Malware Analysis Report

2025-01-02 12:15

Sample ID 240417-ces93aaf97
Target Infected - Copy.exe
SHA256 a2f0e4af244f31133cf9a0d50e643e5989792a5b77af1284b94f91f68d318ea7
Tags
asyncrat default rat ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a2f0e4af244f31133cf9a0d50e643e5989792a5b77af1284b94f91f68d318ea7

Threat Level: Known bad

The file Infected - Copy.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat ransomware

Async RAT payload

Asyncrat family

AsyncRat

Renames multiple (1274) files with added filename extension

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-17 01:59

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 01:59

Reported

2024-04-17 02:02

Platform

win7-20240221-en

Max time kernel

117s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Signatures

AsyncRat

rat asyncrat

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 teen-modes.gl.at.ply.gg udp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp

Files

memory/2184-0-0x0000000000030000-0x0000000000046000-memory.dmp

memory/2184-1-0x000007FEF54F0000-0x000007FEF5EDC000-memory.dmp

memory/2184-2-0x000000001B220000-0x000000001B2A0000-memory.dmp

memory/2184-3-0x00000000771A0000-0x0000000077349000-memory.dmp

memory/2184-21-0x0000000000580000-0x00000000005B4000-memory.dmp

memory/2184-22-0x000007FEF54F0000-0x000007FEF5EDC000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarAB15.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/2184-43-0x00000000771A0000-0x0000000077349000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 01:59

Reported

2024-04-17 02:02

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Signatures

AsyncRat

rat asyncrat

Renames multiple (1274) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vreg\osmuxmui.msi.16.en-us.vreg.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\MedTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\OpenRead.php C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 teen-modes.gl.at.ply.gg udp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 147.185.221.19:23638 teen-modes.gl.at.ply.gg tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/1712-0-0x0000000000A50000-0x0000000000A66000-memory.dmp

memory/1712-1-0x00007FFA6EFF0000-0x00007FFA6FAB1000-memory.dmp

memory/1712-2-0x0000000001270000-0x0000000001280000-memory.dmp

memory/1712-3-0x00007FFA8D3D0000-0x00007FFA8D5C5000-memory.dmp

memory/1712-4-0x000000001D680000-0x000000001D6F6000-memory.dmp

memory/1712-5-0x0000000001280000-0x00000000012B4000-memory.dmp

memory/1712-6-0x0000000002C10000-0x0000000002C2E000-memory.dmp

memory/1712-7-0x00007FFA6EFF0000-0x00007FFA6FAB1000-memory.dmp

memory/1712-8-0x0000000001270000-0x0000000001280000-memory.dmp

memory/1712-9-0x00007FFA8D3D0000-0x00007FFA8D5C5000-memory.dmp

memory/1712-10-0x000000001EA30000-0x000000001EE38000-memory.dmp

memory/1712-239-0x00000000375D0000-0x0000000037A9C000-memory.dmp

memory/1712-262-0x000000001AF40000-0x000000001AF72000-memory.dmp

memory/1712-403-0x0000000001270000-0x0000000001280000-memory.dmp

memory/1712-404-0x0000000001270000-0x0000000001280000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 4e92058ec101e0dac2471e6e27d21d22
SHA1 f8563bcaefbab106481aac6e29e0a148288f14e4
SHA256 cb2da209446c1011f63f95b2e0c7efd91a056f3ca15b2e667455ad00c5923781
SHA512 5db1e636e326f92bc74b86e8b22ce806d37be3d07fadec20641623174c17db848ca93d231b58465b4b379b921d9a86d361188825d9e83f6c25f4b55f5db41be9

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 b6a210d2da749a0af8b2433d4428c04c
SHA1 cec8a3212e88bc778348eb7464cae60f4634d691
SHA256 c4a455986f992297d668f44e729d582ada5571ec4fe8e4e1fce13d2b1e6d05be
SHA512 c72b34af9fd021455ef3c1443a4db1f3702d19fc546a9b3d6ca46b3d4883154caed9ebf182360eab778e3f4c892c34555b1754e276634b7191d28c453b9f57f4

C:\Program Files\Java\jre-1.8\LICENSE

MD5 65e9c05d29bbeb2d1fc87d9e96fcadfb
SHA1 1214ddc6d654d4fbdda2c761e37b0b2202548bd3
SHA256 c820b57187e68896fd0cd59fbf3e002bfc137380c814cc0198821786db4beca7
SHA512 79065c28e8d4f66b20968bde71b160e5b0153c33a268eac62fde2d8756373f485cb1ed2cf435566900bf7842ad08bef19888dfa6d6c807ad0a39a26e2ba9f835

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 3f76d1d4efff23e66a25be39a8903d6b
SHA1 f17817cd8652ca17be6486da6b5ce389b454646b
SHA256 ee4e21f70ea55bd076f4121d8ffdd2362ae099f825d2138e7544409b7e9cf765
SHA512 7ffedff8e409f464128311a355d2d474bc6ac6587d9bdd58544bee220b16baee687a1acbae5cfe450f3a8430276194c1d47776343df1165c13f7efa4e145bc03

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 8d1609256f9e0b0e6e3bf75560970492
SHA1 6912eb0b4bc08979cb50ffb2772f0760be4a24f9
SHA256 a811605be9331ade5b8905f0be5ae54b9c93f5a5b1f35a6a3cb74727a59c2212
SHA512 1214f94314aebdddc076cd9e48bdba9c13f74c2acd728a1f2a73f8d724b3f1d413efe75a54eca158c1fad7d30cc97ca2753abae7389ef4222452fdf63cba216a

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 6989820c49bca95aff0adaa052fd7f2c
SHA1 df3760ebf2c39a77dd3d1f992bc2256f6f578a29
SHA256 13cc20f82bb6a7d7b65d53c576d2e86cb27ef8fae1fc94eef288ad46ca2ded40
SHA512 736c547d7904825ae076c238b900b50dc6905e1bc120a55fd5b295ab02e507af5a966c8ab830a66ac182360565f1e8948121cd5aa7067569cc83b22c8a1739de

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 0f4f17890809a567079487938e2a2e47
SHA1 c467dc5cb1f34a00601487abf97816fcf4b04258
SHA256 2418c584f7542a606c5b5bfd297e3b1ee861c7d56747418ecbb51fca6075503b
SHA512 34b150bae47a7e84f81b2886b78776ca4e6edf935f078cb12d50d5d5780b9ed0dc22cc4f09fba338ac67ddb1ce32e670ca021ed4f98abb9ae826695063d09223

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 2ec51e10032b5d3030df85531bfade98
SHA1 d4c8ea4f049f1d977c76b310f137978a155c1297
SHA256 3f168fb7b34c88d94004c1e8add93dba4722e974fafe9f185702c81b078857b7
SHA512 0dc488c7b9caac28355efe1c669c8b4e18bfa7d6f82f70cbbce30b76c88c202dd0455b37af79f889a8d3b03a57a823e16ab89ef211e522a2971f1e3ba7c36554

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 46aac4a31892e7d615c6ba8880385e0c
SHA1 7c99045cbc1c7aa178c4ecb317df6c74707c9273
SHA256 e4ef6277d01d1f2f3292f60ebe7ac64a34fe02ec0bc80c4675f2eb1805bcc853
SHA512 8258ca8672b7c7b56b35a5804efeb0d3fbaf3f9e22584085506a317107d66b37f0a91ca4b0395d7d9bbd1025ed86f30d54eaeafdbf6036f8a47d1f1b3cdbe879

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 31fb43787a2eab8924e1032de13de8e5
SHA1 3db6eeeaf8c8dcc9b9414771c955950669b0df1f
SHA256 954b0e5dae89e1ed08b1a7dc6da9b291a41d467da9ff7cf2f3a721843368bb5a
SHA512 c59015af02144fb2778ae35a29d4470cffb0a706612368e7450fcb378ec2070d6fa96da2922a35ca3b562a0133b1c72473d78e446997479171dfe077f0cf58b6

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 5a691363034b0920cc02a102591148fe
SHA1 c6d2f5993a67ef98a3c6a96bf1abd1b31f4884a7
SHA256 f73e9756160c9ea719f40d9307a251870bfacb484c6043be126a68cfa1b4a5e7
SHA512 9572b4758dcac18eac85ceccac0bae5a1adb3a64658a853ee0a9e1f48e3a70d4842c127c035c109153e274feee25c4014f24788aeda5c9e7d632830afe4e63bc

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 e3577d47efa76b34faf081bff3138bb1
SHA1 6db727ac2c0c58a6f863b1b8b51e8c8b1b6a8119
SHA256 b3c2605d322f8403d7b7a1d0f36b0ceaa736d10b7e63eff351a7a4c9b7716bfc
SHA512 9d02ebc7dc452a8f5d370a2a51ef90359235ca6ac726699359fbfedb2caad69fc69bf097ada5d7e5165ba670b2c1b0f024e309ec9fddddc200b3cdacbf19fb79

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 893f24cf89723e24d1c4542897b19f86
SHA1 ef90be915867ee5c32f87d6fdb0d7c7337ef3bc7
SHA256 d014f7369d4e4199ca474892618d5004fe3aa0fd2e6d421103944d3afa97b43e
SHA512 26b5916f70fce3786c3259a899f684e3e7f164719fabd6937e6c28a1fe3075a60598158d304cdab22039bd0e1f6eb00efd21207761e4de7079004e38517653db

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e4df838c985eb28e67f422103a427b09
SHA1 2bdd2591901f32368f918407610c03920aa94ff6
SHA256 1c1f5b77ea0b4de9407ef8346ac11f5eec404e85bd373bfd429d4e8351458e59
SHA512 f38309e0a3c877cdb6fac01bcbaa47eb14b3de123364352b41acc54c91659cb8d814d67403528cc3c6d68620bcf953ba6cceeba9c8bb7fb56cdeea544aaf1079

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 1af85b151f91e11ba9e27127a3dbe2f1
SHA1 9ba638e80b3a19bc6831057aec4633ad089b8295
SHA256 764b2d195c06396159f139d564a3da5bc50804a6f0f76787403902fd8196a164
SHA512 6e6c3f02fae03fe94a2da1523adffeba2208c48cb141e702058f830da1c371222368be8ddc3d47d93d6c67a815529496a2b76ac9d18cc6a0a674baf865efc450

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 97266b30aaae42e124702cdc7167d02b
SHA1 9db9761280cdbf2e73996c0a6feba271b8fbb8ad
SHA256 44c284727f3f267d4bf96aabf4001ec354cdbdb55407284a031faef85b4bf070
SHA512 e49d7c1ddfa5718bd85c14fa62974f6b797ebc611d0e3ac09b50669f771212be662a8fb81ba30d1bf9d83ad5de94cee4e890151aa495a6560ddb64c9d218794b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 77d35705355112def03678f0a8e65bca
SHA1 54d407613ff57e149696a19be25a258d31044623
SHA256 13da17adc16d828812636eb473a69069682e2544528dd8a6405c1d4f52320deb
SHA512 26d783ec16b078d571bb2356871ba332c86bc8b23da0fee7b5b29871ddc9546e18d8acb7f9e67d31f9a7adb33c7d149acb62aad5688bb5880eb5fd6b9ee1468d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 08381e5c2f54328d43b1aad62f0b3bc8
SHA1 0563c41b56150f246d5dfabdc80476a258c7f843
SHA256 94aeb4eb4e34325087a9e11cacf8ab7db2ed4ffc84fa4c63abf9467e87b0e213
SHA512 3693cac52b80dbee4398b5574555db57952607ac4a5143b5582a802bbbf632af24d5fe240d7187df4870fcb4c50c42c8cb8d94f31526d546e5a8bb7210551eb3

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 60c83a4431c6bbc9ce914103ae80816f
SHA1 762e39e7c514b7ff67623af110db621cdd25ffb2
SHA256 62b8e124f93dea4b0ddf9061298fab86609676c3b806070f5cfe1956c5cd7254
SHA512 fcc21802cdcfe50c731f86398f5eb24d0aee65f0542de94355278d07af0afe6c7781fbdcf374bf3cae2a09bbb8cf62592c18f9d28866782be4e805c7d11bde9e

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 4acb71f4dcedd23506b4606844c959cb
SHA1 90da79e7be2560dc95355fe59918e51d1dc2201b
SHA256 73a7ffe7b6c0e8dc76a842fee9e806dde27aae6f78c289c5ea651cabfb8bf366
SHA512 af83b230681a64e9ab9ce998e67949a4054e1a4ddd39888dcb0ebc4ae3b4b0fe2ecc29e34ecb55efa54253e48ec9cf897809009b22d3eeb36c940b6fe13bdf8d

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 2125d93be0a5b72120f63ba4729bd0dd
SHA1 b2a194398383116968de129086291fdd21eb8144
SHA256 7f5217a7e707ea61100b30d2280afc572f3eb608910045ee7deef9e4ade3f980
SHA512 a489a29a61067859b110e1239cba71902b24d2da80eb444f0a10c53cc9d91c0ef9972e03d240e253125e7ea44c266fe3121e14ebba7e525688aa0f289221722b

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 e2596755e97786ed71cee8d43853d8d0
SHA1 c089d7bdc6c09145ce36ad51f6e2129665f2a8f6
SHA256 168f07948a29bb746b5f1a81a14acd49dfdefb455efd2ad65c241a769c7496b1
SHA512 f09f853b0f3d7b976291ee42e3674473211b954e3546deebf4990cbe1e30e9efa6f609e4cf5d327903df05193f5d1d46231e5c02cdc79b36136c70e6f396dcae

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 71a84fffc5ce8caff6eec8d2b96d9874
SHA1 b43aaf9252bc5272863adeb652d5c97348c6f8f5
SHA256 69e6c54f3940374f5cc1a1539712e2f7306849a641955bab5e1d6b88ac4ca846
SHA512 47313ff21564b8d29af5d74ce0c9fc68c0c5aa26f90f2f3eca85e45b57698071dad444b021ad6657fb0fea559a2704bdc3067b9c037e1fbf53fd4f72057d7eb0

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 d2595af554d04a3257c34e2ca965f742
SHA1 65858e2541388ceca144afd8bc848bfe4e0f4340
SHA256 a354a5baa061165fa171e1f5414e4887568ff763234d4b55f7b16cd9c2047fd6
SHA512 a48eacd1976467852b2f3bfb63c6d05acb50ca61665599cfa13a37992901d9fb686d3ae2144d952ae1acca4e07477be11a01d7f2c56e5a8404210ae161986e18

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 6f892de18fd70831bee22b2ff3268d62
SHA1 790d519c668c9c25dfb46f12c07ea7f920765b6c
SHA256 fec4df39d45932adebae229c6471f53e6b0304853330d361a7ba2393bd8bd577
SHA512 8b27aa4f6a7b4db7f807423da64c6fbf181dbf54f52c0c8bf35b67bf3788aa4ee47abedd09383c4dd26b023cfea7fe3d23963465a03f7c40350c212c93d63f72

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 72dcd79cabf501b2773b680f7e23810f
SHA1 b1933503ba624214e0b8de914403d27ac13bcb09
SHA256 aaa1f0091824a6ab877b677e40fd3b0690b2e9098a303b28d38b0b6f2621d70c
SHA512 b778c88ae5ad4df7efe7ff1671684e14e8f20d723ffb0ab02f14cb6336a14e920bbbc9a6057b9437d74ebc569db4a683674e11457e7f8f411746702bfe7d9a2f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 8dd3213bdab0e0a11f8fe61266f91f8f
SHA1 346e36b738242980955b57b96754483d8df61ed3
SHA256 cec64a2e3536277076ace7bbd0d0baa5aab93c4ee1a4c72bff35072900048543
SHA512 06c5e1130cebdc23fe043e12870d25bc3ccd869538be64588f98272c2b473bfbaa606cbcfa24d341beda2bf22ee097c1132e6f41e72ac11193d9350f45fdd779

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 19e94f1654b1be44d3c8775f0f7afbf4
SHA1 9fc44fc8163ec7881a0fa1580e83a249644ee2e0
SHA256 f26cf11208d73d855f0f40a00ef5bbd1afa37bdd0a396efd69cbb75ec0ce4c8f
SHA512 1a2a4858b5115705af22162cfff170803a588e9c1500610aaef07678d9e577d873ffd6672d436b33464dcfdbf454210dd287d9865cde251f5546c284388293dc

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 de6e47d6f0f414992c6fe99c9040d487
SHA1 6914c049db8cfdf335491cd6edc73b8046891557
SHA256 ff78cd731dc70aa75c47a9e0c5de2417fc8e7284aff73d2d0e0802db3dc15e07
SHA512 d888845164eb0cfc5753d1cc7b03d519f7ffec0fa7d110e424f91cb7bc2c708d149732378c20d7e18d9aa48e4671941b010b59bcd2d47514a4e45a67f66c0cad

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 4e9489987fb5b780e08ee230aebad13f
SHA1 991d68308ec33b6a3a025095614dff990038e565
SHA256 a7c32577240ce62879ad610032163aa3e060ac1d0e8fa3264ecac958ca6995f4
SHA512 041e116fbfc749389f5d001f55a827ec460f1cf174e073b5fbb6a47dcc4ed0dbd709a995e8f5aef01b22181c2c98bfaa4db7f5478d7e7b81844dfae0a8c982cc

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 742c809a990b6e5b102d4f992f8f9918
SHA1 159192964c6126329d7a77076b89702ec29dc949
SHA256 51a4f21ea62da96266b06cdc07a8f94aa5bbf92f9896af55e77ecdbed7bcaca3
SHA512 2bbe80da3c43018b9318c5addf5abfe0f09daef1976579986133790344814ad67746e6cb2a2bbbcd6a2392944186e66b95c0031e0e69187cbd3ab71f6ba15924

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 4694cedc723aece518c6b3815c2f24bf
SHA1 8b467ed3226245de94737c934854c8527d6180ec
SHA256 11f1fb1cd8e6cadb8d1dbc09f123bd440b9dce4177753c08cdd435639206a136
SHA512 a82bab0ffe8d7171acb28e4e93fe6b6831e1a88f809f05a21a79b23f1bf80ad3d067292b1271e98e3870ea0d1994218b885bb1eaed12053aab46412c3e26fc9d

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 7e922c2b104736dd8e27ae9856315a71
SHA1 409fd216405e74f844fa02618ba28d4a09c1506b
SHA256 fda2c11b05f4569913fdfe1932796d281c4f42a41d31452faf5664e2233e2833
SHA512 a7d56122c3e8c690b5c360cbf19539ed278a90415763bb548efecad5f8c07ed8199e030ad7e51f8c165b319b6f3180593b0ec88731e8bf2ce87c3617893c4a19

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 f5222fc3c78f4b186d22f3da94db6448
SHA1 d78721cd30d47f5d1c7146bc4402adecfe7ba0dc
SHA256 732e9300e655455d408f7cbaf931e1d0bd903891b9594e312722d0018bd0a717
SHA512 b0098c949a5fbde5746dde57feaeba62d4ca523bd697e4867b889e1c0e9d1e7c053b28c17113ea240b897b83eaf338a45b0f484d62967f0cc5527a4c1393211d

C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

MD5 fb4f83682b95cbcf7af00a66476be4df
SHA1 e6bbb863485a25428088d5d69c6e6a57cf171edc
SHA256 e6d85de28fff326cb4c1292a27a0ff8bc83664ec746990cfa3a9be2fc0a37497
SHA512 8dfcaa91cccb0112b32c3b9c14be1780c0e01e502e0c3a5190bb1a48fac3292412ce6c2c1b55f5e5af517c2bc080969875f79acfa8f108bed58574fbde5ced20

memory/1712-3464-0x0000000001270000-0x0000000001280000-memory.dmp

memory/1712-3463-0x0000000001270000-0x0000000001280000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 f0bab0aede84fcc235206a4de32664bd
SHA1 d4ae739a15ecfb8db12bfdfca919820d2475cc5d
SHA256 6a1398e049a0175fc5521996de1e9ceca02aaedc48471f7f194f22ef30ef2e3a
SHA512 0e3f9da76019e8f6430e65489ab0358255acb9f7cc6c1c2c7901fc37214df3265fcddb18be47282867cc8cecd9a8b0965e77cbf68bc181811a3fb8e619e9dc3c

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

MD5 a0dd6b2a567a94dbd654a4882645cbaa
SHA1 aded12a72cac7ef0dc8a17a562a6ca798a882e54
SHA256 80dfec4558b1ef3d6617a1057705adea2e608bacb3b10f60f788a3cc5a25c90a
SHA512 22dc3770a6841b558b7743111d5b9fc273c12b08d55a8ce6274d1a4771d11bb22143d61c51caff27f0ca5f12eebeb9e47f12eda2dda987e572ce2fa7cedc6de6