Malware Analysis Report

2025-01-02 12:15

Sample ID 240417-cevg5acb5x
Target Infected - Copy.exe
SHA256 a2f0e4af244f31133cf9a0d50e643e5989792a5b77af1284b94f91f68d318ea7
Tags
rat default asyncrat ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a2f0e4af244f31133cf9a0d50e643e5989792a5b77af1284b94f91f68d318ea7

Threat Level: Known bad

The file Infected - Copy.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat ransomware

AsyncRat

Async RAT payload

Asyncrat family

Renames multiple (1270) files with added filename extension

Drops file in Program Files directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-17 01:59

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 01:59

Reported

2024-04-17 02:02

Platform

win7-20240221-en

Max time kernel

119s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Signatures

AsyncRat

rat asyncrat

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2504 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe C:\Windows\system32\WerFault.exe
PID 2504 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe C:\Windows\system32\WerFault.exe
PID 2504 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2504 -s 13676

Network

Country Destination Domain Proto
US 147.185.221.19:23638 tcp
US 147.185.221.19:23638 tcp
US 147.185.221.19:23638 tcp

Files

memory/2504-0-0x00000000010D0000-0x00000000010E6000-memory.dmp

memory/2504-1-0x000007FEF50C0000-0x000007FEF5AAC000-memory.dmp

memory/2504-2-0x000000001AE90000-0x000000001AF10000-memory.dmp

memory/2504-3-0x0000000076D00000-0x0000000076EA9000-memory.dmp

memory/2504-21-0x00000000010A0000-0x00000000010D4000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarE90F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/2504-42-0x000007FEF50C0000-0x000007FEF5AAC000-memory.dmp

memory/2504-43-0x000000001AE90000-0x000000001AF10000-memory.dmp

memory/2504-44-0x0000000076D00000-0x0000000076EA9000-memory.dmp

memory/2504-46-0x000000001B610000-0x000000001B642000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 01:59

Reported

2024-04-17 02:02

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Signatures

AsyncRat

rat asyncrat

Renames multiple (1270) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare71x71Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\3.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007 C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\IsoLeft.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Paint3D.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare150x150Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Sunset.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vreg\office32ww.msi.16.x-none.vreg.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44LogoExtensions.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LargeTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-72_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe

"C:\Users\Admin\AppData\Local\Temp\Infected - Copy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 147.185.221.19:23638 tcp
US 147.185.221.19:23638 tcp

Files

memory/1280-0-0x0000000000480000-0x0000000000496000-memory.dmp

memory/1280-1-0x00007FFA6E4A0000-0x00007FFA6EF61000-memory.dmp

memory/1280-2-0x000000001B1E0000-0x000000001B1F0000-memory.dmp

memory/1280-3-0x00007FFA6E4A0000-0x00007FFA6EF61000-memory.dmp

memory/1280-4-0x000000001CEE0000-0x000000001CF56000-memory.dmp

memory/1280-5-0x0000000002720000-0x0000000002754000-memory.dmp

memory/1280-6-0x00000000026F0000-0x000000000270E000-memory.dmp

memory/1280-7-0x000000001B1E0000-0x000000001B1F0000-memory.dmp

memory/1280-8-0x000000001E0E0000-0x000000001E4E8000-memory.dmp

memory/1280-229-0x00000000365F0000-0x0000000036ABC000-memory.dmp

memory/1280-262-0x0000000000CF0000-0x0000000000D22000-memory.dmp

memory/1280-415-0x000000001B1E0000-0x000000001B1F0000-memory.dmp

memory/1280-416-0x000000001B1E0000-0x000000001B1F0000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 9df66e4323f6c65b0b8ac405fef67460
SHA1 bc3292807827f0851fe76ee463babbc0d3369504
SHA256 5a7f544032715d9ed0d4320ec2a5078ee11e7c4c7301041e05f6b488462b61ba
SHA512 fb8a68ca34f66f6e9b6289836df02865688faadca961266e89194de54e48fe161c80914921e712e358725ecaa9b5e607d44a1eb2b1acf42143b7cf58c4b91933

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 d7845a9eaa63b878fb027dc66c70798a
SHA1 4135e4490323945ef05068031041b971ed7b7341
SHA256 defcf3dce1a939eea716792ff45cb172c2bc7bf933f3876894c08da7fd219298
SHA512 1f7ca5e42cfff4cf6b7d750df8ec91370f50da9b4b788bf367299ec33ad7814e272a1c3747d09a9aadc06d8293197d4e6ce18bd0ec9971008f8c2148d827a7e1

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 cabceaad7fb8e965680b334c56a40d13
SHA1 8f7cc02b0b55274ddae1e825325065439a6fed0f
SHA256 42c32e65b139993560b89dc561482f4ae4a0a6a94fc5ab55568519b0126c5ea0
SHA512 1eb87492754ea6371960ad8bbcab3a254cbb7e3bb7729512c207b18d49d82b2fab5d49a2c18ba2f6eaa4459d1c64ab59ce593a1a675035e5a426004c8480f62b

C:\Program Files\Java\jre-1.8\LICENSE

MD5 35a5251d10995d53dd522fe4d6f2c121
SHA1 0227fb78fbba1abd60941f43f8937e7874bcc073
SHA256 20357014de0ed0419ab78cfe0add73af105f6915fd4d16468eaf37b88bb3e865
SHA512 c2b55b6911afced15993b2b0d5971bd9ff54e71bddc1f708ff02a4c02226d3abf8dba5dcbb77b3d2e732e18226274ece5b036df5256cb18e92c2fa67205e5607

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0ff91dd546bbb22c9fc961ec606169d2
SHA1 cb0ef849fb4ea6ae249105651d2191700bae4145
SHA256 0bb3d0898ef0fcbfddbc7173bd6999c127e3ba0245cf74353237269061c75411
SHA512 abf9c4cabe573d7b7523d5da2f08f70e0af6a41bb951e84423dc47d1d5c88c48655c7f51ed77509525c3945ed7eaa4b37e4dab9206e975bbab6d6989c66cde72

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 53dd51b1e2f4b84d36d6c73e134afbd9
SHA1 bae021adabd851d89e129586a6db46455a38be98
SHA256 03764117185b9b1c40834b6212f98baff7daf23de18ea4df501b14d5d4f24342
SHA512 a0a2157963a95f235ac263ce265486d7015cb1101f37d75514f7af7a2321fdc940ca464729a3980ae79a242332eba27e74f0ab247fdab7f26ab896895f0cc816

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 3ecec5f16bc9d0fb524e0f7cdc8f0335
SHA1 343c995c1cde711052d6cba1fef832a7ff377bb5
SHA256 48354c8ccc4800242ae73eff2958f1c22e1832e5620885fcfdb04fffcad0d812
SHA512 f8214c48c275efe1c8790a64b757810115081a0fd327e2cea2f1277ba1a317e58e1b47182f53e55a63f33d3c796d7541f4b4850e94391e8fb3e8c9773d07b191

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 5555d92962f49d22d415a5f7ea292f01
SHA1 5c54bbad5ffbe7484121f3556794bbb13914c67d
SHA256 8c6bf70dae1e0eacc46edb6473ad9b96c387e09b44eef12e0c0c550bc78c2243
SHA512 5adc91defea9a448eea63db050b848cbb889024d84148deca39fccadf521fe7dd7359444e44c0b60f32d63434f0745136afdc540494388dd1947298a0c2b499f

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 80d42878d9612a68229a8d58e27cca79
SHA1 16590347833d97c626eb007bd52faaf51bc5df0d
SHA256 c945064aa5f7ab63450ba8930d02668d9790e58ab5f0310915fa264dadc971b0
SHA512 03af5d21c29305707c8d3386b3c541a1029dfbf037d7d5876d7cfc5f4fbeb2db03c1da4db98b39102376d9e6db74ea054f136499398e673e63c8774f63359d68

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 243f55ae5cfd59c907ed9388a8bb4f2b
SHA1 78ca2aa064049151f029aa959c28d5eb6e110d1d
SHA256 47aaa261d589c242097d341de4b6c987883a4b8ee185c7b61fc1780b780772cd
SHA512 c52d57af0a234c072b059184e158f577782b54f46fbba8bc6cde37f1af39e7c0c56dfb178001280c1d4e15f3d7b6ae2cf3fd6f0a43803b1e3c58e6489e86439a

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 774759f4aa16564a04d536ff60f9845d
SHA1 d355f1093def585ee1bd2e63737cba558ed53344
SHA256 0f080100755840fab36526ec43476552bb0334f83b8c98e6adb9a527d62c9938
SHA512 a6e22603ac4a9395b8803d2f1ad940fefb75174e6f3c5a3fdb186ea1d84ec8c0975914c73bec3a9a28f81d3c8cd8ba19821992df98b352c67274489ff0381b47

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 d444b1225f0c6984b7ae5b21e881c270
SHA1 1e5cdd99969e18400e3d748b8e939d7565a81aed
SHA256 baaf59d6c0c906b75c6517ff118d64e612637cddb8e8eb43fc89cc5c705502a2
SHA512 d2cc5e81781fccd81054204b89ec90200f3ec97ab6317a416e829620d21d23a2369ced8337184579d4672942aaab30030ab80632ab837aa65ecd191c534716a3

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 2e0b2ee9bcde2e7c72da5a51ce3a4b97
SHA1 497466878b48a77a63a6d70fafff1e6585d94834
SHA256 7b29dcc55a9d525d08042cfb220a7c493502f13d6458d7ed4ec9743471bf9b49
SHA512 9c1f497c6bd25c4cf3ff8bccf62a3400498bb965cd5ebbd565368fdcbf60e51e528334b47b47f162475c480acdc3066c46fe64d16b33ff6064b0fc3bd86c3bb1

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 89c7f70f4199581bda3d7d41c8234a24
SHA1 eb74bd7a136e50d325741f37620ad3d3ecb50ded
SHA256 1260e5e5564284bf59eb550b869e71a65d5096f4195de6e2b69896312680c785
SHA512 891379a3a2e36bfc9f833fa292be190c403def4c8bb461be148317ce08da5ca41b3e85d5fb746afee38df8df901be95e28d335886855b361b162e956f5ad0f38

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 2081d4e6928030dd9bd41cfa40451152
SHA1 f2bb17ffb05b2fb3c425f88260f2691818b5c654
SHA256 4df54f074072d49501ca3944c7780efc989c1f7f2318a9003a6c0054e567beda
SHA512 0a1254addf0c003b184503e36e957e1cbf9fffcd500d450659f80241c2cd55d411d83ca0e523f23fae20e3f62ba8bd6292ee93231bf481a31b4418c6e590ed75

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 47241ef84a6a7ba5d392c61067ad2a11
SHA1 756e29f693e02779b4bf7398d58d8d21ea54e38e
SHA256 c7577185c56c6193fec8c4e8488c01a5372a1b7ef9fd6fe4b1804418bc6d17b5
SHA512 775d92fa694b62e8ccd2a5c5f6ed208eb8fcac6bb16b13495a82f97b30c3c69924679d83a9b515e1397795af3fc58c17ce5525496ed0a7439a5272edf6b0ad85

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 ed5a7f31328849846a0b83fc844146c7
SHA1 e1f19ecce7cb2f01250a9b04a40d2213ab6774cc
SHA256 3543cf8d0d9b78d775d3c20090c6e0c92d61478d062ab1fcd9863fa7e5f955e4
SHA512 3cee9907173515da9faa57015f3c9077da874ef64b4163c046f4795f27ca567a416ca65c1006fe23496aa485aeb54f428a2d9b822b0a6d289adf4ddd91236f45

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 11aff54a5680199c48d9b40de6ffb924
SHA1 e8f3bee978f5c982922a018909e22617c84b45af
SHA256 a725912978fff34fa43e9cfe36ec5256f32b05f2352a45bca121ffc48e38ecad
SHA512 1584e1e416749016de460c7b19fc619974ec3945fbd2e40c0db90d71ec6917a7c61909e2fe34e84777ebc3c5d6ea0b52790e5c63d1a672cef2fabce2a65d8e0d

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 fba6a3848ced5ef6830dd4d71546bc14
SHA1 35219f4bd34884c29bf7287ae478e28e988df983
SHA256 7f9f0834d59d8668b139c1fb4ff27d2980ae8f9bd93105ca676aa4ed3ffd24f0
SHA512 8bad62dbef28a66232b92e3aedc16803bce8a58b9bb2ea105bd3a0147e7854de17887085fe86d21d7a6bbaa73de844661271cd506eae693c9df7bcb3d7e25119

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 4ca5a925cf4bf4eab56936e6a9348d67
SHA1 704056476428b415b365627d9f5d33807c6cc9cc
SHA256 89b40f7ef5cb371a72e11a3792d1b3e342faa3344193964e5291c8dee6c9e8f9
SHA512 d9adec5e27d2d0c806d39c22b59d48e3776655f75376173f8656cf0a1d725350fed6b6ac714f279cf7efe4cb270042529528ad56a0972443536428d320431750

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 55952f3bff748317a0e3901d11f1eb7c
SHA1 3e0d0d4c4d4ee9b5e64d8e4183e5537daac3c0fe
SHA256 f4d90d51df1ac30cae89a66f09b5c95d7bbd99e59ec7be56b9e09ff98d39e12e
SHA512 af6244ab3acfb0bbec094bd02ea88ee713fe3d91054c6122e2990ec2775688a4330423c6325e5edd125655583b9303469bef96c10b9eb28c627ae0c9a1bc0b8a

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 c61b049b5deefd081c324afe0aad22e0
SHA1 b60e67db7f9061a71d3c58336e0d4d9003a01917
SHA256 705f1207f5f99480f3a33c7b0ee55dcca5ac5a797f7ac99cf74ac19b8e493b2d
SHA512 b18b3670d4db146e7a0d5e7e1334b315f241e285d9457595aa544307dc46b94e26860ac2714df4f91879da12ce2bc1bbc029ac913a7eecfc1cb130f8d39e359a

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5c2e39b0c460f1d6f66b67af16b32bd7
SHA1 6a21acbde78e47edcc13c1b079612225651e0a9d
SHA256 548d4e7a8777fcd9a08065f21f0e5ea3b6d0f1ca6ededfec0ca8b699490b0152
SHA512 87af76ac5265045184deaf614a602524cdf25fcbfa4f2d89861dde7f01ceca370611cfddf64c7d0c02f36fc065bba8f8c30d36e713a016a6728778a363f98215

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 c65fdae3c679f01717a5dfd5e076ea2c
SHA1 d4b31f0ddbdecb6b7bdd00ba67c8882046413f28
SHA256 f729b78adc982103a4d8cb1c4b36dc0acb1e6a4d1a95ab4ea5926e042e8af892
SHA512 801090e6c5231726dc0d45baf2536a1e27e74c1e808fa4303ac5b1ef35bc5beb12fbb31415cc2ac19673cfd3c11110465fb7c31a9c9843894df9d001e0af113f

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 bf59958a09eafb5455e8d8230db1ce14
SHA1 16b14f5898cd5a6c8a685205687636a1c3d371de
SHA256 6fa351cdae1877fdab39419afdf067a5adc736d4380c6a3c4a5af912dd1d28e7
SHA512 0ed04470f33b7592d3fde0842405c28d689998b77fa7a421e95223b6ab47b449bd4ec36d5fcd4ec29edaec7c3842ab8412f5d83e6ef2ef09cb3d5c31dee9f138

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 dad391b45452787986a959353324d1ad
SHA1 89eb4a4929c3f8b7f948c36be7a872658821833e
SHA256 63b54ccd07f5b67147df1d92cc04e1b0cdcf1f6974320735d3ae7ef0887aa970
SHA512 4f7a6f3097522ce8a98f0672d241c3ba21fc5b22c9b5f5d5342b384f1a2c2de7ab97fcc4b226e128674f4a1f0e85a80c983f5e248207cec008c1e8b3ac6c5b86

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 777a5d844a57a9b963f0cdb9755a1248
SHA1 87e78945e3140afa87db3be8990a03e8e9d85ee5
SHA256 97619d7db5cbc285e055bd51741c97af8a16c0c9c1018aa48ca59c5a658d6621
SHA512 180b157fd661e8ba5516fd1534a87a6589861eb3665aec9230bd4af06f37bbac73f88ddc962bfb98b1a830105b4bcbc51d617cc8f5d6fb7c34d655361df54b07

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f8c9fca0e426c87b8af8595cfd85915d
SHA1 d8c5ffbb0867e46eca2657922b9ec27e742599f8
SHA256 ae651bfae1833b581f1f7859ec2316d6ebe23e281d5e2f45819e6c9dd555e7c5
SHA512 4008b83d22d0e6164ec80e707e47c53040e8481d989474b249ebc446a15420a4d381dbb42f9f696bb3840c1e08e16f94f409d8cb44a3ab5f064d50e5a2194f97

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 8a289cc24dfc609dedd84bdbfbb923cc
SHA1 c5e798453638ceb159310b680875ac534f6a27a1
SHA256 81012a47c556ec8699566e14e0796ea3c2a7c5e2df200f3553bf39b4048f4b5b
SHA512 c44c8af05b4eb630f2b941cd933f3509a31a01338b69630eb2a0d840463ded83cd6bb5442131f4d231de2c3e32c5fb1b31f302fe930dda550167700722a7875d

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 89c1dd969fe5a99c0456682b6fa39786
SHA1 35ff85416f0fa655d9e74754fe1d732305db9457
SHA256 c5a06175329356cef326ad6ab418a3640d60dfceef0cf89314d51cafa1696447
SHA512 f5913a1ed984373cb2b4435576972f2138bad6526322b8403fb722bdd0ac3f38850a1ba9bc686acc6d434a315329b273decf9f44be6b3746a12083f87b0693c0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e7443a70338f7ab8c12d12a96c3b6398
SHA1 d77dc3e7aa6edf3917baca8a119803358fab99aa
SHA256 ec83fb6822ace7c15b4c31fbab6e2d7d8cd56fdd19d4d93a0dece8f450323d3f
SHA512 8a3a8a1afece0c16e80c807c5d990aa895292a5c41caa38f61884f2504eeb10a91ad40ea86f6215ea8d9d86578f00d3407cab5e1f25b325c196c62bade81be08

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 1bebefb96f5c81ade0ba65a2a62ce3a2
SHA1 e6e1c6dbd57883b9ee5d2e5515405b5b8aa60eba
SHA256 92019a8f82822b3e3d94710a6f81e7fce48323e16c4906fb7e50c850250de7cb
SHA512 330e3b6ddb3dc7b98fe4542194a2013c18d04ba6c3c563aa9a19ed0eefc9b5c1290f5db799a84f5a0f548fcf6223756559ae716cdb2a7f7e3029ecf8ac0a1702

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 6e9225fe0c85e593ddc164329d55489e
SHA1 898851dd0dac865a73fe3259d344ad6872bb47e1
SHA256 700d96ce587291974e7fef08d79b974eb09ce50917c616360fd229d6d444b2a0
SHA512 6b90d7a2363f7778bddceea2fb9dd9cd858b5b21f3f089625d26daf553c95fe9a6bb59dd0d30d096a8c0a6614ef9f0a6d740aca65a1b7e8aa3950e4d291ae506

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 63ba3cd740231507bb4e82ef77ff390f
SHA1 4162487903d292d117a6ea5b42a0a38be3b2d065
SHA256 ca930fac948fc290c9bcef0e65b80c5e17dd1325237a911535071264a8b80bdc
SHA512 3f6a6c1672d2a3bc0205485aeb29fff1d670b23ab20486838a728401551f37c3b1620efc43ef54d132930c4bb789046466add5d219b1006bf31619599139a986

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 399fdb93baf3638a06af6d1f031a2699
SHA1 35a0c1e6045742bffc1c068f983b4cef02e03084
SHA256 0c9edda25ed27464fef7bd57996a77a898e7e6e527225716f0d1e057bdd76ec8
SHA512 7c5a2382e487bc2a22344b9930fc659a8ea41b7ecb9ae8256de4d3ff79a56eb5f101af1c46454e63e1b1f07195c10ace3b62a84af8093f1dd8323e3fd249bb79

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 f89263451b4341d2bb5cde981cd771e1
SHA1 68e390c0528654ee6e0568d749d79b85d49b5f73
SHA256 28d4ad974c70d6027e8e7713fb51d2d84ce2e8e95eba5b031ced981ec7cdef74
SHA512 7c7d031f8e1b29f0ddd1e7fa7b8ef70931bafa41dff963197e3f885e58445e639a3069a1db7918d00de97484b30ba7f84332fbe1b86cd22c3637b6cf14057a9e

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 ee7394e880232e6d6992b6c888844a43
SHA1 7f17b469e5fa9fa9ba0e92966539a9f8a818bbe6
SHA256 f5cb0b4edd78ef226f3b3328602c9a92a7c20caff7bd404619e6a374db76e2f5
SHA512 c1411128fc5e44bd4f0bc7917119e348d2e9bbea47ac5d494d40966ace1229b8734e56eb4a257aa52d42fea2f446bc6b654585c0093f75571192ca6c89ac1f29

C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

MD5 bdf860bd40b803133bad9693488377ce
SHA1 226bb709337c40ae24ae2c32808153f4f8597a0b
SHA256 5675036e338c90870f60b5960dae5bd022bded2ebe3ae63bb47e1be01a639083
SHA512 6f1768480ba4a173fd8e01dd095c7f104a868f43c032565321f8d0004aa1388c595f4631cece7c025d7a1bb117289307f51bdbffb5e0dbf9caf056b42844d949

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 040b45826770ba95fb52cfed9cb8089e
SHA1 d645dad517849c060dd0ab192572fa0c5bce3530
SHA256 b02ac6ed32af0520735ccb115f12d9123344edf35850028da68ad09a2cf22701
SHA512 a178bfdb8c484a359f75ccaedbaab7b1104903d165d29bbb24a0d8f705d6f330ef2eaa0ce35c833a559168162647ea7fd6a3bd23cca331e8ddd6c69f80ba4426

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 7dce6335264431379eddbabe8f31b0d2
SHA1 f9f5928bb2692ea55ace0d22a0f405d839579303
SHA256 9fc12ffa51b47dda8aa0c02818a8e3039f368aafad65e8759f6597bb80e5b01e
SHA512 38654f222efdc7ffbafed68eef055e928a5431b2a02107a59640bee3bddbc8ffd66ef76e26577084a4972b347880bd21d246bd2faf84bfbde55d8385aafa0d97

memory/1280-4246-0x000000001B1E0000-0x000000001B1F0000-memory.dmp

memory/1280-4247-0x000000001B1E0000-0x000000001B1F0000-memory.dmp