Malware Analysis Report

2025-01-02 12:15

Sample ID 240417-cep8eaaf94
Target Infected - Copy.exe
SHA256 a2f0e4af244f31133cf9a0d50e643e5989792a5b77af1284b94f91f68d318ea7
Tags
rat default asyncrat ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a2f0e4af244f31133cf9a0d50e643e5989792a5b77af1284b94f91f68d318ea7

Threat Level: Known bad

The file Infected - Copy.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat ransomware

Async RAT payload

Asyncrat family

AsyncRat

Renames multiple (1276) files with added filename extension

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-17 01:59

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 01:59

Reported

2024-04-17 02:02

Platform

win7-20240221-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Signatures

AsyncRat

rat asyncrat

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 teen-modes.gl.at.ply.gg udp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp

Files

memory/884-0-0x0000000000F10000-0x0000000000F26000-memory.dmp

memory/884-1-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

memory/884-2-0x0000000000C80000-0x0000000000D00000-memory.dmp

memory/884-3-0x0000000076D40000-0x0000000076EE9000-memory.dmp

memory/884-21-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

memory/884-22-0x0000000000C80000-0x0000000000D00000-memory.dmp

memory/884-23-0x0000000076D40000-0x0000000076EE9000-memory.dmp

memory/884-25-0x0000000000C40000-0x0000000000C72000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarD485.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/884-46-0x0000000000C80000-0x0000000000D00000-memory.dmp

memory/884-47-0x0000000000C80000-0x0000000000D00000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 01:59

Reported

2024-04-17 02:02

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Signatures

AsyncRat

rat asyncrat

Renames multiple (1276) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014 C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\meta-index C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\rt.jar C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/4920-0-0x00000000001E0000-0x00000000001F6000-memory.dmp

memory/4920-1-0x00007FFE61CB0000-0x00007FFE62771000-memory.dmp

memory/4920-2-0x000000001AEC0000-0x000000001AED0000-memory.dmp

memory/4920-3-0x000000001CCC0000-0x000000001CD36000-memory.dmp

memory/4920-4-0x000000001AE10000-0x000000001AE44000-memory.dmp

memory/4920-5-0x000000001AE60000-0x000000001AE7E000-memory.dmp

memory/4920-6-0x00007FFE61CB0000-0x00007FFE62771000-memory.dmp

memory/4920-7-0x000000001AEC0000-0x000000001AED0000-memory.dmp

memory/4920-8-0x000000001E1F0000-0x000000001E5F8000-memory.dmp

memory/4920-241-0x0000000036600000-0x0000000036ACC000-memory.dmp

memory/4920-428-0x000000001A540000-0x000000001A572000-memory.dmp

memory/4920-453-0x000000001AEC0000-0x000000001AED0000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 e201584f64a50036af10301c78012b39
SHA1 83b23fde6156974666f7f7845be987a16a5facb9
SHA256 3f33e2e41c107915e73fdf440d93e4e6712370621511daffcdcf0df9d42c9c43
SHA512 8cc91f2b136f3b18c91867c5e9453f46028db8626db58320605e16b3d678241e3f03d00c3e3c95548dc2611942ede5ffee271637bc0d449c6f7fab8cffadb108

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 4003d895331aab3677e27cbe8b7e2397
SHA1 4edab3055dffcfe227aea97fb51c732aa28d209a
SHA256 c70b10e950fd6c298745cac4851dfa7eeb53b911adae0b9092ecf6fb5953d598
SHA512 ee9b680825ce8ee4b1ef2df8e2ab1510e352257054d8074cf9df2ebb1523122a9a8dccb202fe00cc046f85383d1909f4eb7d337ba6c107ab64bb2db261ec6172

C:\Program Files\Java\jre-1.8\LICENSE

MD5 bae53f5a44d3d03da95abc1d9867bd27
SHA1 0f1ada8bcc1a65032239385ee8e7ba456abe1bb0
SHA256 b5776dfd6ca6b50158c6860551a77a275cc041530beb0520958181f2b1fbdcc1
SHA512 d26acb9509bba38b356def2ca9df9b3fb70fadc5ef6874e9c83ea65e4632e4249f085496c6c30ac9441e60ec141a6282eaf2f6ebeebfb3df8fe9401298cc9a52

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 c90f0c0813d43b25283f10423d85753e
SHA1 ef4185d3cf4936a6836be6ce7003aaf4c7714514
SHA256 d434ea16aa8cf4ff55c6c7808529f1d66d0c00dfa9e6ad66b8a1c0df40330fa6
SHA512 be3804b84e62a159cbf7a515b55ab98b398d62c3aa44d4983cb449eb26e3f645390d30affbe830b1cbb1f813d3efc7b2a50b37e1708b626e8291438544fa6a63

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 94fca0c3d4b99715cdf996b7ff723e9a
SHA1 75e426f7353a5ea8922270074d98d13469abe9a2
SHA256 43540c5c7c98ccc8c0837257cccde006a3b7cb133a008c2c6c4be3467395cb6d
SHA512 028c1d098c3879ecf6d649cfb4fc943010f6a9a971c62d2c29c5e927bdf1948f512f90e5ee76208c34f1c629d4079ef2cb97d79d39afff228469c535a58d1e7f

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 ecd76223d332cb21f05b633bb4699eb1
SHA1 148a8ac97fde1f25484bffd387b3a6f3aa713194
SHA256 c214d9adc6d7c823adb28856201577169b532ea9d7ab2f7b06706fc8129eb19b
SHA512 682e239cb676a3e9a70fb7f37f37bf6be74060b87e597c3ccc39525eff1f8a41b2bf480880f3e16fcee74ccea352cc9a7323486887bdbb1a455c6879f26f627e

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 903ff0d976f91c10207162e0581262cf
SHA1 9cfe5985d5b8e6c28b314025cd645f9560407123
SHA256 4bbdb38b1eb1db690125beab646511049fe6275fcec623fbb055b4fe29f75c1a
SHA512 6ee913da508c266af24734c7be142aadcc92d94c603692385109f25588966ec42173bb6123b42be4cf88910284c43f3e61233dd52e6e70696a0457f3d89b0a6d

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 bf524623ca785b2044a672b43eb184ec
SHA1 c5b1f79390107d50ff032ec3c5050f5ddd481d00
SHA256 70d127523493f0f25d8b0ed156e6e6370f252e40bf8ff70ed502f07e388e84b4
SHA512 1c1c45e08f376d8bbd9612a2332d9919d1ee68e01a35a0532b792d73fb262f7b1f32e7c8ce26a636b4204985e14cac7e1cdf723108073f253fb76e271c6857ad

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 be6058c96dcf82c97cd4854af1d346db
SHA1 fb34c6253a8e5788dc47d73700b3e13bc98f9a7e
SHA256 7927cf377467d7edb9a6704cf2805eb1acfc32b5ee3e9b84e9856b598a1cc918
SHA512 085d9b98fab30e033d19a7d5d877b4a71da46c591a8ed9ff26b730699fc2727262e5d3bbf8fa147ba6b668f15dc9e7d2d644bc97ddaab29edb130c968449bc36

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 1a3770b8387c761971e1202ea6ef92e3
SHA1 9f9a9e99606ecdae577b3105c7cfd1b699113d9b
SHA256 1385198154c332af2edc5d31d031c9329be8547ab442b2d92cc8dcb4889a5394
SHA512 13c3154fba6ca882c7b1627c6d0237a35b709d7eb942a95f94c3e2f166a93cdbda45bd06f6a329711501a88b405ae617ec4734defec7ad7f604436ddffc39c43

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 909186d16a727370d2963bd5282569b5
SHA1 94e172add52d974fc539d0485b1eefa8f98b0efb
SHA256 ce5abde5ad96a7f1e527d54b567b81a9181ce3db7d8e8497ff8730fb5f38a877
SHA512 726d501f236fd8d1509755dc5b925952f7dcf496c7248e093003e617d289a5642fbdb82647d9e10ccdd811202880b08d99daf87743a7651d8e715f988df3b66f

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 6afba395981748af5d99bad96214251d
SHA1 d2dc58dae787edddab7e8b83a592e9da502d14b1
SHA256 71fa36cb2f853d8bb05f68d59dee9ff8b359f6ff5a79ae5b3914fb01609e5cbc
SHA512 1119dda7b1b4e824a42679b4b7a5c35c2df5a046523e0c81b6f52d7631885fff71b788836aea05242731d6ce0d729deb0166d676ceda21b8b1fb1d71631a1216

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 14334caf7de7de3c2b7a6290700a4efe
SHA1 b9192c60f41866103b7641b8a42e04c23850246a
SHA256 cef3b4830e75dc7d64f7990f68a902819489daee5125e69e6bdc416ca20b9305
SHA512 b57c55dd67c47ae568943366b8c81d9175de3c4c83aa28993ac3459e0cd7f1402f7fccc1cbdcfe63f55569fe0d58a144beb4ab57dc32ceedd02bce2026caf274

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 28f94465d4075b636c537f5ce96d7ab7
SHA1 42e51ab80aae844cf103a92c2211ace110352933
SHA256 bfb299be65af1fcebe0db2a96b3b5d50162e604855ea0299f9033c190eab990c
SHA512 176249c51a43abb1a2dbc804552fb0dda2767d08d46dd78d851c724c640f62815568303b45d588b6fdc39db174dea0169374443ef8ac57946d7a72f3a4740e0d

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 c974e81905ab164fe071a9400bda68be
SHA1 7f21882acc36c71e07dcd0f038b2ecc20071c96f
SHA256 42102d79ca8861d7e3425d673b8fcf61bb56086380cbaadca9b9e2650672af27
SHA512 02281b90abe760359a0bdf12402ebaf0ce364b509d07c3b6cc0dabf00ad1cd303f54648524faf16dc454533a8b59256d1c61bc5451da422e692aa3b818f01fce

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 6039f86f40c1c7852e5d108c58a93bd4
SHA1 95a653daaaa4a2a57cffa3875e9da9f0ff7dc7db
SHA256 a56ae5369f257148cd0ef25c5145c3873721000ae53efe80c013ccfed311b08e
SHA512 2e14e90b453ac73e0364b7d94973e9d43d5e2234e51fbb7f3cb3c28603af7b5ab9a03902fc58c21f01b54f59d47f0cc05cedca44be34695a229e2cb169325153

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 28bb78c46c4a65ebed1dee6675a7f923
SHA1 5e4144e8575269758bbe559734f9bb426212b5f2
SHA256 949eeb3fa0663ad40665f94c839e15f2d7f5fbd432a3f6ee721fa49b86cc7378
SHA512 7f316c5090af14a88d96d703e584621d19bb36718c599e032e198478b49909c3984707fcb01f6728272b398d8ef0bc518b48c59114d78dd457b2d74e3b25354a

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 d5b63a0c47f7c03ca5cef13288af67ff
SHA1 2c26fa98e86679f284ef85c33a24cd20e6bfbfbe
SHA256 1439344f4c8add79e24bf7d220b8869c023d1e426e1b3cebd9cd6aa84074934d
SHA512 1e3a745eae7f15bb56d5f825deb1784b372856afbf09ba5e4c731e1f1443f6af525128596303e510b1dc0d83db3be2588fe82ef167f7720e1a7027d5d057ae37

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 359e8c8dcfbb7b030a393be11f434d0b
SHA1 25e8656ca467caca79229ceb35417e9d0dcbe8bd
SHA256 bd32774b3d7acf4d835b5fcfe5c3b6a75daf0acb8f211c46d62454666ddd821c
SHA512 96d4ebf4d2eeaacdcf7ff08461531b465814b70521f7ebd2be57d1c4e5980971922b3146a1f88fa506a0d19f6ef0b391a3dc02b977a3d31fdd789614ba9d8ff4

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 90de8a6fe96dceab140c08232163c868
SHA1 a851542f4c0f3561de651eb758aedae8748b33a3
SHA256 383c05b498ae5a919cffb9b4a65454ccd07f4fd37a7054c5d86c94119d867fc1
SHA512 72cc83a070a6561429289a04bac54fb1104f61c31aa07d0c68ed011f0a70b3a9f9f1f15afcac64e60e81c129c4949d31af54d4a062c5d292248cd7a4e64e9290

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 d43888db2c9967b0dd4b9e8e32a130ad
SHA1 b2deef0251eeb96937e6e1655b70f9593bbd2ff1
SHA256 d2af52dabe42d0a49e3d04aadb5dbc597a65e29bd2f5272d2cee80beaa24ca33
SHA512 20c20bbe97206bcd627ca78c7c7e1127c89655a8c54019c0b6821968510d9d040050646efab38686ee5ee7554f755df91554477c8537de60ed91d3b76819525a

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 ad73c2d03016593623c92e5eced04038
SHA1 acfad64b4f9da1b1c5f6a0a59f00a508c6e5a12c
SHA256 076107d8edbe0224b75af1ad011316d8e6e8c563f5bc473a701d77e77977a91a
SHA512 ca54fa6ba7d5a933de9ac8efc5a2bd0083f0c59a53594d49be9565f46e321e5eebdc5b8ba7e1c702f989ddf76127338b7c9e69d03398b294efbb3dcd5328a954

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 3d9a5aadbad6e8539595d1770dbca412
SHA1 2e7277fbf2cb2c251a5ac917791904a2ffecf677
SHA256 9112d9c8fa33dcf06d58c836d30bd4c97d01ecf1fb3f2d2050af53ec1ebc8e9f
SHA512 a5d56755d3a5cf88b2967dcc43ea29dad32a9f927e221b004bc4e1885fd95b7a2dd0f34e7001c9cf6b3981582987a3cdc6a4f52b1d47fb4ff0e10538f30ec59a

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 fd52d0d93a9c8186ea21e7c17f1c661e
SHA1 0bd3ce24239a8ca6d72b4440312be01043dca582
SHA256 ebcd19d401ce52e24f69de17cc01ae3c969792e82fadece8642aa285b31a3b47
SHA512 8dfaa20a258a6b318f466ade78af09a8c99eb16a6be850fb05f43eaad931a5b7ee2b785d42c782de28965494ed4d2f30e6c8fbc1b0912ff86b8103a8331434a1

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 98a6a844962d47782134dd09449b4d61
SHA1 67da1e04c591b3818435eae9aa591298a91f8096
SHA256 73989706419e1b021612defac06472902d0197170ee4a79be915243ae4f66836
SHA512 103de76a15004c41b6b95cb627c6fd41fd6317cd47acd816cba86388bad17c1cdb981f76482b7854b74a27a0c5dcdf2f18e7f6d4226ef73da7e5999646ec1a4f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 9c2a139cd1fcceff29c532e5ed3a1ffb
SHA1 7a12d6c149045d95c1dda5e631ed59aeb888635a
SHA256 2ae0396ff0de92e11007e2534a42d827d053b632800c2f9617d7329ce391cf28
SHA512 37daaa7e5dba454ab23999ec5f0c4bf4aee7dd84cd480228f2ab6d43c9bc21b27f9ca0f0731aef134d33a14387607114fd8ce5d2d23b8f2b6fbb1433bbacf98b

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8eee596a6f5a24180d7031affb7ae7a5
SHA1 b9fb92765067756a8839e008e3aae443f407a237
SHA256 28b043113c52c4ba22841e6fa9dd6db8e1b4bb524968a3a24fd1f13358992b09
SHA512 5310d9d93709c6a990bd46a52da8ccd948a04fbbabc039ff1e04875aa685ca6262cd459ee56d61ee8dfd4edf396706adebc7fca83efad3406c3c955cfbd29382

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 2f5403b49002d3e425ff0529b7b000ef
SHA1 4d2a367c001a48ba3456d6b05c843ace0086cabd
SHA256 350b61d92a7baacf266f25aa8e73fccc2c5bcd4d9e1f64b6efce1703b5b13fed
SHA512 b2d482edd46448f3bc4f2cece45c838168545f0a161ed2cd6933e342d404c9e66ec4a82f07b4b863a0aaf35a9bb5cee3e69926f1f5d64218d70f6a3ac83e948a

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 223bb9983bc9fa75aae04a38e34694e5
SHA1 bfde20d837d6322dc758f2acaebb649d93cfd984
SHA256 82131ed9af977183e4a4bf1f96f9e6bd37ec880b0f512feb315dc3998e868a1c
SHA512 cfa4683c61940fc67af528abd44d3a31eda1ee3d282b462cccfcfc51732d0b9260a69708967429ee2546e75106a478b137fa55e4fbd0a92c223c8bdf47776b5d

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 45b3476433b3c2d4f669983e352ad1cc
SHA1 67636ed53a3d644c44d19a0e410b961590eb2970
SHA256 b96fd5edf483a258d77ec38ac3ae9a7432abe7d42549179d3e47f9a9c43787e3
SHA512 55ae7405723e499b48c9ced39afe30dc7f8388d1e4c97b0db0b4eab6073237f6603a28b32ab2a346752e197fa16bd3278898ef0906a230a32ca7564416380a9d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 6ce4a9d90837a7e0fc991dab92ea8c3e
SHA1 c4e365a5129f38496bc8245efc1b56cbb6017f27
SHA256 96f2c03062693ef093e0a14e0c0a3fbe074828dacae3d215aa1b9daf210786c7
SHA512 fd4db7cadde4105675bd5fb38c1b6dd128d48c58d587b8a48185bafa95da303699ab95d8d8e68d4deda97bb37f6fd5a6dc047fb5f62e07d28db52f74d30361db

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 6edb4c303f6495667fab60a17c6ead0e
SHA1 de13385cb52a5a1c595f4955d2f1227413b33185
SHA256 038e88e008c1ad0a8f829fc5122d703f1df7a16c65d363568ab85cb365e14eaa
SHA512 8fd93bf6659fb7666251bacb8566563b62333a90b6595279b2517f65ece80fae9ff81733a33764f4358999d151d852978680245f2809580ca11e0d1a578906b6

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 496c30afa1c26b2526147db5570c0d6d
SHA1 7dd8aadfc5a48a2662889c98ece8c7a981fd67c6
SHA256 3811c0d7cbb3d3b55f700140d08fdcd0d051711fec41318cce0bd4c0145edfbe
SHA512 bf7043d5d677ba2b85aae89f59a883d172c92ec3ef1158d369f0520f97ffea10564b25b67eefedd982daa7542ac439efd2de178ea3a78665ca8dfdf7f6cefee1

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 78d26ddddf7bf4d3e866439b9aacb5fb
SHA1 304290ff0648fc6e95a79dabf59c823f4b676a8a
SHA256 45827de0dd3945f5b30b480e509f52faf4078ffb2636e8a0857bbc19401573ce
SHA512 2d33bc23a3f35ddf1f3e172ddb55e53e03de45a2985eb4edb23ff2da511e8e76f593a6a656824ca9506a000bae354c6882eef5b53f0a04f3c2d75ec5d0e33d5b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 c83af9e6d46fab4d78c807b740db43fa
SHA1 25ce20bbfab4de43665d50f6f43917c26f7f5762
SHA256 ee56434e8696599ea3996827b36be7e64d5e651b698c59b0afdfb4e6290dc3f7
SHA512 88cb75b3bb347b36aee259017f9262febec7e3503db91771eb0dfc9cf12a14a930eda3b31f6ec94224d6e878d63a1717b634d6b94a2d432a0b3edcec459652f6

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 61fefd0d86ba61e202513905ac57a2d0
SHA1 6f748a6b41315056736d46ede3a26af6d93e7625
SHA256 454c70c80fb892f531aa2280c6644f3010351799c8639e6c8f19e90ee06329b4
SHA512 708f68baa4721f6efba9847f9d186f06c4cdc076d947d8d332e2e2e43e6b00e3d604fd5a8ebd082fd01fc6b77986af103b4d0e8ceda90e2b15520189bfd82be1

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 6ca15f23964a92268e19e5f31ae6190f
SHA1 16b7cae359f5868a11b04397e4b46db95762a785
SHA256 62cc29834ccbda1373ba48e142fa5792459735491f37d6d68666b2e219f0d61c
SHA512 3e205d3ce83d8806e8b74086e6c2a8a903613442f738cc566e2fb17d0aacb9cf35998e86d54a23e4341a1d17d16afb47fc3e9fee787457e52b7e222191c3bb80

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 ee4c3cb02f52584bfb194bae544a7f34
SHA1 e47411d2261a0504af3145bff7024ef59296048e
SHA256 c5a56cc94dde7d57be8c37801268b0273fb63244340dc7ee67fb4790e42a5e62
SHA512 18c8e1c1b5ef53200bf9cdb6eac2eef2689c38af87ebaca14906d0c80457b95dfe9f18928a003bd4f55f719effa65720184180d9dc410a5ac7c133aa022781ce

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 7ff204c836c726318ac951ee0650fd06
SHA1 aa72a4a65aed87ffe9eb4c7d75467642e60a2b69
SHA256 f370b91dbdb0d1f9b93d6d5e62368b06b4d4b060fe95aa4133eba3d47950a898
SHA512 2984e53e94c9b46078335c85711fa28c1cf6586177fd7d04610f8a92705e8078827b0f7852c2851c0a2ac1887281c7ad11c8ac22053dc02f6d9639c1e51d79b5

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 2e185e49f72d13fd30072ffc4cb46e2d
SHA1 53a181bdafa8d1fd1fc484a56cc4ae6da9f1bad8
SHA256 077c1fab265c8eb97d4a4100128bd20cdabcb85b1d9c593e1d3f90631df08fff
SHA512 d0d5b5f494f486adfba6227f80a01c8a220388c090d80edc4f3c5fed3bec47318d26bfff24b553469c7500f283ee3e4b1692082c5208f6ce10777b595dd26013

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 a3b872010ee2e7b290f212c593f3d4a3
SHA1 d0f9318c8920c9db903c7ac34589ddf51f12d382
SHA256 42f58adbe5f068bd6fd5bc0f6e658917654ce59f608334c787f618b9a4e9af43
SHA512 16717b03f976f9bed67a6e7fc73f5f75308231124cd92863c98faed3a95ad1959f93e217b03f500376d58624f3aaa70b0c50e2a0f58f10b1002e367440bf5e69

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 8ae3f0dc1cafc887eac53c86da4bd48f
SHA1 a2d7d94b1ba99c3179bac053c7275637788912ee
SHA256 6931309608a09dfd23b9ed8a5c046d33819bb04fd2dbf6485b261620df9b1717
SHA512 7fbac052c85bcf0c86ccc9d16ef30bf830a8c3fd9746eba971de52e2258bdeb0f812d1d20e0cfcb00e95a60d86cc6103c0207c0ce8d0b4de9e2164828140b84a

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 eba28d156fdd9068acad5f50a8c25b72
SHA1 2dcd20c0f88d8d92d817a84388d4be18a49d37e2
SHA256 94d32ac97c593039c79dec43e056189516a2b547df497e56fc298a9def5b7e6a
SHA512 29dd390d74f1c63bc7f5bb35ea9a2c0b8aef375f8470dfe1139090245ea31c5a2b8cf67d6ac9bc77ef780ef29d2769c3964b509f6eec5a6c2e3b4e3204c1eb7c

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 bd8bf1380a4d3ae92ddf919539eef8b1
SHA1 0c0c050842e64fb8e8f77c01b68337bf38a0318e
SHA256 f99982d850eb3e76af1fd0b95480f87787323cee2888700391a92263bac52911
SHA512 dfd077268809fac7577c45f3071e1e43ab6bdf5c7d4ef146322b7ae6f7c0eb4aa63f459d7b6d39ded44676bb2639b29aaf936fefec145e7fb0be3ca7bacb1953

C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

MD5 f6987ce310af89b727f567f9fb1da7a5
SHA1 e4b1dd6a5a3c18dd901c225fe0c4f2271e5bcd1e
SHA256 f750046499dff54c6e721d4cf3f1092c27b202b3073b50d74a3a72d76cd62568
SHA512 a9f277d5b43573be610b85cfe1eeec023dd918b543d0652bb83e077b2ab41b9eeb508bf5b50ca108e3070fe1b5094fc601472b436122788b394c5a19ee581744

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 945b2861624441fc1561fe390bae4e1b
SHA1 26146c84e011c565b36742d51810256fa6fe0be0
SHA256 e805a9b0c587cf056b6c3e63eae893b5e6fb4c38ddd6a0a612f736e2d4903c4f
SHA512 aad5cef4d345a1e7de2757ef4a9b3b2aa31f8a381e880d295b4b674578e8ba48784b14692d100f00765cebf3fdf92a3b892b5b69d3e34a0a03cb6e9f1b2b0303

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 05ddcd3347cbd2e197c1be0d52228d1c
SHA1 7ef534be1db70cd671f70a9a17e495cb377ec44c
SHA256 db1ab170fdb817bb4690f11170ce1aafe805ae6bce79234acebffa6e2d839cbb
SHA512 c9bf273460facb089fb13e73a5175d195121a4212171cc7b533328dff996862bef5a2f838ea57bf29d02687d794fa66904445324dbb28acb75c4472f31629867

memory/4920-3685-0x000000001AEC0000-0x000000001AED0000-memory.dmp