f028 Size : 855.552 Kilobytes.
C:\Users\user\AppData\Roaming\20503a4e5d0020a4.bin	Type : data MD5 : 0fd3d7ec15afc2bdf101bf992379afbb SHA-1 : 75e1dc15f8f64212e081d026a1d2e84316bde870 SHA-256 : 745f4d707a3d7b472e6683a5f97bd13894ab10ec014fb8c9ad94fe9fc34d7ac2 SHA-512 : b18d021626698ce86bf60a614ce9d8c8c79f56d175d4886c11e3aa24419f7c42de08abd8e10393028a2590accb8b9ef8c20bd797efee4d89b283e383c730daf7 Size : 12.32 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\jjs.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 1d206377808658c3c936a3f4bf9f61d4 SHA-1 : 80feb10be96a2f3dc8964826121b78df8b1f6ebe SHA-256 : f89ef66351797dd756d0f253b3b45c9363d3b2fa68de68e20b82d3f9b692e524 SHA-512 : 804f9ac6dd76d5a1ce9f287ce1c71a79201b35e97f929bbd3281bb4dfc446afec2bb276351104eadbdb5c9d2b475be0c608b4112f04bb2a74c323f32f6c3956a Size : 590.848 Kilobytes.
C:\programdata\microsoft\eHome\mcepg2-0\Root.mem	Type : data MD5 : debf14e30240c25648882dfdde607497 SHA-1 : 2dc895dafd796327bd3ebe58e47fe95566d9b30a SHA-256 : 541369e7fa5965cb3449d11c19f61cf7ddd90d3df1d4ab21dbb75f80183b5d8b SHA-512 : b1445d9eafce241db4e301dd351cf80ed58bb72eff23872aa256092df889885dc8ff94ef7ba19124ee70c8e70c285c269a29b5e76174876c28118f59a2cbd592 Size : 2.172 Kilobytes.
C:\bevevnhfi\bin\fQWmJDsb.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : df8b9245791dd4b25b76731e17328ee2 SHA-1 : 44a12ebb7e06b1a3f7b364a0bff91fe46f32fa9d SHA-256 : aa0dbfb5d3095125c61c2e896144e1817e24164cb8e95743b9c04206fc14e00c SHA-512 : ab360625ca6004fc115918337a7937061dd05f7ba51f96e97232652f1bf8eecd34b6a19272ca9a4486d9724b52d1519fd1751d15d61d0aa5b08d75905ec48b04 Size : 1593.344 Kilobytes.
C:\bevevnhfi\bin\loader_x64.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : f9a71f3baafeb2a497d4c85c7e2dca92 SHA-1 : 395f2651cf059d579b9f4ec2a9fa06b406d03799 SHA-256 : ec86b5ef406db78e98db17280a8de928f51cf349418783d6324d3317979e4c49 SHA-512 : d2ba8478152222d961714229fd7f8131b7e608cccccad008b94eaecf7a8a514e13741cfd93ae306caf94ecedbda5582a72d9dfd9dcba93e06c26547d59051dfe Size : 1593.344 Kilobytes.
C:\mctrlc\bin\FoNQWrug.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 203ca798d1ceed9760a21066f08403dc SHA-1 : 7b54f0499a9ca2f62fc5406c495eceb36f0c8735 SHA-256 : ccbf3b5fef0c6021bf42c428a20bd621c07e4c90fe34246d63d5e2e2f3e5314d SHA-512 : 8073912fd3beefd7fd11de7aaa464cc90888cca3931c20c9792ef543af0b541897cb14116d93c32fc2ed774816b82044a0fe7cc838568f4598fcc0ebface90aa Size : 1593.344 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\ktab.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 0b2e6a269c6c7ec35d5c70487b80c201 SHA-1 : b63e1efed3177827af667f75e65010e457bf6ecb SHA-256 : d76ac037b56d4e35ad38f4287fd8f67d789c4f86f07318379ed4ee8fef8142d7 SHA-512 : 18e9f03fce28f88002bd15f402508eafe99ec0267483ced2d05d7591b4693152e7fa8b9678a71494317630c4739d2d876e3ed5843ac4da977ed34f71ea901ea6 Size : 590.848 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 296c2326ff1f5055bc382adea7a76312 SHA-1 : 614d03c3ed58bdaef3b6643005f71b5c3907f686 SHA-256 : 79952a6ad683da354a634d63d1c90c3ddb13308f8512c72cea8553a637fb9230 SHA-512 : 5a2c32b11dee162981fdcc3d7842b85d09f96a7dc64ae22a8bc5066b203e3e505dfe50b7ef886daa4feef2d4c6058faf7386a02a77f17ba06d14249af229d516 Size : 1761.792 Kilobytes.
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 8c9e07944aeea1c185af9a5f9a414122 SHA-1 : 008d9d5946f2fef4db9f16f5faed329513484e9b SHA-256 : 40fd5e2f8a58d75dd05dd6d611a6c04adde3d51b467a5257e4e5a3b81e11693a SHA-512 : dd1d87b8553a6d421f6cc70846b9ae02037c300631de73926a377d09cea6cb26a26ad0f8b8eb5cb89a590e808964837fb9d79ded430b915c9147c43817b68dc5 Size : 1639.424 Kilobytes.
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdate.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : d8de2212f95b31431d65ddc906e98708 SHA-1 : 673429dbdaa2f9f7026bfa067bd6322dccc7b0a6 SHA-256 : ee8fe4f779d5ac46d7b5a03e7c991c4d54bb87548a220873321dad14822144ba SHA-512 : 8c5e48464588e633c6a57dededf7d6102dc1ae6a12c126dc20d53ad3fca58f9f19ea717868d8f025697effd8118f0e4da598b1607023757b77af785b392059ed Size : 1640.448 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : cba2e2669ca1964156574b996bb6de62 SHA-1 : 3f303fb05551511c0b770961614659a8b4536a5d SHA-256 : 440f32acad8b67fa65310861be2c4cf85fa6e5ddb656865ca3f9aa4b72f79d40 SHA-512 : b30b8ad451bb6bca8ea029a311878c7a2da8705d1576296100657981bd4fccf5d722a24fb0bbf974202251479966c9453fdbd6090e2bd688f003c31ea2a1214a Size : 802.304 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 9e25c3ac55a75ffad2dadac3f60374ca SHA-1 : 2915ba246904b0027c7767e546d8033f1c7d38b6 SHA-256 : 9c139dc88a8fc9071feb892070341572c262df8649f4a053d9b45c4aa327853d SHA-512 : ed037e4214d2e06a4fb2cecf4efa74fecc287b73f67de42444ccb39a1af10a2157607cbdd5d845898c37c1eaa5351196b2d6ca89cfe2a5e76b5d0ea539c8ffcd Size : 1509.376 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\pack200.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : ec6779e2eb550fa27fd750ecf528b0ec SHA-1 : f5f6946b71e5beb4692795a76d6aa178851f0402 SHA-256 : 548613a2a08090417c1154a902aa84b21ce398041bc763ce4b06325e52414352 SHA-512 : e7d9c3582850b165c5d1d641ee76b9b530b12f0fda40864c3ddb39527dee5265954967737b9cb7536a4f84bbc040332c95a969601943d002992e89f438dae261 Size : 590.848 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 82057e661281e364123f0d879cb4d7f7 SHA-1 : ae74ed37d8548560a8ff6573dbd391c9b953dbe3 SHA-256 : 89e2debdd0ce969305cdf51d225d57ced5c1d05ae560fa072a329473844a9fe9 SHA-512 : 7e7b1bca1277f8ffbc558d10bd8678db88def8481c2a24b42115ec32904f03a5ad39a6dd5ef861bbe9c8031c392a07859b2cb23899b724a1ae6bff57d5c925fc Size : 1744.896 Kilobytes.
C:\bevevnhfi\bin\loader.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 9cc4a860f8a204bb94ad45392e85bcb4 SHA-1 : b596f54e5aea099f6fb44bcd01904ead66a1b847 SHA-256 : adda51307939fa0e0cd3a6c5dec8009ae3d45aef4c6a1c67ff0bf83263a1aaaf SHA-512 : 3d6f91f0d898d76bbdd8ad6b0c5def5b01f4a4d1ccefbf3375ed60a13ce12958212c4adfe2bfa957f44eae38f882f3bce723af8d46b357268adacfd1a189741c Size : 1577.984 Kilobytes.
C:\mctrlc\bin\loader_x64.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 7a8076d2cda19aa4218aa56db29af75e SHA-1 : 7a2ee22d2ad6ad0252a4145905c85112000b5301 SHA-256 : 892686d044eb2dc89f5122a85fa27fc0533b0cd790dfadc57c1847e997508e5f SHA-512 : 46ee5149430ef676a54275b03be6b2cfd8ed07756f36cfd0a03a3ce49a7a2bc80005a6eb2c5385bf2beb721bf79d1d2bd91666e2659561328c8f92fa661b2bfb Size : 1593.344 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : a694d51b69d8f69654678c456aa89478 SHA-1 : 7c2eb91168ebc0e7e9bd4c0e6e80d0862fbb4941 SHA-256 : b397d616e1d4dd82a2fb4606529e6796395c36d593041c10d622bd5bf5778bc3 SHA-512 : 2c05c6217537c217903f5d916509da1df77d7a23f64bde2364c6d5d2df7b6dee170f6eb68522f2584f3ea0643b6a8952f7496ad8080888f1143400b30270273e Size : 719.36 Kilobytes.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\Installer\chrmstp.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 7aab8b546de34a4814dda79282b7be0b SHA-1 : 5126b484eb90f4edefc543ed4e115c0fe9c29929 SHA-256 : 23657fe55f0548ed73d47a64bbf70c9b48b65c3af05d00821b393807fcf8b877 SHA-512 : 89be2ac96b54dabfebd8aed230164a9fa20957eb77372b078219f2e44b744a1d011af2d44f595862887b1c07c705d1c12484c7c701030b84e2a5f163544d1d42 Size : 1657.344 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\OFFDIAG.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 826d1a0a288938e411b14597d298619c SHA-1 : 107464611cc5a9e4e3d76f05e5ea8dfd21cd671e SHA-256 : 575338d1ad542955036de011d4b5022f5111d7c1d6c549aef4cf29bc1bf03a76 SHA-512 : 312531814835126a1295373d76de21bb0edae4ad0601140cd1f5c9e77eb6499473c3b090f58da54c9214fd1da34f3f15e1c20f6ebf305f890ef2159836f16735 Size : 3446.272 Kilobytes.
C:\nidguu\bin\loader_x64.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 337136b87cadb7e38f5a8252ce7504d0 SHA-1 : 06f27b2b5652b10097f0307dcb611ff0c8c3a2e8 SHA-256 : 8a5813fdf6bb3233cc31d66bd249cdb5f96add099e6747a24689aa5a9cdb3d95 SHA-512 : 3e2b68f9b7b3cbbb3df678eee6451304f608086809155ecce4c84650cf35e7feb48643989c2b7cd0b731df1b97042cf1c62d242ee018e7df0d7b248617db4547 Size : 1593.344 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 1436ac16dad14c05a6cdc6b0d410a176 SHA-1 : a9af465d2f09f2bfcee6e340a1fd1d266a3452ca SHA-256 : bcfbbba18400fbf06e54a2b741a95367f017080e9047456683739093b5a6c3e8 SHA-512 : ad00ee389166714d13703bfb16cb49e2644df2d26c6cf32afdac259f40bf262ec98579e292490553165b83b79a006e8c0141ccff44a6191aafec5f50b18a3eaf Size : 1851.392 Kilobytes.
C:\Program Files\MPC-HC\CrashReporter\sendrpt.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 2c2d8e6971d5a992cc593a93bb0207c7 SHA-1 : 9cf1f0e836ca59d6011c7b329c0d92f059602dcf SHA-256 : 01fef3dd0f03d495d1b406b4a4de1177c760013ce40e0cc635409710052a7f4c SHA-512 : c8f84ab90771051486845ff1fe60ad2b4f2f46b6b49b9694ee131d85b7845807c0e7e11b1f8fa083c5482c26d06f940f3fa0f004d167fadbee59958756527603 Size : 1355.776 Kilobytes.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : e762674297559b8136c9910daba5a01b SHA-1 : 85d9240f57fe7cd89f3321a6cbf92aeab8844a86 SHA-256 : 1cf49990aedc4edc6d44ea8c11c42e024ecf8444aeab060d6c403855492517d0 SHA-512 : 68ce456dc87a9fc00b29bf37e5b7063cbe72a371760efd021dd5ce985e9649aae0795040ad270885f6647473878e9659124eca21153249c21236f626967be979 Size : 1587.712 Kilobytes.
C:\Windows\DtcInstall.log	Type : ASCII text, with CRLF line terminators MD5 : a2f33215a824f996cf347193f3a6647d SHA-1 : 967e0e74669ace1a2af2609c677f5909de5a8c5d SHA-256 : 18784d0dd330761fa4ff860ab76e6ed6d1e4e035a85e51af1b0165a7b751e69e SHA-512 : f69080d74a77200e514059cdec0349086f9191e72816945b3ad4b4b8b200dee9c873d97dba33732c5d4ab2b5d3ac7ba73c0c828c3fb594315b9390c2d857abb7 Size : 3.183 Kilobytes.
C:\programdata\microsoft\eHome\mcepg2-0\Blocks.mem	Type : data MD5 : ef2e0d18474b2151ef5876b1e89c2f1d SHA-1 : aef9802fcf76c67d695bc77322bae5400d3bbe82 SHA-256 : 3381de4ca9f3a477f25989dfc8b744e7916046b7aa369f61a9a2f7dc0963ec9e SHA-512 : e81185705a3bd73645bf2b190bbf3aee060c1c72f98fa39665f254a755b0a5723ce8296422874eb50c7b5e8d6bcd90175b0ba28061221039172a3f50e8902cc8 Size : 196.608 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\java-rmi.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 6ff056c7e37f7c7c7d8fe7d2ff344a2d SHA-1 : 52827b17f8af501f9b8a39438ec88d22c932dd12 SHA-256 : 4b2092b72dde3fbc5f2624769e29f11e6d36ecf7e24c54ce51fcea67d826b0b8 SHA-512 : 1f2d04de126c847633b52587a601562c87a75a0a49be86b2d2351079e95421c2b2980d3f949cc76bb9161e144550984e67571cf132917d8126caf2be7bbe3ec6 Size : 1508.352 Kilobytes.
C:\Windows\sysnative\snmptrap.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : dddcc15efa8819f98b2fa5280322cca2 SHA-1 : e93f45bb8ac9f7116ad0f98e9e246fb95c6a20bf SHA-256 : 85e60adeb98950005cad026a35810d56d5ae56347e11bb3393a7280a6f031b39 SHA-512 : acbf245e4095cc45265ee17b617c672400324e0be9a9a3f3eb93587c3c809807a3849b26ef0dcdff030a5a44d9f3ff62ce1b5dcc7b5210ef83e3689d69b2903e Size : 1512.96 Kilobytes.
C:\Windows\sysnative\Msdtc\MSDTC.LOG	Type : data MD5 : 517f82d80327655af41136c642f72f36 SHA-1 : 0ff9cec5885818285f24ea96314dbbf535d80b42 SHA-256 : fedc813824f92c2349e36b1e9ae0295577a21ae945f9d80ab8c3f5476efe1730 SHA-512 : a693b372873a0c48b402e619c34373cb9a4352f962865c0f504bae5538b6f285689e2cdfd0059c99d05289fe34ca3f0ddcee7c0683a1f14e9d43c62199986d4d Size : 4194.304 Kilobytes.
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 00dd575b498c3e00094bb16fff85634a SHA-1 : 086bc0a3972c393716ba3eb6cfc9f11b462e5d20 SHA-256 : 0741aa2920ad249cf8e587c4e64dbdc23cafa6c82fe90a0232712516611d8bcf SHA-512 : 40a6273e1ab4acdccfa9f56aa816c727cef7840d6637ff7562c661d03e7ceb726e1815e2535d9be6658ee063264b877f50db48b7e247d4880e747e4650ffc3d9 Size : 1506.304 Kilobytes.
C:\Program Files\7-Zip\7zFM.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : e28565f9de0fd7929a875b761769b494 SHA-1 : b1348583d65733905f1822b6b2a0cc3056ec0e59 SHA-256 : 3698d4e55f48065e755fe686d4c6ef827fbadb079f9a31334aeac5404461e4c3 SHA-512 : 4cc18dd90af90f04e281b57c1a8ca18b0284721088c6574dbef2a27c6236cf6b9e0fc0d7870bd584d270398ece00897eaacbc5b7bad23eb1b5c9930caa7be99c Size : 1416.704 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : a9a5d0f6d677d108be43d02daaffdabe SHA-1 : 5ff785d1f292240e0900c16c080e093a8cfe9b81 SHA-256 : 322ef57fa9ed435c63f1317210724b6dbc5c73fdc651a58c6d1dac8e4707e8e7 SHA-512 : ffbbffa14dd1c6ff701620e4d1885d0bb8646d620d7a954c95317c840cc7a8a83b816057c2ebbb80983b8e1e48d05036eb9f12a2c8ceeff8da7d3e266fb42cd2 Size : 743.424 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ACECNFLT.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 94680d7966ba71904de97f3d9c5ed6c2 SHA-1 : 2230fb97fa6f0baa022e499c6d309fa535403da0 SHA-256 : 7bf5fe28206e8d70197627a20f6fe9b0235e8bddf5794f853505567a4b099db0 SHA-512 : a0d5d55bec9731e119ea762fe5e0297d8a9001f668889e3feebc4ea494db63c32c3dd6cfb3a4414ff2656da27f06ed82a08ed67ae9eaee45d28271f3a85cb728 Size : 1548.288 Kilobytes.
C:\Windows\appcompat\Programs\RecentFileCache.bcf	Type : data MD5 : d3047b7d6adefb3b2d4bee4dfce417a5 SHA-1 : b7c38f10ee3f17b3928b2340afbf8b5259ebf6ce SHA-256 : 9f89a2968fb87241808f0cd6ca4cba0f2fcbb8e60626db03efc91cf359f016d0 SHA-512 : c713e4787777f58f999daf90ff2c8baf99874ea872f54924298416ad14cee18c712da5c5d367658d8f2a9348456a205c70109a6c99fc79e2dff47984b00a71e4 Size : 1.28 Kilobytes.
C:\Windows\sysnative\vds.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 1ac429fe2e3d4982b4337db30db588d4 SHA-1 : 22c14c7b8cfe2dbf0de24fe56afc56c3788ae816 SHA-256 : d9389e1cea36f33a3a89396c6268973635ca45ef2bde88e76d9430ed51c53c79 SHA-512 : 0886de58148c91644bf15176e89fbd7dd7a99275233fa6f708239e6a02255a7ce6d606815849df93169fbecd1c7726712c49a45fca94b8b5bb474760c8df0719 Size : 2033.664 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\rmiregistry.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : d4c91f628c224ea817e1e88a8add67af SHA-1 : 849145f8b1912437eee8e791a0aaa68fe13c9794 SHA-256 : b20461a9d33181ffd0f067278c21c89fab959c4b15fdaba4cae8c229317a88a8 SHA-512 : a35e2f398ff0a757d19eea2d063a2675e45d07b91601cbd649d6ce85b52e8d7759d7e5ad2dadd71669606b0112f58adf4507df7a6ac3e38d8552cb092d340fbe Size : 590.848 Kilobytes.
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log	Type : Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators MD5 : 2e0025ed62f46220e4a0cc4089457638 SHA-1 : 70b3ad7afddfd0316a2cef77ccfbd045cb1504e0 SHA-256 : 21741e2f753defdaf96c813f4244d8c8cb2d86a91689bf34b8e3fd0fdda701a0 SHA-512 : a7ab1f501023571af1c2b8f8bc7801a410a27e8688c92fa1f62019cf93b73817640e8de14c22a3691c804647c037ef3230531db570959c550924a12a5be57679 Size : 1274.882 Kilobytes.
C:\Program Files\Sandboxie\SandboxieBITS.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : e1ab4ea21013a682811ab31952e79723 SHA-1 : f650c781feba30ef27450197d3acd1cdde656ead SHA-256 : 5935c38847424247b4ed9335158de7d004f6e35564e19a6cc8f1f3a2271af93c SHA-512 : 728a65eb47411e85b1af7521ea8ba708da00c23dbae360d60ce3244d5e840bd91f64a5c9f0b025b0a1b164a33c47e390603b26d95204d52f1d967fdc04e44e7c Size : 1508.352 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\OINFOP12.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : f5908ef9cf401ecaaa7833e47eae2bf9 SHA-1 : 063985539a031e77e208158903b1545eda78f945 SHA-256 : fa13c987ab4f90a5e08cb396c76db85a31b94879ff93caf2f9371f183801ae88 SHA-512 : 4601f85533aaaab4e0b1e1fd77300ca8667406e594bd620dd7b14bfa604487e656b54569a4aa0c694a91749894f74ad20297feb3c9935f60868a835019537d95 Size : 1580.032 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\rmid.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : a723a22e5863a95bc1b0c6c5819ad4ce SHA-1 : bd3b478b708716f0322c749a90852dbb939ebcee SHA-256 : dffbb320b62f22d281eff94dd4df08c9c53c41f882b173dc23d482d8d1d1358e SHA-512 : 1946662e947b105ecd05101055899072eb18338e0c0d6531436ec82a72d39bbde5360c45bec1b36d1a88c2d0ab1eeafdd07b6149a344e0ae48c6b6afab6ff09d Size : 590.848 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 3d0e397ffda898aff3c35b9c9a8be54d SHA-1 : 9f7a667e3ed069f4a9760ba3c03afb8b01e6203a SHA-256 : 49de67c336f904e9f713738083dc1e45ad6ce576e784d2a146d5f08885e50a91 SHA-512 : 8d69c425eb1ae4ded56bf18f51f64bb1f3f6cd73aa551597f09c39e4d2f35ad506085d8f469ec101315b90cb26078588d4041dacf1892b109aa3c1dcb284e9ae Size : 2035.712 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSE7.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 8a74ee8d322402e61c856a1590b30754 SHA-1 : 29f904b28b7fbaf9a3e1ddf74c3bb1ecb584a0c0 SHA-256 : b0546668192216d91812a5b482e61775218d7addce43613583939fd1ca314f61 SHA-512 : 1032dd45a7280a873cbade218320489454169610524b96d120d6951a2f66f7e5fa7f6e576c91124f05dc00761394cc93795dfc6c03db0ccb5959b58beec345b3 Size : 1541.632 Kilobytes.
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 00ee5a46d93d7d2546962a9c4e1db805 SHA-1 : f006e7915f5065f9b3f80fbae857399584a5427f SHA-256 : b3c93d128bcab44e531ffc717971bb5c42d61689799713d5e34b7050efb45b4e SHA-512 : 00cd42e715061a0942842b10be9d3ed6060051036a35e409cd03619c9e4c0958923dc2cfd079c1cb694c871904f7c29da489be81682bfa07503aace2b442861b Size : 1625.088 Kilobytes.
C:\Program Files (x86)\Notepad++\updater\gpup.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 4004152f30a51e65c470c8cd1ddfec00 SHA-1 : 1320c2c59764a42876d5ef03fa50a6d37e0ee977 SHA-256 : c33ec6be7f9e8993210a2b1e83b4ae3fca6c6f5c5cd7704805620b4c9141f349 SHA-512 : 6e25ccdecfb7f21f00909a609ba0952c63db2fc85a83c7acdaf9297a28dcba9f3f345f71c208587788988a3539c288f1a8e95627d30149bdb4dbcfe5eaf5c407 Size : 859.136 Kilobytes.
C:\Program Files\7-Zip\Uninstall.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : c5a958aba58190c6918319052a153fcc SHA-1 : c3d6445303de2766014c27f7d5c919dbd2eae37a SHA-256 : dae702c8ee3950bf52d81e49beabd1f02c6cd639b9a69b0f3ba9cdb724b1a5b6 SHA-512 : 1c14bf7bfafb98a8df54ccde323dd742dbea8ce9281608b88bfe5b6b87b5af08d88b5fa5d04ae13d713597d4eeaf32d9d6af7df396d2c000cf77ac09313b2664 Size : 1513.984 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 7bda3ce9f9486214d39edfc7db26c164 SHA-1 : 47c553fc521d6d69495bcdec1a287534b9f1f198 SHA-256 : 92d67fef818cc00a5fb3fa046a7848a48b0551e6125a9ebcc50ea839a22b04c6 SHA-512 : 0f70dd0af9d1cf08c5c1bf1c85f2ff1f04d2456d563d2c05118fc084b7783f6cf212987815c7af7fe5dc362adadfc4ba653d4c827140e4e170f6fe43285fbd6e Size : 1685.504 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\klist.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 43b7f886f83642b24657a22af0f94e01 SHA-1 : ee2537f1f5e4528878b79d5fbb3e2d0b9a7e2c64 SHA-256 : 90c36dad9a1a7c6e2e8564fd2ccf4c29694d9a07a5c2a8c1f222fe086e886c4b SHA-512 : 761e1291edad2e67894372a2e9317ed0570997701083755e7bf031f393656328ed2b3b0c01e6e65c29d9fbb0e3a9a9cf5b68a68f1b4517f858fd196522ce1f9b Size : 590.848 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 422434718d923f98ae40453da77775b5 SHA-1 : 1d1d9a8693f080cfd8d499138921f205a3f7581f SHA-256 : f9c259d0c43a33c682be8f16001c57c9580587ec05511be2fe777ac18f0077e8 SHA-512 : 141d78c773e39f7d52b57479a55b84a5c272b6698e1f55e3b26f82c403da1f351d81b1daf14e07aef631353cd5e4898ba419cba0cfe33b3d5e08a1fe8d6b91a5 Size : 849.92 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 07956a72aedba00c7ef293f00c668383 SHA-1 : 3a6b1e09559af763188002da2750bdde7b636b82 SHA-256 : f9511b0b407dbc66fe16c7586923c2d5ae6f5132dcd0fbd0def79f245acfc1bc SHA-512 : afc2699617b3ba3c36645dc9ce664dedf3436b89bccd83412c038b6a7aa38952f398f069db5b8b3fa431f66d0d4f63d33f31d47b9a12c8c0f62d6eff0e45d688 Size : 1686.016 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssvagent.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : bcc72792b4c9756e584a4843c7eb358e SHA-1 : 7903053f3093c195408c1d6f234c6ef42f690370 SHA-256 : ff8d350044337f01675965ae7cb4b3fc27c1a35926c3ea21afbaef01a22e4a27 SHA-512 : d9c13ecc33423cb6d27383d473fad93aa770be3f4e872ebc9d02eaaf4f6d18d021c300fb9aa5608a3ee0f2be7a603bf19b7201e9e073137440c1ef91c77ef670 Size : 624.128 Kilobytes.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\delegate_execute.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : e3c2e67ff6415662f745c598fa609c21 SHA-1 : db1563ef2da7e4baf9ca5ab2e10b871ba2edfd50 SHA-256 : 5fa9521f38c6260d20fd6e811e8deb9dfc9cba80e63a10e9562e3f4ae50ea0e8 SHA-512 : b0cd753e874cb167ef70d2c604686914580c8f387b405062cc4604dd578b531626bc2d4b66043ac0e17f2d4b437b21c0f035edfefc1f2ee988bbde3185caa18f Size : 1300.992 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\firefox.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : d24135c9011535ed3f89258bc9fea201 SHA-1 : d94c78608891122dd1b4778a90e4d32f49f46d26 SHA-256 : 9cf5a244f385aa1b71c82338921f0eb1748aa0277c691cf992e128aa32305b01 SHA-512 : 4bcfaa60404910695553d26b5f2c0bc23eb860a7b87f31d64f139055bd9194af09b69042ecbf3c7e22ed8b54fb7b0fd7de1366592ea1f716656272292c67eb10 Size : 965.12 Kilobytes.
C:\nidguu\bin\rhfuTcC.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 730071b739204ef2033b42a62e96b3cf SHA-1 : e221c7621e8e0baa060aba972fbc500e2b2cf8da SHA-256 : 44e856ae97a830c1bb1aeeaef0371d85a16fe522f735a83b2792c60d8a52951a SHA-512 : 701f9e353797d03d1b425dae5065889267dff79a9e8b281a036b3b926be4f2f5ebfbbabf8288336e7834ed4ee7f606771d520a065a3e0093ea75c1128710f2e1 Size : 1577.984 Kilobytes.
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : d2c398c162a1d7472546904acc59e31d SHA-1 : 647fa39ae7cb82a3877c6d537ceeeed363eab6e0 SHA-256 : a508c5f43179465ddda967dbb71c968d793e5274768dbeebb1940502f413222d SHA-512 : 32e14527f985bbb692a0e37fc405ad757fd5617d526b567e53f9e7ce6cc78e2e4ea278af71e9a8b9bd2cfab56606634c44f8a8291051ee8a22af9caad1964197 Size : 1581.568 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLED.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : ec5a36b9c7db73ca80bcb4fe2b5e22d8 SHA-1 : 735b4981c7cfce3db289b706771b603a95603945 SHA-256 : 840e436644e56ea957194077e3068dd0aa6158e65ebe9e5dc76fb18bcf19f2d9 SHA-512 : bd39b2f0e9c72cae34fb5464055de188e4b8bd4efdcf8fc469a1177d8b987d51c26c1591e22d9c2e4568febec77a4ba40527c349c02a120858ae66eeac68ed27 Size : 1550.336 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\SETUP.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 7cb4f96bfcf71680fd406a3d2c57eba8 SHA-1 : aa20e90e805df5a358ee9bceac3a843159f938b0 SHA-256 : e0fca2b236aef4bc467a38701fa0880cff9784bd4edeed2e24d517bddbdcdeff SHA-512 : 2833bb6958a87f45ba01aad737f3eaae8bd00e8330393bcf5f727ac2c45a45107c63bb6a85beed131f78b982477b32086105e1340f29e67c49d6241b5def2120 Size : 1933.312 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 95146e3c59964b51e3d6308d45f60d2e SHA-1 : 9cfe4afc9b217a2410f9bdfa3b5ceeec9d568209 SHA-256 : 46ccca48b582fc4ed1ac08cbf961b54260fbcaecb91c5e49bda9a44128cf6118 SHA-512 : bd24ccfd31fe50fe12bea162efd736ad8e34839ae23aed60955e17a4f6770c83a8f1bba37a23da78e28af0f0913b4f020f4242fb580876df8d9fb141de3b2c58 Size : 1927.168 Kilobytes.
C:\Windows\sysnative\msdtc.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 0ae39b50434df07534c242354c103893 SHA-1 : a1f5e2d839efd391d841764d250bb73a301d83fa SHA-256 : 1ffb786010c603b4b200ee421d3a236cee127dd8c107ae323bd70bd71923b94b SHA-512 : f0a3cac4108ae6a177af8bc383992d40f90e93a142ff40c3ca7ab4bb8202e5392869206de14816cad89e4c4bdd0f2d4ab3654e7b84744f98e9942568eaa7a9da Size : 1639.936 Kilobytes.
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : ff4992815dc0713dc3af7eaeca671cab SHA-1 : e28d60fc479a5bb8f9756a5692941b0252480991 SHA-256 : c8fc0c7f4c7614d6657202603f9014ffc0094b180bb9f6d7b8925aee21960f80 SHA-512 : 0d01930de42c3e68f4407cee7dcaf89b1900123f67560485d0a9969be4c098ca7950dac76dbc289e174a0c45506e5787d045d13c0e0c989dd93aa5454f764578 Size : 1589.248 Kilobytes.
C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{BB1BBD67-ED8C-4496-88C8-4131F3DAEEF5}.crmlog	Type : data MD5 : 184bd5b188ba9bf4aa33b9a4f2a46829 SHA-1 : c5ee129c5a60c7c9a1973283fed0313043bc6058 SHA-256 : e93916fe454f9c68c3f30a00a7361f39e46ea2b1b09b56ceb6f9966cb644e5a1 SHA-512 : 325b28b9494fe38b2dbaff17092e32400c7cfa6729b42c678024d8ded624037617287e9ee21dd5b4f63430117a97875d6a4c8cca881675c645234ee23047ba22 Size : 1048.576 Kilobytes.
C:\Windows\sysnative\dllhost.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 45e6e31bb6788e0137e878cf533a0ca4 SHA-1 : abf6225d1efcb021f1822b1cddb2072a31f6d15f SHA-256 : 1b98fe5ee8b8e2f4bed49358263bd1d9147213c7b4122f2bb52ca6e1be945c59 SHA-512 : 3af06b8e0fd71f9bbe92e322b76b1eb0885a747cf2f117bc936da91fcbebbedff285bb9b170c1e6d01f52b03b087c172e8e1b0db37160d88c56b0f18d91d75b6 Size : 1508.352 Kilobytes.
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : bef4a6cd92dc3bb44f3198ad00157960 SHA-1 : dfcf6f5959975a07a09eaedd917a4e955d03053e SHA-256 : e7700a4e59052d15270a005f47301f92d361c98b26757c17d98364fa9c1a7339 SHA-512 : d4dda1fd7c08e4a9bc1a6ba55d15990dc5799ca35edc6695032cdd23b3e6acfe9db26aa652fa0c5aeb819bcf5ba270f13f3ce10fb8d22783c444eb9e42763626 Size : 1533.952 Kilobytes.
C:\Windows\sysnative\Locator.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : 17405a721697fd3d2770b76f66ac0591 SHA-1 : ca811373f9ac3b22b5cdb4093cca399a82cce7d0 SHA-256 : ff435f22c70f1e222f9c096704291fc24aaab6716858f04bfd8fa1a26963fbcb SHA-512 : f26a4702db17c52a2083a6ea6cc24b16d71e01e06c2add219c38b4a525dc626b471c92071c7766ddf2fa9f746b8d04e6baba1e100f8bd924e2ca07d2d9ec66a5 Size : 1508.864 Kilobytes.
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 4c2a5b43a56ce807a64a531e102f6e23 SHA-1 : 2235170ac8ae092753b1ecd1486bb59c67361ecb SHA-256 : 5f3f2207e8975fc2835a20b33ce8421d32644515b2aae8f3a6be5fd5217070bc SHA-512 : afde60b916969127f3f4e0ef36280aca6880fb6651f110f6f291ba439c9bde4d25b60a74c6be83250dca2406ed3623565025e6c6b6285596f300eb60c859a658 Size : 1515.52 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : cc382f13e6a49c7051a418f731a7e7ea SHA-1 : 7c0c1a5ba8866dfa111247a6923ccae6b283c767 SHA-256 : 5d4fdd2748f851edf00127aa6b71cb76f8c45925c294f05ffa74e957e35d4ff0 SHA-512 : 7d754e3704d8099bbbe44e3eaf1a7e9c722f1e4d9eadffa06652ef4c73d0be4281f7af7b8e2e3ce1f49879060ef9cb28555ad9fc786b0ef0e7dde68e849c0caf Size : 1532.928 Kilobytes.
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 4011768e2d005213cecb487a76e7f700 SHA-1 : a3b28c6025f47be82c6df168cfab9c37c2e74d06 SHA-256 : 9d3478f1460aca5b3b264e1560993942717af8704d3afef9175035d88df97437 SHA-512 : c1b59a10f1d75711d6b34ffdb5e59b690d632496e900871de0034f4f79a975e2f1ce7ac28945b7e6f5ab2318668eb63156a196e1ce8aea5f73a54ace40e82dc0 Size : 1930.752 Kilobytes.
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : e36d99243cff7d8621326e57e9dce0c1 SHA-1 : 47167036b0b2190dab7d245b55028c1d75ea5156 SHA-256 : 1a25999fea30edf24c45ba831093ebe7198f7b963343076aded6de2aa16b0316 SHA-512 : 46c02e447173724a19e9324a73c51e758d34053111d138a1f962b8835330f87086c72bdd6d64fe20d7fc7bc262eee720e51b267ce78e0a48bfdc2278c87d2c0e Size : 1608.192 Kilobytes.
C:\Windows\sysnative\msiexec.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : d1c4eb54f0b7b3d0aecd34b25024b813 SHA-1 : a9971843672987af2ae598ff0b6ff095ac047d53 SHA-256 : 707451f11fb402cd286a1e1d6b3964a42cae8541c2481b9ef15679d24b234c55 SHA-512 : 50dda87268b80140f0d96db3141cb89daf18e0d1978b9eeb23b61cbdd5c5f798dbe108d6ecb3e29209c57c337a7e6c1b0c1981d17983a384292934654d6f305f Size : 1629.184 Kilobytes.
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 52cfadc524672f8548d4c2a8f22c6e70 SHA-1 : 855c500bc04a15df0bb39be65ee722d36008f07c SHA-256 : 00c27f727bf593e03538a557f24a464bb7206f8400223b49d9a3037914ac39f9 SHA-512 : 77d827cbc86081c5e966dbde540a4fdf81122d7db0d7d9cfafb1048fde66177a6da2681e9dbdae738a7670bbdc976b82dd985c9848307cbffeac4299709839a3 Size : 1585.152 Kilobytes.
C:\Program Files\Sandboxie\SandboxieWUAU.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 0e0f11cdb9d66d8b56c82d7f77565315 SHA-1 : 72b1a4ce8ab9a253f956114923e14c29a4029aa1 SHA-256 : fa5ef2b95a9790a3fd4d498af29496b2eaf4cd89e78f896a2f5cb755880fc0f0 SHA-512 : 2a406d6d0ac4fd99c42af376d97ca227d104c80750ffc6df02f86134eb6a3ab516cbf7cce781777644e4b4c9514b1845d437bd79f9d4769a002d3b45e36cdcb4 Size : 1509.376 Kilobytes.
C:\Windows\sysnative\config\systemprofile\AppData\Roaming\20503a4e5d0020a4.bin	Type : data MD5 : 6f05a30a7d4630bc9dc1bb680fa2c900 SHA-1 : d1336f34c660b5495cb596ec19bf702c74e0d90f SHA-256 : 678ef033a6a496515e8756dad4ae377bce664a2d87dfd9b2eb59ef7dbd87272b SHA-512 : 7dd86aee88df1d83b2939a5fa59c157d04bc2eb0c106724463c5fc01afebd6c14d6c9094f56f84e47ce26746eabcb664afef60f43de08bfd08ca058260ef9184 Size : 12.32 Kilobytes.
C:\Program Files (x86)\WinPcap\rpcapd.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : c19b75dfc1ef808f8c0ce355263ca735 SHA-1 : 5e7f6a09a0a5e8c35fdc0870c2e3b8a1f9f7bba0 SHA-256 : e78266437c3b4d61fced98d220fa083d73c8d9062229dbcaccc428bca171ca1a SHA-512 : adf7d224b5509cc9430d30738e806c139138e58b7d0bdd7848c71b7118e9ebac7b81069e896534025453bc3e7487fdaa15599d2798e276911a3aeeea11a96d77 Size : 1609.728 Kilobytes.
C:\Program Files\7-Zip\7zG.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 49b941396593850b52cad955f2afb96d SHA-1 : 1573e1cb4c987d8e93115136e844933faa406137 SHA-256 : ef1ede9916c6c2a11e0d8388bac0b65424e0bb8577afbd64cd7c45920fd86270 SHA-512 : 60acb02bf76e8852fcc0c6e1edfffc0d1b5200177384fab6745106762d5c53ac3a026a3caafd091281526535a892a9155915e439726d2c1593d9721bb7818657 Size : 2055.68 Kilobytes.
C:\Program Files (x86)\Notepad++\nppIExplorerShell.exe	Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : f7dcbb95b2e8e45d0aa468ca5ed29ee7 SHA-1 : ff44ef8c84c14b06f475f52c56024b9576afa141 SHA-256 : 19d4bb70a5eb92f63054d3221e6793dbc14fb77dd305fbe2f4bdc02b00dbf931 SHA-512 : a5f59f72a930b4088925f8efe53161dc9933c17eb8d3ba56cf498b450d882884365dccaeb9516d5b126c185789723f3494f213596544042d29a22f96ef182ffc Size : 587.264 Kilobytes.
C:\Windows\System32\config\systemprofile\AppData\Roaming\20503a4e5d0020a4.bin	Type : data MD5 : 89e24e8517090624ab86b99e41ae6076 SHA-1 : 2b375505ef2bbe91fe34c272c658b722aba1e414 SHA-256 : 0646a1a01be221ab984c2a68ea821efb120904d7c6ee2852a39e3f38e3000724 SHA-512 : 5dfb074774a3832d5ad75cfc88183e1e42789f66452342d4d590baf99ebddb08af4e1b8f87a794bbce293b89ee05afb6877b65d99c96ebe1ffec78c08f7bc8aa Size : 12.32 Kilobytes.
C:\Windows\sysnative\config\systemprofile\AppData\Local\CrashDumps\alg.exe.2472.dmp	Type : Mini DuMP crash report, 9 streams, Sat Nov 9 19:09:23 2024, 0x121 type MD5 : 1b51a1afe3f866406d873b0b3531097a SHA-1 : 5d7235e286ac725754cd9bb9c364226cf1b9f11d SHA-256 : d2f266e65fad60eb25bd23d5d8ad5e58d573ead5d8b922c7088ce1a3b6a89041 SHA-512 : a0b1ec3d0de7adc9706d9830fcc7836a933ba303c5b2e5de458fe38d5e76377c67f6b31b50f92c005ed870a4407609ae0a157e61cac8de476534d9dc60070691 Size : 2092.202 Kilobytes.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : f26e010ff6bdc64d8a032e46ad701986 SHA-1 : 153fdff9180edbccc2d5fdbfb159b86b372e857c SHA-256 : bf1f97ff07bf85a32a820f118662360bb5357ad941c506257f6048c07869166e SHA-512 : bf86fa1e884751a4da269effa67b69a80db84a5b79f61b7d64ebd1f716b7a02b1516c0fff4c2fbecd27f431a1dae49a12e6006ff1767622f1269a3e400843d19 Size : 1561.6 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\12.0\Debugger\target\x86\vsgraphicsremoteengine.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 7969ef469864dc40e8dd9ea437f91630 SHA-1 : c6430387bc00c6854ee250deaf9fcc50040cd228 SHA-256 : 6750e77089cb481ab96f93e2de540f3a1c3c49a9924648f2ef51a003b3b41a2b SHA-512 : dc1269797adcc418ba7666038f65256f93524437663f5f689ea464142c0386dd8c02f336c7e87df91ea538820f0b43a7a479b272050c3b46b5154ba3d02fd861 Size : 4574.208 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 0c414ddaac907bfe87d2247466e1f063 SHA-1 : 0592bf2c1623b2a29514cf0ac2f6eb83fef292a1 SHA-256 : 4421f0f4e923cd1f9654d2d4e5576a91f6016331076e8ebfc5fbe9e6da4e470c SHA-512 : 9bb46530da891d26874c054d3138d94f5d3f9ed4705d2243e7cdb3d0c53551bacc8011752ee1a7f696528ec5ea92dfb6a75e9c64cc2bde199e931a252de8147a Size : 1773.568 Kilobytes.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\Installer\setup.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 951081c69e92859ed5bb5aa27e6a5cf4 SHA-1 : 71268cee4c3777a966910b7727f5863a44ff0a03 SHA-256 : 76c24227a9fe4a608d4abf9da386d544d0bf1e3fe4d977f48afd53987a4244e3 SHA-512 : 00333a9bbd8abe33ab8ac8db13b28c10fb75c6f3be2e58ea873624c63b4ef9dac4679cddbd204ef3cef0317edd6503d112b212aab27a54b9f064601d19566e3a Size : 1657.344 Kilobytes.
C:\Program Files\7-Zip\7z.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : 42f7e85a3b2d2b394a533ae008058388 SHA-1 : 8233aad098bb71c0ddb300592aec15076f604a0f SHA-256 : 7ae017d7c1c14cfa2f7fb1ab4f46feb8f544516441181021b34f0529d65e8599 SHA-512 : 47386ad7ad6b45d0c8b3bae42e3404ab6a1fcfe14600c3eeb733d8694818c2f7d3174314710d91423ed963243c80a8249f67e994ad330940f5c7469c6062d5dd Size : 1945.6 Kilobytes.
C:\Windows\sysnative\FXSSVC.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : b9061b733278b836dee306381d096b57 SHA-1 : 3a18c8e68ffcb4fde8d1e7aed06e00f83274a6f6 SHA-256 : 2934bfcdadbd0572a71a2cb4e67c5c547e6dc37067aaa74084dee83f993cfb5c SHA-512 : e4aef988cc067d454c3c6d0bd9956d944f11dc1fe61af6208daade3ab7c76d6ce84e80209bb162a33b9db0467065cc5ceedfa4b2800e24aa8af903342ed5dfff Size : 1269.76 Kilobytes.
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateBroker.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 4aebb3379aadc9df4bd0d88c6141d8bb SHA-1 : d05ef273476789d7caee2d86d2b348b70216792f SHA-256 : 199c789dd762c17303e9554b0f049eea455c641a3c0016dfbcb7418ecf58e5a3 SHA-512 : db5e6149e1de624d1820dfb116aa086768ec0184f8698908a4546fd178f91eb0060b34e395577859eeb36d4f743dbd1fd7352b730ffdf8aca1ea381db966726d Size : 1581.568 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\unpack200.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : d26005bb270818cdcc004f9c513023cb SHA-1 : 60ccf1a15efa07b1d164761f25dd15b7d9ad622d SHA-256 : 7851dcac3fc940e63436952c1b5c7e5a5817f6f4ded3d027efd9455bc7ea4eda SHA-512 : 7d1ddae12c6a03c3de0ffa68b53dc67f859993c650febab97e875fcaf210ee966b185674d6739ae80c011665b74345f7d85c80c4bdb5ffc73c0098d2189ad2a2 Size : 731.648 Kilobytes.
C:\Program Files (x86)\Safer Networking\FileAlyzer 2\unins000.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 543cf00f28b31dcef848cde783d43466 SHA-1 : e5c8ed23247c719661c1b81e9703a004b3babf34 SHA-256 : 9fb49a3e968622a32087a09758ff81d7b61f3cac2448f3e739d04f2fa16d3b4e SHA-512 : 5ef8e32f65793281080394d9937e1fd401a44d83aa800193787a15d9b18b8e90f5892ccc7114fdbd4f7d7975701d08e631d43a56ed4e3d4f199d29d4b1b860d8 Size : 1283.072 Kilobytes.
C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : cd204d11a86956a372befc2a7f9c714c SHA-1 : 72e5ea27209a452e6fe864850ad285fe0a24126f SHA-256 : ec928f94a631c93ef6c31ce47e244c5af7cbed91c634cb435caeda4e76a89bc8 SHA-512 : c67e222f8b1f8868a003aff47cd891d7a8e412d3496e6f737ede26e88c3ceefe30b5b60220f05a8c6322c1e16acced55cf086ea914061793eb2241a431569833 Size : 1584.64 Kilobytes.
C:\Program Files (x86)\Universal Extractor\bin\arc.exe	Type : PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows MD5 : 1a3489b4481d613bed4ae072057acc59 SHA-1 : 6f038d84b851c01e884fc67ebde47f632c13f8dd SHA-256 : ecf49c286df75dd40dfcd0c1b11a8fdf0b7d7ddf308c51e60d737105dee30e1e SHA-512 : c04355920dc666c2f9523e5c387549418ba9aedd3b74ec9151fc6963b7c46229fa1aac4131948d013ff33cc2e9aace80cbf80bc558a1825a4c7d31205d189e0a Size : 663.552 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\servertool.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : d121304d7deb58f42506db6b45a0a094 SHA-1 : 025e6dd0d0cc2b838e39bc0f6a5f6bbb0b856a77 SHA-256 : 4eb1afab9020c9ab4ba7cea74c243f5d69544b47fa7e8a1ded6ab7b279b09773 SHA-512 : dd814673e64b6a19c02b9176933c37da84a513e2b808a32e083f39663d5030bc1cda766e6f31585465c79843ca6608ad33a5b393d2ed320068a19e3729d1b407 Size : 590.848 Kilobytes.
C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : c9bf141e10770d41b52e1ad949ba1bb0 SHA-1 : b9078606738041fef91d097e32a57964d1c56b8a SHA-256 : cf60fa2c7676942ff9c9174db087541cbcdf03edb7f2bb424d803a04fd2ebb48 SHA-512 : 290c257eb4c7bbcf3750cea063c5dfab1e1735298ce2469514e35f1688cebbec3ca086bb64254a3e94157db83b827de9ba0869a63b945094e2ea2a558b6bab14 Size : 2264.576 Kilobytes.
C:\Windows\sysnative\alg.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 11c0cef93baa342fd3b5bc5a99df1a72 SHA-1 : 547a6307c715dea041670b953a3eeee677736f83 SHA-256 : b781907eaeb461fc3a5c99e1c61ace038960f37aab5a50cf2f806da4924a241f SHA-512 : 41805da702bae2fa83853c4fd87d76aeb0eaa0ec23a40c5e0c201144ae608be326780c85bf0d5bbd0c4996e569d8c78ae6591877b5254341579de6542cb20d14 Size : 1577.472 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\orbd.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 4c5babc00c1256bb3472f00baec6decd SHA-1 : 65a42cc63af76a7a668b86afff493d1c76c2211b SHA-256 : b661a7acb2e6bbfaed57f9ef3c66aedd9359ab43cb8e166539e46f062cccfdcf SHA-512 : 00ed0f162439d5c127eb2c3417e2e14d977bdcc35e503c8bf95b7d9ef99414a3a31723b3323fddb02b1eda56b358ca71a26a2b8cdf6f861348812e95e08002cc Size : 591.36 Kilobytes.
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\48.0.2564.103\48.0.2564.103_chrome_installer.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 4fb02e4ad49287c1dbde25e3ae42d368 SHA-1 : 8499a8053c500ee8e5c8122be9dc89851a81ecf5 SHA-256 : 592646e8eb449e7dc108595d0532cea3248b8f523dd21c3d962bfb8db86115c6 SHA-512 : 191c9454ebdc601631897626bfd3d0e4bf9ec92c7bd35f5105a940a3d4ebaceec17302738add80a47336fcb8fd0653a481dff84781931ea8559ef24a9434f887 Size : 44903.936 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\updater.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 33c3c5a984621cb507373288d3f7edfe SHA-1 : 177ac30f5a14c739af70aaa57114a2cc1b00c462 SHA-256 : c58537b19d2d0eecdd88814f0ab0b3d1f23d5ab042b2dcf1c8ccb9e598d703c1 SHA-512 : 6d6e16a94ed9861c76bc2e1f5cbf6b50c6ea832461087d10f63f135baefd13fbd7e8fcdfb3b75ed8f56e3fd98f6f7e5ee9040dd3967eff4929b90065b9060c07 Size : 870.912 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2launcher.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 45e6cd5d5335b1b7ced90613da240731 SHA-1 : e77f286a0cef349730926e38fccdc9a7ec1cfbab SHA-256 : c3eacad1e8e3f731bf3c48ba157b62088131ec8deb0c7e67ae429dacbb8e0bc5 SHA-512 : a57714d45883b7942fa3b7aec0e55dc3670ba2684c02ed41e2894dba7413e5c8f04143a103ad661e317b296b6827a5fdcd2e3b02dfcaf3d7d93065ecbe39f878 Size : 652.8 Kilobytes.
C:\Program Files\Sandboxie\SandboxieRpcSs.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : c7cbeb88ae3557a2ad1ee4141eab4880 SHA-1 : 1487165aca6fd41afd3ade7a2ab8007d05edfae3 SHA-256 : cb177d3d520464d245ef2e221c4245ca4392741bca6f1e3f96d028efb57099cd SHA-512 : f59170717fe6f18a8c3eeebafb204c6d4fc523d79ad3c65508e4656df92b77d256ae4f2568159e7a264d4778beb5f457e82773f11b4e3693861afdcffcfad58a Size : 1527.808 Kilobytes.
C:\mctrlc\bin\loader.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : bbffca6b9c7650f26c161993f96f9e7f SHA-1 : 8574d8252c3224918325538e032983baf00ab8fd SHA-256 : de8c9983a52b01fd600f8909d83aaa8a59be38452be03961a154f38bfa29f14d SHA-512 : ab5077c7d716a8f72d9ee536770b9b0ccb5ba2418939cfd7b8c39c87503a49714f389a1e563d37b528268b67b9704de3730936d79a52343196c5e01dc3f537d9 Size : 1577.984 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 2278f0a081f6efe8437217e9d6b7e7c6 SHA-1 : eeff2645651e2221efdd4e5833e9bddbe05442cc SHA-256 : b64df4f1292f475c6068adfb47ba111578214c60e8c6e6a7725e345dd6e52e56 SHA-512 : 793f18f858e4cde53efaddb03019af6a23b5acee9534c13fac3b604fc5de6fce5d4fa092b5fc3a5ff73ad541497f3585c259a51ee6e87b0b64a04f65c0e0faa0 Size : 1726.976 Kilobytes.
C:\Program Files (x86)\Universal Extractor\bin\AspackDie.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 2e7e9cf73f5972924b0e1c3fe92be327 SHA-1 : 1c4913f00362c4cbe0b2256a87600c5e622a01c8 SHA-256 : 8dc961dcd890589f1637413e7400a392923fdc79abf9482d77265d9f51727013 SHA-512 : 8001d5440d55c63db2a3c1b7eabbd84686a1c786af2f28ad123f130e4c658b391fa0eea7a10b568698b50015cca8981c3cd16e308c9a9c9824c84a48abdab678 Size : 592.384 Kilobytes.
C:\Program Files (x86)\Universal Extractor\bin\7z.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 5b4c1ce78261e258829d0cb3563d859b SHA-1 : 44c11ddab1f7b98e973d3b22c2a8c60d80f40ead SHA-256 : f13270844918a3d6e425ca01f467eb4c9456be6025819a854c86e0af64a13272 SHA-512 : 8d007427c8ae1db7c28d93aec5dba96f00a7a636171ff4d36c3f626d2c08d4549d7c62c4f91806060bad61278f7e65ac3adbc1fcba4e97fee6acc5a58392a6ff Size : 742.4 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 63670f8b45a270a5c3a160dceaab5b36 SHA-1 : 16d94d2ee4ea8460bc302ffa1f8ae6c34c86d62a SHA-256 : 59e855c73463ea1cf3816cc8c0a653078d1a906ddf97f43a19380e24fb92d5c6 SHA-512 : b373d8aecc49d95f6599df5d4f269dec5b6f8b3203fd98c051e91275a7cd93fc44e9ed509d3bd5a3dfd6328716e42f566b665715533ee2a69f5c3817e6b2421e Size : 1522.688 Kilobytes.
C:\Program Files\Sandboxie\SbieCtrl.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : b3c29d3355ffa96eff15d384edcc00c0 SHA-1 : d63782de342d44f427645a2205cb51257d3fc765 SHA-256 : def8826d7a8638626af9b87bc7a6813f9f95cba3c71f08970132930a6b7ace42 SHA-512 : 804f0f71c8b4a1fc5216d457b4cd7bd569beaffbd3d35238304dc77112b8e77dd00450adfe27a6320d68d36cbb47879ad1644a084275393d02a85e8dcda8a252 Size : 1359.36 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\jabswitch.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : b1d748f831b0796b16d7414bd7334f72 SHA-1 : 066fa23e103e11d62353dcb9b115a231bb0dd534 SHA-256 : 3feca0d48587bf5f04b2b602c85ba55a7e0883a2c19575b8aa31ce4455da8a21 SHA-512 : c5ba6da23cffe8bf8cf68dc0cb560f1da607f518c2cd1063c24ea0c88c8a4e056325b9e09201a3e7db3efd7b090a3041d41182959d22a97d183ad76e42c8f820 Size : 1526.272 Kilobytes.
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : c442e1accd171dad199ec07b9388bac7 SHA-1 : ec7d4514704600dbf21f43d363b534b8abc43787 SHA-256 : 2396963acaf2adce62ec46a691f5e037043ba96f3f28cc9c3374d8085f3fe861 SHA-512 : ad6dc2b209fe3cf4863c04d7a5be85ee787c33b93b89423d07de36a3049e5135de056baec735eb454062b4659ab183fa98013978eca2083d694ed1967f053984 Size : 1933.824 Kilobytes.
C:\Windows\ehome\ehrecvr.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : 05fbe959c3b267c451158d58e2ed7a5c SHA-1 : 956072ba04d856f4d7bc0024c3b19acd56bd6d3e SHA-256 : 174f2040f326758c88d0e1a97bf416adef3077c1e485f09e04e765257d551f4a SHA-512 : 1f22a76cfe0a94f93e9fcfe232c150656d38e07117f98aa760bf7fa95c5c12b9c0dcb9caa48b6fa217f6623f6fa18b21bdde5cb84e0e66c80bf9c4369ea0e9bd Size : 1276.416 Kilobytes.
C:\Program Files\Sandboxie\License.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : e1534883f13b7c7ff75867810aeb3aad SHA-1 : bfb752bd794390dd811624e7bed6c3e3d2aae079 SHA-256 : 45ebf58f3414f06ca0f50e2612dba749a239a3ad5757321d7ee847fb073d6f39 SHA-512 : 187745ff334c46ec2563c59f88b50465616544a51f74bf1aac391bcd67ee1a37861ae3354c0b498553e96a610228a51a8cb80f5d86a94fc843164020fced3d06 Size : 1618.944 Kilobytes.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 454850c63b96442ce1c7d2a1fe88bfdb SHA-1 : f33bc5bee8aff48de74e8126068aac20d86a5bd4 SHA-256 : e4d203e694ab3c65d31155a505fc53b8f3a552c7d190b21591e1f0f570dcec57 SHA-512 : 6d529131224f03a48d13ac2bbc06a6a7f5937391b8fc31b83f00d799264c975de68d832ef5c5c7ea06833931bee2a8121130686c536229dae1a236fce66e7300 Size : 1593.344 Kilobytes.
C:\Program Files\Sandboxie\SbieIni.exe	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : e9df867b20abc1ff84e643b63ad5a9d4 SHA-1 : 10d33e6fb914bee6c62b51bf62238bc0a246f805 SHA-256 : a3f7c818a684546063ae0554b9700608a2c9d9ddd55b2f4a638696a59806ad86 SHA-512 : 7746dda0a14096dd180d90caf8d1d50805f88cf66931ac6408381a7318622e33e87f5f6d2d8333923f4d1d5b4f7fb7980d4080b438033226007a2db0fed4fa6a Size : 1512.448 Kilobytes.
C:\Windows\SysWOW64\perfhost.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 9e50a0e40330dd5724bb99ade9cd7630 SHA-1 : 5c05bdd81c9f3172b399644d953a7fdd29f8968d SHA-256 : e6017009f1b0a036a2dda578ecfe8931d4a84e43a6ba5f1fda5bfd6ecbfcd27b SHA-512 : 6dff712da1c0cbf1bd5bfcd7f0fa433a72faab5da3c3b8726735afb517f42b455e67ca5c25b6bddf483dc00400c48764029af9f53500172cc550f0810b8e8609 Size : 1519.104 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : ed342b6ac7acae83f085b5e5ee6c2c3b SHA-1 : 289ad2bb03fc0f0e31da92f387be81e1826c0053 SHA-256 : 40fef61581c387c3ca990f306e757dcbb9b5f6103c3dceba261f7c4bd6429cc6 SHA-512 : 2abea57e9ccde4a44a3d942b60805a9ad3d707a0ff9d94402950a341a512d8d89e4fd73b94a283c97780ef30b8286f93b9ab6100c083e68faa39d2f2dffeecc0 Size : 1507.328 Kilobytes.
C:\Windows\Temp\fwtsqmfile00.sqm	Type : data MD5 : e4be0e1e2c0956c15660d1b27f6f4471 SHA-1 : aecabd73c82aba28d500f523dc00ffb0e835d345 SHA-256 : 99c0b012fec3c0539e3d8b6f6eec88f0c854aae8c458bbbcfea2007624c1422c SHA-512 : 2dc48666578d5a4b44de06dacda469d8693271545f75aed8f7286341ba5f32b3578a4abc01c809108d7808a89d84849dda058e033340d6b7920accb16fac8d3e Size : 0.14 Kilobytes.
C:\bevevnhfi\bin\yFFKvqC.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : ff05163b4fd87686779f04e38d0190e8 SHA-1 : 2828a64752cba0ec7e65a32f01dcaa85027ba61e SHA-256 : c8976c5f18318c2a28b8fa02a53dbca2957f8a4814507841190b300231bcfcd1 SHA-512 : 4f5192e635d983cf8061ed92569068cb64c73e26584774d64878be8c90a132cb1b7083d5262fce75c96d159663598cb7e906f1c27488ee7895994990d4a79925 Size : 1577.984 Kilobytes.
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateSetup.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 354b9c4db9daa10dddfd5e4d18e6d446 SHA-1 : 13c5913d7e10c0612b82b2f551456fdf411d1bc2 SHA-256 : 71d715bd8f0724dc2e24bd255ba0f2190e4ddf5f8dad6825807eb56c1b2fa92e SHA-512 : 6111a37b645364b3c112495626e8e80cc6caceb7cd50bf892f74b7d0446b5cb1b711d68eb23b9943a58dda208543e68384b912686f78294bfa66df250fa756bc Size : 1546.752 Kilobytes.
C:\Program Files (x86)\Universal Extractor\bin\bin2iso.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 9cec014174332aa34dcf2d51a96e5f4d SHA-1 : 28437d556ac076424cf9e95818740a97276703d9 SHA-256 : 464e6841dd5276cfbfbf3cd654386ea3ae53162eb2a7e849bffb67dc7ad9dc6f SHA-512 : 57de8c6ad7f4231c1f30a24ee43343372d6fee3618ac5adef84969f2c1813f781eb8a983764a01cc6c66f18b1804b989c1a1728a4f89fb2dbadce8e8ce898782 Size : 638.976 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\12.0\Debugger\target\x86\dxcap.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 4360573398d41028cb17fae552bd3066 SHA-1 : 669d09ffbb3c18c27da557c74cf2d65af490c3c2 SHA-256 : a430fbd32bf2c4068587660684ea62ffe7523c6010b0bf776a80b59811d2488a SHA-512 : b172edd861cf3fe57dba10a2091602905a8f13f42df071ea88d607e0903ed595ec8ea8a88be2254cc6bfd7784c6b9375171d69fa40be3934f04bd9bd8d68f221 Size : 1167.872 Kilobytes.
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 266048c0ab3eb763fdb8095c379a566a SHA-1 : cff4c10aca30ec32c9b98b13e240cdb49f16a1fb SHA-256 : c57654b269307099f22146da2eb81081121308968ce15a5bfb4492e6da68240b SHA-512 : 54452945e010ded773d2d13407f3b9cbc4fa670199e1587683bf9967baf67d7ddcaeeaab0adc788e5c5faf4c3a40236a237ee1286b8b48ed81f7b5e22b445043 Size : 1581.568 Kilobytes.
C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe	Type : PE32+ executable (GUI) x86-64, for MS Windows MD5 : f14a144c9a5af66d400e41578d0a9030 SHA-1 : bad60f0cf98b5bdfb2b40e0ec596b1ae2091610b SHA-256 : 0b560895644d1aaf5f0ea5248dcf19da162483b0cefd14e95e4c36cd0f3ff03a SHA-512 : 45a0ac6bc447713d08f87ca5ba54557df4f372fcd0fd8d752cf45e4ff761b581e60b487ec03a5d5a6e7ed3126245528f12aac1d7c759e3924e071f69b29d3a99 Size : 679.424 Kilobytes.
C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 0e7a82624ac0d146d94920e78293ec7f SHA-1 : 7567d87eab447e7779012727707c483f6f443a27 SHA-256 : 42df7a25a7df3d939e925a92bc0ddd6e5e95815f2c536fab3d3416538773ce2f SHA-512 : 4446de43ca557e8f4b9f08f8ee81155232afcc24c30a53c45f836e9587c3a2fd548f210d3e47478d646bbc2c4df5461eddfff24411bb712674c94719c7334fdb Size : 1387.008 Kilobytes.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\keytool.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 3987d59919c7be28e93e9f6048daaa8d SHA-1 : 50feb5f6e9c21926713c860d0be7f566b09854d4 SHA-256 : 893fb31f69ffff0b6f8c73adc643892a2ba897f95c2da78b4dc02c99d67da940 SHA-512 : 304e2c49366e82675d641e49088a56b585434dfcc52a38a393ee0ebf4acd879260a04daa0072774b56639761551ee7754928b7f8b0b304370d13952dd7cc4859 Size : 590.848 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	virussign.com_5c9bbe8e5b749efba278eabd96c9cbe1.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
SHA1:	3b48a7ed61ab4ca62ecd8591bfdec38c3cf0493d
MD5:	5c9bbe8e5b749efba278eabd96c9cbe1
First Seen Date:	2024-11-08 22:57:29.177953 ( 2024-11-08 22:57:29.177953 )
Number of Clients Seen:	2
Last Analysis Date:	2024-11-08 22:57:29.177953 ( 2024-11-08 22:57:29.177953 )
Human Expert Analysis Date:	2024-11-09 19:11:11.652379 ( 2024-11-09 19:11:11.652379 )
Human Expert Analysis Result:	Malware

PE Headers

Property	Value
magic literal enum	4
file type enum	7
debug artifacts	[{u'Path': u'c:\\jenkins\\workspace\\8-2-build-windows-x64-cygwin-sans-NAS\\jdk8u421\\1068\\build\\windows-x64\\jdk\\objs\\javaw_objs\\javaw.pdb\x00', u'GUID': u'{9891f28f-2fd4-4bfa-9f00-f464ea908bdf}', u'timestamp': u'2024-06-05 13:07:49'}]
number of sections	7
trid	[[87.3, u'Win64 Executable (generic)'], [6.3, u'Generic Win/DOS Executable'], [6.3, u'DOS Executable Generic']]
compilation time stamp	0x66606325 [Wed Jun 5 13:07:49 2024 UTC]
LegalCopyright	Copyright \xa9 2024
InternalName	javaw
FileVersion	8.0.4210.9
Full Version	1.8.0_421-b09
CompanyName	Oracle Corporation
ProductName	Java(TM) Platform SE 8
ProductVersion	8.0.4210.9
FileDescription	Java(TM) Platform SE binary
OriginalFilename	javaw.exe
Translation	0x0000 0x04b0
entry point	0x14000a924 (.text)
machine type	AMD64 only, not Itaniums, with 0200 - 64 bit
file size	1800192
ssdeep	12288:8WvMfP4oXJRfDtCxOvUlUMAdB8qr0zw9iXQ40AOzDr5YJjsF/5v3ZkHRik8:WYoXTBCRlatr0zAiX90z/F0jsFB3SQk
sha256	4faa1da15bd140561572811aa24fac4ef4754e9532784ea3617d822109eba687
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/3/b/4/8/3b48a7ed61ab4ca62ecd8591bfdec38c3cf0493d', u'EXE:OriginalFileName': u'javaw.exe', u'EXE:ProductName': u'Java(TM) Platform SE 8', u'EXE:InternalName': u'javaw', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:11:08 22:56:30+00:00', u'EXE:InitializedDataSize': 119296, u'File:FileModifyDate': u'2024:11:08 22:55:04+00:00', u'EXE:FileVersionNumber': u'8.0.4210.9', u'EXE:FileVersion': u'8.0.4210.9', u'File:FileSize': u'1758 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'8.0.4210.9', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'Oracle Corporation', u'File:FileName': u'3b48a7ed61ab4ca62ecd8591bfdec38c3cf0493d', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 6.0, u'EXE:FullVersion': u'1.8.0_421-b09', u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'2024:06:05 13:07:49+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2024', u'EXE:LinkerVersion': 14.36, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/3/b/4/8', u'EXE:FileDescription': u'Java(TM) Platform SE binary', u'EXE:EntryPoint': u'0xa924', u'EXE:SubsystemVersion': 6.0, u'EXE:CodeSize': 178688, u'File:FileInodeChangeDate': u'2024:11:08 22:56:09+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'8.0.4210.9'}]
mime type	application/x-dosexec
imphash	7f50f83d25f2da4d5784abfb6c7708d0

File Paths

File Path on Client	Seen Count
virussign.com_5c9bbe8e5b749efba278eabd96c9cbe1.exe	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x2b940	0x2ba00	6.53499061942	7bc197384b8ffd3497b6cda2aa2f91c1
.rdata	0x2d000	0x116d2	0x11800	5.83926815542	ab680b6211e8428cfe79a7671f5e6cd6
.data	0x3f000	0x2240	0xe00	1.92623397407	22bca0ee661ba38ad7a2d6159f912fcd
.pdata	0x42000	0x1f98	0x2000	5.42459397031	e7b7534033d25407995ab31351ee34e5
_RDATA	0x44000	0x15c	0x200	2.76413452983	35309e5a16b10dda5f9aa5d8b874b036
.rsrc	0x45000	0x81c4	0x8200	6.01596187032	729cdc8d096a9283cdde642b6b9d855e
.reloc	0x4e000	0x170000	0x16f000	3.98415743826	d14457ad155ce48ded4a3b522f8b5a16

PE Imports

ADVAPI32.dll
- RegEnumKeyA
- RegOpenKeyExA
- RegQueryValueExA
- RegCloseKey
USER32.dll
- CharNextExA
- MessageBoxA
COMCTL32.dll
- InitCommonControlsEx
KERNEL32.dll
- GetTimeZoneInformation
- HeapSize
- GetFileSizeEx
- GetCommandLineA
- CloseHandle
- GetLastError
- QueryPerformanceCounter
- QueryPerformanceFrequency
- WaitForSingleObject
- GetExitCodeProcess
- GetExitCodeThread
- CreateProcessA
- FreeLibrary
- GetModuleFileNameA
- GetModuleHandleA
- GetProcAddress
- LoadLibraryA
- LocalFree
- FormatMessageA
- FindClose
- FindFirstFileA
- FindNextFileA
- RtlCaptureContext
- RtlLookupFunctionEntry
- RtlVirtualUnwind
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- GetCurrentProcess
- TerminateProcess
- IsProcessorFeaturePresent
- GetCurrentProcessId
- GetCurrentThreadId
- GetSystemTimeAsFileTime
- InitializeSListHead
- IsDebuggerPresent
- GetStartupInfoW
- GetModuleHandleW
- SetEndOfFile
- RtlUnwindEx
- SetLastError
- EnterCriticalSection
- LeaveCriticalSection
- DeleteCriticalSection
- InitializeCriticalSectionAndSpinCount
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- LoadLibraryExW
- EncodePointer
- RaiseException
- RtlPcToFileHeader
- GetCommandLineW
- ExitProcess
- GetModuleHandleExW
- SetFilePointerEx
- CreateThread
- ExitThread
- FreeLibraryAndExitThread
- CreateFileW
- GetDriveTypeW
- GetFileInformationByHandle
- GetFileType
- PeekNamedPipe
- SystemTimeToTzSpecificLocalTime
- FileTimeToSystemTime
- GetStdHandle
- WriteFile
- GetModuleFileNameW
- ReadFile
- GetConsoleMode
- ReadConsoleW
- HeapAlloc
- HeapFree
- FlsAlloc
- FlsGetValue
- FlsSetValue
- FlsFree
- CompareStringW
- LCMapStringW
- MultiByteToWideChar
- WideCharToMultiByte
- IsValidCodePage
- GetACP
- GetOEMCP
- GetCPInfo
- GetEnvironmentStringsW
- FreeEnvironmentStringsW
- SetEnvironmentVariableW
- SetStdHandle
- GetConsoleOutputCP
- HeapReAlloc
- GetFileAttributesExW
- FlushFileBuffers
- GetCurrentDirectoryW
- GetFullPathNameW
- FindFirstFileExW
- FindNextFileW
- GetStringTypeW
- GetProcessHeap
- WriteConsoleW

PE Resources

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 283456, u'sha256': u'afb87caf3186370a597d066b19f0f74e4acfaf0a8e5e5f569e2da75def3ffc43', u'type': u'data', u'size': 1640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 285096, u'sha256': u'1ff1edfe7779b95b24553fe1eeac40f72ce79a0bb2cbc8b711b7bf8265d5ee47', u'type': u'data', u'size': 744}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 285840, u'sha256': u'f26171f3baeb9ccf71e80b12f92838a487f434119d12190cc1c8c4efbf0906f0', u'type': u'data', u'size': 488}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 286328, u'sha256': u'46ae400026b2c61a308e02b36c84e994328786a23a51059a72fc0ee038ebac3e', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 286624, u'sha256': u'467e07c1e3bcf890c4a61c9e1a675aab9dff875fc3b95648fe0cb6b5c76c0c11', u'type': u'data', u'size': 3752}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 290376, u'sha256': u'37922e311d3ba1cc04eda58d19f0fb513ba48b50841791aa0e2b4f4241591e06', u'type': u'data', u'size': 2216}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 292592, u'sha256': u'fceb63fb5ea6edbe9a8f50e449e5041a9c8622c7b4a0a0d2bd332fa4298138ef', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 1736}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 294328, u'sha256': u'18830062c5276e87697169f9f359efb15aeb41e8a0ecc79a3c320845f64ca21f', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 295712, u'sha256': u'752046db2d5ba9b48214cfdc907886277a63ca3638eb1d38a00f207878da0a7d', u'type': u'data', u'size': 9640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 305352, u'sha256': u'f39679918b57ed83da31c7cb81d5ace2b1409700628cb3ece4224c3f143c29fb', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 309616, u'sha256': u'b72e0c24aaa3ead9220fd1b21e60c2adfe048c83c7bce3e98cb2207615777c30', u'type': u'data', u'size': 2440}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 312056, u'sha256': u'4e7aa9843e2f6b206a9b0fbc7e0edcd910b2cbdb0d103644c8fce426bb90415f', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 313184, u'sha256': u'd2d8ccd68849e94ea6b84f6835d0fe98ffa5c11e74a1138529e3c0b8d8edfe60', u'type': u'MS Windows icon resource - 12 icons, 48x48, 16 colors', u'size': 174}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 313360, u'sha256': u'58b8f3b4285c0e262d58304841df69aae64412981b72d81e3d364a8141176655', u'type': u'data', u'size': 820}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 314180, u'sha256': u'4a3462d35e635faf3b7763ba7ff3e6fd25c32579748f9bdc31c786ff30d3ed14', u'type': u'exported SGML document, ASCII text', u'size': 1661}

CERTIFICATE VALIDATION

Loading...