Malware Analysis Report

2024-09-23 01:08

Sample ID 240512-tvlzcsha76
Target Infected.exe
SHA256 f334121ac8ff4f73bd7ea92f125a601e0799943b7067568c9ca661b0882175bd
Tags
rat default asyncrat stormkitty ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f334121ac8ff4f73bd7ea92f125a601e0799943b7067568c9ca661b0882175bd

Threat Level: Known bad

The file Infected.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat stormkitty ransomware spyware stealer

StormKitty payload

StormKitty

Async RAT payload

AsyncRat

Asyncrat family

Grants admin privileges

Renames multiple (1272) files with added filename extension

Checks computer location settings

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Gathers system information

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Gathers network information

Modifies registry class

Runs net.exe

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-12 16:22

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-12 16:22

Reported

2024-05-12 16:31

Platform

win10-20240404-en

Max time kernel

498s

Max time network

499s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

Signatures

AsyncRat

rat asyncrat

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Grants admin privileges

Renames multiple (1272) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification \??\c:\$recycle.bin\s-1-5-21-4106386276-4127174233-3637007343-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification \??\c:\users\admin\desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A 5.tcp.eu.ngrok.io N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\EmbossBitmaps\Oval_icon.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Content\desktop\en-US\toc.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Awards\freecell\Get_Out_Of_Jail_Free_Unearned_small.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Dark.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\themes_frame.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\1937_40x40x32.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\bw_60x42.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Western\mask\13h.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\ke_60x42.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\10393_20x20x32.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\glib.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Eye.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\MapsSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Icons\freecell_icon.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\gp_60x42.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-32_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconOpenInRefocus.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\6416_24x24x32.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Arkadium.Win10.StarClub\Assets\Star-Club-button_white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Beach\beach_12c.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\in_60x42.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Assets\friends.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Windows\rescache\_merged\4272278488\2581520266.pri C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\system32\systeminfo.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\crashreporter.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4644 wrote to memory of 5028 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 4644 wrote to memory of 5028 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 4644 wrote to memory of 5028 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 2424 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 5028 wrote to memory of 3032 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SyncShow.rtf" /o ""

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Documents\OptimizeEnable.pdf"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CD566133AA62971D1BB0C9A9B555200D --mojo-platform-channel-handle=1608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C2E5811ACF7ED016B1EC5DED40F3C208 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C2E5811ACF7ED016B1EC5DED40F3C208 --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CBEE4E7DC177FF091A70E5F09F65BD26 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=13BD41A9E56919B3B832091CBA0B88A5 --mojo-platform-channel-handle=2388 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B27C35075997CBA7C7197D8906A82FC --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\system32\HOSTNAME.EXE

hostname

C:\Windows\system32\net.exe

net user

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user

C:\Windows\system32\net.exe

net localgroup

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup

C:\Windows\system32\net.exe

net localgroup administrators

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup administrators

C:\Windows\system32\net.exe

net user guest

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user guest

C:\Windows\system32\net.exe

net user administrator

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user administrator

C:\Windows\system32\tasklist.exe

tasklist /svc

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\ROUTE.EXE

route print

C:\Windows\system32\ARP.EXE

arp -a

C:\Windows\system32\NETSTAT.EXE

netstat -an

C:\Windows\system32\ipconfig.exe

ipconfig /displaydns

C:\Windows\system32\sc.exe

sc query type= service state= all

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\673fd40f-abf4-468f-ba14-798387e21868.dmp"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\673fd40f-abf4-468f-ba14-798387e21868.dmp"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\e9f0af2f-deb9-4034-89ed-a821b3692f90.dmp"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\e9f0af2f-deb9-4034-89ed-a821b3692f90.dmp"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\f078ddf2-1ad2-4c66-8dbe-923d59eaf417.dmp"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\f078ddf2-1ad2-4c66-8dbe-923d59eaf417.dmp"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\198ff012-831b-43ae-8116-07dcc8bb42ba.dmp"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\198ff012-831b-43ae-8116-07dcc8bb42ba.dmp"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\5825775a-f220-49ac-bd23-bf33c26edecb.dmp"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\5825775a-f220-49ac-bd23-bf33c26edecb.dmp"

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca

Network

Country Destination Domain Proto
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 115.181.127.3.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 240.76.109.52.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 47.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 35.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 151.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 156.53.16.96.in-addr.arpa udp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
N/A 127.0.0.1:56222 tcp
N/A 127.0.0.1:56407 tcp
N/A 127.0.0.1:56582 tcp
N/A 127.0.0.1:57241 tcp
N/A 127.0.0.1:57588 tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 217.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 crash-reports.mozilla.com udp
US 44.242.105.245:443 crash-reports.mozilla.com tcp
US 8.8.8.8:53 245.105.242.44.in-addr.arpa udp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
US 138.91.171.81:80 tcp
DE 3.127.181.115:14548 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

memory/3288-0-0x0000000000A30000-0x0000000000A46000-memory.dmp

memory/3288-1-0x00007FF8C3953000-0x00007FF8C3954000-memory.dmp

memory/3288-2-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp

memory/3288-3-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp

memory/3288-4-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp

memory/3288-7-0x000000001C460000-0x000000001C4D6000-memory.dmp

memory/3288-8-0x000000001C4E0000-0x000000001C602000-memory.dmp

memory/3288-9-0x000000001C3E0000-0x000000001C3FE000-memory.dmp

memory/3288-25-0x000000001C430000-0x000000001C452000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp9A3E.tmp.dat

MD5 dc89cfe2a3b5ff9acb683c7237226713
SHA1 24f19bc7d79fa0c5af945b28616225866ee51dd5
SHA256 ceddefa824f1dd6e7e669d4470e18e557c22fe73359f5b31edf4537473b96148
SHA512 ee5d047e1124351997ecfaa5c8bd3e9ce8a974ac281675cda4d0a55e40f3883336a2378b9ebf3d1f227d01b386c26473c32e39bcab836da2b392bf778a6cf5c2

C:\Users\Admin\AppData\Local\Temp\places.raw

MD5 c0cc6303d99cb3c65433fd0db9eaef1e
SHA1 5998c5e611bda8caa10746ff241cdb4cc01fabc4
SHA256 f673d384f05cc963445330252ca74b8268226501a3a118fc7bd13b8dfdeaf2bc
SHA512 ade00bcf538cfa77851c1129b4982c51ac66f9712fa9814b906df2a9f16ff7dcc80e662667df9d652daa110b383a63822d40fd3aefea01aa9565928c1fe2cff5

C:\Users\Admin\AppData\Local\Temp\tmp9A76.tmp.dat

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Temp\tmp9A75.tmp.dat

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmp9A77.tmp.dat

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Local\Temp\tmp9AB8.tmp.dat

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

memory/3288-127-0x000000001C400000-0x000000001C424000-memory.dmp

memory/2464-128-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-133-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-132-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-134-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-129-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-131-0x00007FF8E0965000-0x00007FF8E0966000-memory.dmp

memory/2464-135-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-130-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-138-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-139-0x00007FF89CFB0000-0x00007FF89CFC0000-memory.dmp

memory/2464-140-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-141-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-143-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-142-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-146-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-145-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-152-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-153-0x00007FF89CFB0000-0x00007FF89CFC0000-memory.dmp

memory/2464-151-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-150-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-149-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-148-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-147-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-144-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-163-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-162-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-164-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

memory/2464-363-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-364-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-365-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-362-0x00007FF8A0950000-0x00007FF8A0960000-memory.dmp

memory/2464-366-0x00007FF8E08C0000-0x00007FF8E0A9B000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 b30d3becc8731792523d599d949e63f5
SHA1 19350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256 b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 752a1f26b18748311b691c7d8fc20633
SHA1 c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512 a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 60a7488f43f9dddabf7faa0d5a91d9a0
SHA1 6e83d3869f57832834a194ec58beb412d5955441
SHA256 5df8b15d88d113d0ecd1812ccc1c55ebf0e0e18b855b6bba4d366f94d9d594ea
SHA512 41858868ca27e1a4dded03ac797e9d647ad6a7f586460ebd9e700f4ddc8f464e8d582e23d9b3244342e8a0d3c6955812faa795a1aedb022371790745ee192297

memory/3288-485-0x00000000010A0000-0x00000000010D4000-memory.dmp

memory/4644-486-0x0000000009B90000-0x0000000009E3B000-memory.dmp

memory/3288-490-0x000000001D9E0000-0x000000001DDE8000-memory.dmp

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

MD5 e061c7a576d8d1c07884118f37faba5b
SHA1 21dbdbbd4ebc30910a0abcda0c6cccdb0c5e55f2
SHA256 e3ed64dd0eb783a7d846ae8d0c62c29c1df7be13cc57bb69c1eeb35ff4ed15ac
SHA512 ff9ec8c97510c150ff9fd32ba62ea3e8506b49e0e2eaf017b6c83c2434e5514dc72c395fbe4501bcce1c4b275f929c09a881fcdffa11e671a43ba0c119d0af30

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1a73690331eda78b8db8e82c85414b2e
SHA1 c042848cce5049146141c9bc75cb8862055bd26a
SHA256 a3bf1eed3d59e3b2630ed67d182880b717d3e7d0cf448318ec33aa7334cb0649
SHA512 d78d5b7f53f1c7a458f96f8fb69ea5daaedd6ef4c6e617289c96293e3f156aa691e47f905060b1a89f559e0cc4f12a160fc18ef6c3879e9891862e0b02239a14

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2562cf94a7a4d1e200aca9c7cf113a0c
SHA1 b99422567be0c46920b5598d44b6e8b5b90875e8
SHA256 badba926b04ec634610805935ca450149b1615672388a75e507ac57eaa4f8665
SHA512 ed752d64b60437acb28c67edd2612e85104047438ff397f99c1d90cb458210e45e0f810229311ec0c50b2f92f511cc267d802a03ca62c7d476c88da1f949ee4e

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 a6aadbbfc643d185a6120e8348f162e3
SHA1 c4e057068f775f4d72caaba90a27eb2ff4534bec
SHA256 c1a36f28d370d0b1bcc52a77bc838fdeafe1d781bb7d2f2e4f688e4941ce8fb6
SHA512 5237ddd287a1ecf202de47b96e44f6b890caffd8a4a185b1f28fccee3faf10c552085f6ccd90a6de4877bcdb955ef214faced170e8715bbde1975727c77d13f8

C:\Program Files\Java\jre-1.8\LICENSE

MD5 0a60f6ceff165c1c5360d8c80693d3d3
SHA1 10a1560b2c5e5768a243d3ddd85d15c8cd4606cd
SHA256 586b7ed9edeb8570dfd92280d4527149621bcf6278e749804acaab4363217c95
SHA512 e3914d83d179b0593a7750d5ad56544b6d9569636187fa5a0a3a6ff5e6ede5ce9f1830ac97d37fbe77d68c4b7f1fbc8866890445de3461e4e1f6b2b72c6df018

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 cabd53003b16227d145b0545912efe25
SHA1 06412f4546be543e979ba70b4b201783c479b3bf
SHA256 5431bb2540e4d1cea8970458172e2c0232f83061664aff1db4e085c5bd080897
SHA512 2b301eada8886545e8df07ec968736752c537526d3930ff1b3632c79d00f368fb7d2772de1d761fc4991500e2ffb52b845f4c8e018c4bb07ef0b8bbf89f8904a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 0d4ad8e12a1365407e2a6bf12fb41fe2
SHA1 2e6000c3c3aa75c4fcf3964e05ec4975ef86c068
SHA256 f0ca2450a56f02a5e6447dc1912101c7df2a97c6f824772f1dc90ee2baaaba3a
SHA512 02db45984055dd57f15bd3eb6d27919bd04fdaa32e281899143a5a84df5fea90d35f05bdcda30191160b550db9b1beec3032a295ae577329c1dffb8a73146408

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 15bb76678d7722809b66c31d7e4f3a1a
SHA1 83eb949b562ca1ce474cd6cba5f2396980b33135
SHA256 7001423d762e5f2be52308271af3fe501b698c746e0a28895b0e027262aec332
SHA512 b37ea6d7fbd9f1ac5e7afdcb0af31eaae347c9e43aaea309966dbb631b862868f421a11b389b033f9a4f62c4b75c74e5293ef0cea92dfcaeea97cb9c06c38866

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 9b6f3a058d4af805d949e371d1cdd818
SHA1 07ddd055c253bde58ed1e1f2bba262395f8af8c6
SHA256 3bc7eb50bf6718f63841df033ce948d6142cc417b96c5bea23f53b0102a956f6
SHA512 72f138719585590ebbf6b4ee4cae1e08b87c08d037dbe8dcabd2278edf3262a64b04dcd666b74ff3c04d23c9aa426158fae3808d845f4bd73a300ef097fb898e

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 43a4988930997bf13434d452b7a97acc
SHA1 5aed39d27ff8cfe6a2eaae3a012a44681ff20f9d
SHA256 dbd89a8d57052c7eb741a9edd47ce195831f4264286cdfae8fbb35d15551d79c
SHA512 65ab10b0f7a70b6b0a55d82f55135a4e3fb6fbc84e53db65ae2878847219cb73b4dd2303377715e56e71306038543e7bde83e020191bd2344d2b0d6db628e8c6

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 f46d1c9bbfeed72b24f4031fb405fb3c
SHA1 47780abfb0e9ce9884ff0cc2455261e9c6b60ce5
SHA256 58500a7353c74ed31f1e8ca5c9f829ecbdff0730dfa4041795777c4504572cbb
SHA512 b0854468601282b3581c02a3a4f37beee52b558d88aa4f470f1f380c75e73cc200dfc7de157b42ae045bd926772c9a198ea1fdf5181e36e961f10d2f59888dee

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 5cc1a2e559df0dc70ac48af96031eaf2
SHA1 0a72de1e43d3b6b78002443f6c54e6a6befda18f
SHA256 c8df20a77f46063be704e88e8e97044e23778cd316337a7b34c47b756f89a301
SHA512 0341436c4c59bd4b6c083d12c56e6de70ad8a785de230d183eb7b0ffa46d538bab8ff5eda4317289d234f4230013c5e1966f004692f113c576e0ed36cef458d9

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 6b2da523b08295e4e7711e05cd9646ac
SHA1 413e26f48c424fd40db7e82f19e154e1049e1cb4
SHA256 88d55c858f49694ceb7a008c68433c60026107ac357ff6a55a7defc84a26ba86
SHA512 74eaa64cd400063227538a1f468873793c06df9995dd70b1d85c5fed9216398caaec1e155a8686a8e12b2de577551de2f4547b93e272924abcab8a39cdbb4814

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 4a479098d6226c0645ca2cec4ee7e807
SHA1 caad925b3dd38f9b04524b45b1ff07e8efb6f895
SHA256 459a5d38f115e1084859351347e2dd014de9e66fa7ca480713affa67d36b0b6f
SHA512 bd17fe1dc13f607b2be34cab7d7264abf35c1070f644d979707756b522ea3fcbde893e1fc958243ecc5c09f5a402ee22ca2cea043a82da89eae589580ce70c39

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 595d7ebda72c24dc85192fdeb7834247
SHA1 5665ef0dc6bb012cb088301683a2358ff916ef0f
SHA256 42d3657bc7c822ba72118add366dfa1a8914c2b710a3aad1d57b9cf440f4fe29
SHA512 9febc29e41161a355bc1fac9b037dda9febde50c61913a8aa050287a991bd41dd564bc63e97d7a23c84ce86de109ba92700c76209d69a915b279b508207f1e88

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 49ea2efb7b81d06b922b3a007c7413df
SHA1 e9475fb0b42602d5b58b24d70c572e878c08c290
SHA256 63e9ea4c720fce5337cbcff91ea9857f8f121cbd5ccf3407d7d54d5ba743f8c2
SHA512 bb4afca39778a55b0c477f0cb71595245c530be449d76665a82464d7ef50bbfc697984d08ec768e8bd8756c8e6b24b24feedd9403fc4dcdb0c7daa53bf4cde11

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 5575ef87a86aa02715591a591ef42429
SHA1 14bb272ad79cab755a87c5e64cebdab95afae6b5
SHA256 fe9d47dfd3ace5766513e3d42b013da885e3d61849a1757ae34bfdc90c618366
SHA512 16f073a1753dcafafbb32fb78669019f2c263200416cc0f728587ac10c27ea589377b3e6648aa4f5da773ef07884fcf805936a89543259d3b2d1299d9444b598

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 e0b9325dda727f2441539bcf7595d511
SHA1 527f397b89b56e4ee637e37ab37ff160ca629fbd
SHA256 104bf2e88bafefccf39b0ab0e148f6f8469ebefcca90c7dc1f563c41adeaa094
SHA512 068659461aadb69c6de9c8d4259b460e1ae469b5979bf91f4fc7c661c6de855ed0efb007f40a61d116fc3eace1cb05b11395d47a8d187a0c3249e8e4960ddac0

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 b3213c761f90219488f79d6358b8f60d
SHA1 22315ddaf556d37ae5f75a8d8837caf0615ff43f
SHA256 9ffd192321c62e9183c5aebce1fe202ec44c2c6b20a1d2886b0677d14997ef5e
SHA512 64979adb2f3d8b73c3a4d8a8befe5a6c57a137c6452d71fe6187fa55a0ceddb74e12f6c20107c23e1056dcb953b6afae326c7f77dff59f75a94ce5cd228135fb

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 ed400a8a00a060067b229acb30d013e5
SHA1 a7604249ea65fe33a0db1fce0bd7d2a50b43e865
SHA256 4349a07cce0f74b3d4cdb2904128bfea429536199362e666349029e0bebb3005
SHA512 8ad1114bced114db17b5b02f0576ad5feac076e3d29ef3beb5812a06277e4f0122f1610b557d2a99649d3ef37545b66f419475dfce98fd2a7001e8aa717b32c8

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 72b05f26f9c61e2d3d3c5c50eb5a8093
SHA1 cc6fadcda9bd7783bd35402703179f47d2bdbee6
SHA256 95144340cb6f21db00bad84771f6e9353fc4b8071b71ee9dc923ef5bef5d5ad7
SHA512 1c25fe0ebd0f8423f1736a9df0b24cd5c1c4541e784d81599399c2d9929d0b819691fc06d15787a2313a64d1947e5722bb9bcf1c14fca72aa4f3d6dbd0242503

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 3f83d2be5ed6c8be85a2061ebd79383d
SHA1 10726b7e9a845e203ac88e6ac40c38c080146ee4
SHA256 36bd0d1ecf78d8c577a67d129355bc609ee0a3c9571f37485cca284831d0b531
SHA512 1957dc32e8943faab09ce531efb30140525b49558754519cc472969d60acfb73413e780f7f2dee3a88aa5a3821bcf5b8ea1d65e5a135dc51e07b0f3811d3848c

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 0fcc0ee37351399e418036e3c28644ab
SHA1 f05ff9a0bbcfea9aa5cb3bf27110b7d5134bea92
SHA256 ec64bd580a4cb2b246526225a62fc4ca5fe99b83354a7410de032b7d765f9af3
SHA512 5db6f9538db4f9888348bbcd505ee4bda02e1d10db9e5b4871507d640a0519a69bd5537df866c4be8ca87e4358f38a45dff65db3646dc350027c9d3e86f87a79

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 e544399c26e162ffd32f8ce6118b5ce3
SHA1 700e2cb9cf47972a798bd4e321b0122a568691ac
SHA256 63115f0077c1aa2a36325eaecca07757a075cebd60a6f4c05fa0f175d41332f1
SHA512 63d4e71f1c32dec73c8534b25509c2d71357b22e51286f43f00b8db7a098eebd93726434a978e28fff8319179fd75a7cc7e6840eb1241cf3c5634eadf4566374

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 235fa112f35d140480d2cc73fde90a40
SHA1 ef6c208aa63443d3d30a19fd1d82e15f5e00b093
SHA256 cbcf3b1e01636b9e87d8fb0443faeb49c7bf592567701b35639bb3e175b6cbc7
SHA512 330e5f0747f14b869e2545a5fa59750b2b22151b362ab7fbe303fa6d5f6023e9a10d05f07d47bc3266ee2ff4b5313c52a3b8a8af9e675b9bfbb9c84a9dbbddad

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 3a517a43df20f952ec07e187f6cfed52
SHA1 d9210f11f89fb0ef9b02e1571e8eef0828a4998f
SHA256 02cce3250c96aee8195c411ad1fb1cc97737360cd1becf5f0c38627d26cd3213
SHA512 2aa137dce5506fbf0f0299e6295b7863941ab6485d8c6ae3e1ac704537d85c414b4f2c4c0c27ac8c73fb50d3ecd43b2f98ec57e99f84563d91771f4392952c66

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 23f5d22566e5e8a8a8fca55c6efc52fc
SHA1 781177c027b306ed0d5f4bf3cd20eeb8b2e2957f
SHA256 90cb6d995d1a7d8d67d091abd9d57955f3b4ccf3a7eb9f29d9f6ea19bd14004d
SHA512 b931803e08bce16f270191624f1c7cd9181ed364ffafb3fef74a4e2cc0fd35834c740f9568ed5c7d0f9c7b50cdb20e16bd852f896af93ca100a9a4712145f55c

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 8f236013bc603d529bee321b7f3114fa
SHA1 7e2995c9003e89a29504ac6faaa57be56f0cc39f
SHA256 e8ef50139e12d3f7d793cc9b034d5a1e3f11fe960064f97e043376703d49fc0b
SHA512 3799830238df4f72bed82785ea049ca3e58d287cd7d5654617a6c83b85fed1558ab92f4c3473b84d15b01aa4eafea174f6a6417f15fe5549ce0bb0e18b7afa39

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 35243456fd5c3f5b9fb3362b418754d5
SHA1 d56968bdf631dbc33697c9e84162cea7f1eaa4b4
SHA256 2dfafbcac69cec78ff2340d29e5a1cf36b6f36a01ea9a898ab9a34a7b8bfa215
SHA512 0e1138add5dd45d51badca09b1b53bd8cb02feb7460e20e6a8386a10476042d9717a832d2e380559924b56ed94fb5f7f4e1510a505e2e539281aa82072a8b96e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 7e95d7221e1f0e7e3ad1aff816f9f6c5
SHA1 b7d719815de5f3353637560913872ba96523987f
SHA256 21f7edbc8030de8d1a3e5405156f094c04b5a280768586346f82c93fb8b4f8e0
SHA512 5b714ff1d8ac3a152fa04c2041618ebfc7ffaa94112ac4e7577ac1f3405eb35e77474508ea4e38d076ffbb1e71be7dce89bc586892edd34c4d99381d9792cac9

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 a209feda13f3bc12b61b87325546cb2b
SHA1 943725237d48a91ca433cb41a0ed35d2844f97ad
SHA256 537ea39814f4b6f165d1900be34089a3a37fa85b2a0722bf342f57e9f944c1c7
SHA512 ff4fd2db14cc50ae908c968f00e3498db2de2f32a2201c765e2ada203715aab099bd07d2e7116fd1799938910fe846ce385235ea8393663ef09b00e995ea0596

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 be4d51b4cf6a2a3e067cc5b3a40def9a
SHA1 5bd4c8472d14fdfa37675cfbcc1896a0fbc752ee
SHA256 59d53237c190fe48050d2ca2fce2de94e1cfd2ed52ea60933c257cbdafb63c9b
SHA512 3e066dda73f6b43e119c0ade707211dee9eca62c36da83e8690363affebef273fcf7b8eff06b0077c77e3bdc5874d0629c93fc1bbc1d2b097a8356ca4465d475

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 363717ea7c9ecf5f396f7fc31e3d40ad
SHA1 8ef44a0000f3a01492ab535c814b29a44784fc95
SHA256 66a9a92d2d5b400466c9f70cbb9bc3f4d2244074e74ee8f52b54f021c69f70e4
SHA512 72212861cf2705921ca41033577629f9bbe77b64057949e633897910017b4ca92e32d72dc26a93ddceae6d9e20ac6387b12e03492ca99f24cecb31ce5504b57b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 4e5f8e44542818e7bed44c6cf1ea6fbf
SHA1 b05ee3647c871ac319d0a3b81b4985295a07f49e
SHA256 18503d932f2ee725e689556e6d298fbaff34b946035a0eeecf5d39cb23e847cb
SHA512 ae7736ca60bdf451c46cd91f066c26b30bd3bb1873a95587e5c9f52295db4694e24e8af16c99b5a8d5941c004cac51c2188e4333a62061b6614784167f9e973c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 8f94f15dd686c288244be22d3c4562de
SHA1 5dc33b4a5768dcfd40573318eb1bc474c8a4ba06
SHA256 7613c010c8f396a74dc862703f36b0a9546f5ad97ef7465707fc5214032ff4f6
SHA512 c2a6954cf202abe5c4b39c4c1dcf8cd164e0f4e8fb22c2b9d050d5c300beebf1728662fec609f735032febd1df8447167e71ab0b4d4559654258ff1dea83e400

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 39ecca9ebd438e1541237d76c97ea5d5
SHA1 6c14622a8bbedfa16382c0341383ecc344738bbf
SHA256 1c2c5629c246f8fd12fde28916c46e55289f6552a6e7290d25e97a1760306d6d
SHA512 78cbb82b8f6dbea90f196c194adb6b9b8ebd3f3b36a1c6b3230f007758efdb4dfc739e1289ab65f982fa68d76df8e91150bc2e00c9c1cd9ec491e13852283420

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 83b5e8ec6c1befa7aab76618134670f1
SHA1 9c34443d7623dba3ca98c646ff751d14f9bf9faf
SHA256 8e28f6dbb0c1fe4b35ef220ca864e91a1b8e9ee40bedb9a0c1d05dcc3e18955d
SHA512 f5119dcc1e9c60413e03af71770ac97eef79c56e8521864c8490ca50c254fd93f2bdc7c6ef70a5d84851661f0de7a71d94a2cb66e14201cea9c536dd712d96a6

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 7931052df8c045ae8936801dc38073f8
SHA1 1805e5eb087db52651f85917f56f439ff1c50aea
SHA256 624d66655da52c91e0294750857868da6c66dfc04d30a140b0170591db5774e7
SHA512 3a121c7c615be6872c7de87603a3c6fb27c0051b919fe7fc46c500346a43e952ccda9de0f168a5571c582334ec557f461cdc04d1ba1acfb042d4f88b0490d5b5

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 bd925fdf07df8f2893fc20e50d13c048
SHA1 8595770aef5ecf73eda4e11cee87e45b1533b05c
SHA256 712f0d395180a146e2fee73fc637d4536a44aa1638487a475f63a61454560ce6
SHA512 386a70034f9eb4370ff6962f85edd1cc695e71aae56e0dce011bc8ccbf238087b6d63bdb1e1885fd912be5245318c353d140edbc5f88008345296525d28f6d58

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 1dbe7854a73c1f6b0ae3353cd49eb984
SHA1 01fff4af65be53530c0000a883b6eca5708469f0
SHA256 9f6a32c046a55233c74921597bd2e3e328d4a22a805c01c22bd81cccc9bd387f
SHA512 bbf178ab72808ca67e7b09d87418bc3e1b3299f942fbc74a298e91d21450602aab898812a4971208978ba177cbdabd43f5d000adae4a94b636c16977d16fb2d9

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 67cc1a8987b5f024fc7c2b6216f62367
SHA1 9da6b4f3bc5ca13e4b6907f0617c14804b80f585
SHA256 f373feb787da6d8858177c6caf34040414ed1c20f69cad272293833265a3ce01
SHA512 182268373f936a3679182a7ffc4026540ede016e7d23011dbe847fcd8d0a2c216fa83ce72d05e51ace6aed00ba484e0f9d860b5f36c3f776226a841f9604a6c0

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 214f4ee443e6d20aadac213208d97166
SHA1 ada8c25b21ea56749842983f619ae6b35cc4c8fe
SHA256 234fe88bc4ffcc628ceef64813c1f415e34bef2e41e264264e4a2b91b516e5e2
SHA512 04a1bf9a02292c96659690cfe42d4afbb468d9a8a7e6b6ca9dcc7c94a3699a7d6afd6ecd4e0a10b7e49962fa00267bda5dfb3fd0d2cbb52ba0b0da6b2449c67b

memory/3288-1432-0x000000001E200000-0x000000001E6CC000-memory.dmp

C:\vcredist2010_x64.log.html.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 be7e6c468cea9ef65f81853d4bac4be0
SHA1 0d7bc0972a99e50ea814e7508bc3515a73aa2aad
SHA256 b6e38b0bda1969d2f8745aa9df993c6744c90453a99c25b82d1e14e0f8701f7b
SHA512 5d1698ee213ff419054161ac9cc5a307f548f5799f54a208aec573669314ed50bc9938ba86677144f51ab7b38502772520d663bbf4273b18ec628c88d38d3213

C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 d73948da7742a2ee736de53ad7c60dac
SHA1 0fa133831ebe8277611e40b2751de64855b14484
SHA256 f551de4ae9805b7df2d2e08bb6339e78e45dd313217939cf851cd7ddd927f863
SHA512 bcb8a64e37eb0665f621952778582c1b725b3bcfc2763e40ed56d3659109f9e066feb05ed07c174d040b3499af53c61bc776389bc1fbd56e1718f75500a26358

C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

MD5 c2d51118828ff695f75ef028b1e800e1
SHA1 0555a4e3eae13b8e48160e581f0e53b541ef8c5e
SHA256 1f73b9c59b1fa9122717984a5035b5b6ac2733a9319d2cc46c508e3234d843cf
SHA512 c1f6ac5669a263dcc971fc8cfb97b39ebc1ccbdcd8e39cbaf214bc92f8beca48b287233d29e2daa6c203eac5b4f0ee3de39a35d79769e38b30b5a4df24943e47

memory/3288-2767-0x00000000010D0000-0x00000000010EC000-memory.dmp

C:\Program Files\Java\jdk-1.8\release.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 61841237d08834064ffcde69e572863f
SHA1 2fa32f328a2fd50fbeff64c77047b4811c2aeba5
SHA256 45fa169969685b3812e5329d1c70b654131cb7fe3fd2bf9d2922838a5d17207e
SHA512 d8a57f6eecc8d45603ce1e6765bb8973e22eb6463e19f55b9dc7d36590aa85566e9d24965937375eb9e4c5b4f78e698c8d9050c90469afa539d94aa5e6143898

C:\Program Files\Java\jdk-1.8\jre\README.txt.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 4eedfe0dc80bea1a43f0f61c74702943
SHA1 3ae7620d777df3bff8213e7c589768251905fedf
SHA256 672b8a1af8ca20b8879e8d87aa5194fdf29abe61c4a915dee850f2f84233c84c
SHA512 bc7244608dfaee2ffa3a33b477267e04d91cebea9604a59ce46523e36a60686ba8c69bfbc162b0fd95a76e1da72e3853e24ec15d90b828f38f74c30e0e988e39

C:\Program Files\Java\jdk-1.8\jre\Welcome.html.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 37641395dfde9876fdb21af43cf5b118
SHA1 b90eed458d357c16c9fc3dfc50141f1fc874cc47
SHA256 7183934f838378e3a33868d36c519093efbd04eb1969229673b6067fe779d15e
SHA512 6dd57317a7acdbe24d6faa3d62caa642481b08ae2b8b5dd7b02164d716902c9488eac74c2507b7ee97d71c6f23b8d03fdce50b44bf569632d85113d4d57f3ae6

C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 683d8a6055ff778cbddc32bb73bb9196
SHA1 a696fdff39455cbaaa4632e55901cc4ca49f1994
SHA256 20eeda13ced915fbd5c63a9ee29cf03c039f4b3385d0002eda6dd70b482d38f1
SHA512 56bc41299296f1bff4ac6b5005adec8da079d8b4b03995655e436a6ec579f3422e64e448756c5c6b57dd01613a2891eea581d68ad7e73b3d59a3d4d08edbedbb

C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 3a40e1b472a75748cca6c41a1e991a5b
SHA1 4b6a322c5ded990020f82b871b0fb4b8151b5fbf
SHA256 8d76afb640e083b9f4a993058b128d081aecf290f28b5c8f96575f0f3ce535b3
SHA512 a99a581dc62ae1b1561b429baf51fd972298ac9bb389bd5373f13953bab606a00173c1ea02579565b7e8076dbca7093b97f71c2e4a5c9efbdf2b778318e83cf5

C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 6a5da9895a9faf016e57ac6ad4e669c0
SHA1 f7774ed44800558dd2144679fe29a576c27c58c0
SHA256 49ce1bd5a332f8572da2100b7c46d907f30d5a6921acb26df6995fb9b5bc47f3
SHA512 61003a720c931dfc2a6a6260eec7f95d906a9e8be65a1a4d2f89cc0b5daf0f76a3ba49be9ea0abb3e6e686e434981fc1d0efbc4afafcb39ad3fb77c5e650e82c

C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 aa99c622c6cf3a0cffb79ff4ee6be0d8
SHA1 3fd0d82ecbb9353e248c8186ae3eed2990333c12
SHA256 babf6dcfef5aa5de8a56117db9b3d196869db7071cf2e41618745b4f21c27598
SHA512 dbc8dbeeeccf4890da46838ffcd39012a561f901d96f0cd72a57e23542c112f45733e5e34472cc133d10e1f7108820e53c4a0b7cd5c9287498bf22805e5956b3

C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 4417c992cfa9cd82145294caddb12574
SHA1 a2db4da4083a6bbdc2c6cf829d127b41713f4168
SHA256 503baaec49d9fec586e55b1da3996c160ebacc8b9ceed53aca19e291d4572afe
SHA512 36ff5201878508aa1d5ebc1976c5a5f2ab539c0db670037e27e8b1a3aa92feffa504ac2133d732b2460dea20ad270a4dfdd1c621cd56d85a189baa03f790cd89

C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 3dd2ef353290733c09ef5dd9eb78250f
SHA1 9b9e03a91bc86ab0589e3974a35e8a994ed04822
SHA256 d7a87e774545d1ed16af81f6ea223e06105ec9d5cb5115d143cc4acf7bebe008
SHA512 beba812602ca6de50b33af7c866e8bf652fb7046bb7cd3edc4064e3bb5b270cd4ee6dad7e860478ed15d8a1499744396b13ea5a137699fabf23ceb71929bb59d

C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b6290d01622d401efbc8a519632c4a4d
SHA1 a4c5dccab76e4d0019b3a2688944fbcd24fbb427
SHA256 3a25a9667e415b6c2e30c58961ce5160f458e33ace926f9bba579a332cb8f398
SHA512 3c658cbafe7ab3c1829bdfa846c6a078f3fc156c37826186391b2c58e1074605d198c3947ef6927a2f5935cbec26c32519ba41c1f7bc9d5013b9d9a2591f594e

C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 99eba0334a9a3108ebe4980e97d05017
SHA1 7c043604cc11ce2fdc0f2548d50849e90f7db120
SHA256 4790b44560174fadf7722f44bc13a46ac6bd40b6f6cf88cb9bb04cfdbfef9790
SHA512 ec4016622bfefc9a179e64b28a5c9870c8157afe550ead6c04659a362804dd17fa61b511c570cf3c7c45b319a7765a1da0b0be562a9a601aa3fa183590e0d717

C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 f286a336e215a5e7851847a3a64bce0c
SHA1 b56f0668b5de1a38c642c27532bb4c516e687ee7
SHA256 ff4df0f502c13ec669975cd3a3d32b832239ce1da05e41d64137ea1007ca25a0
SHA512 28b23eb1e517233c79e232444747c4ca0d9f1f1c28e9e1932635fb6bc2dbb28f1bd19e7a289d71298136950371b05bd7e4fa9e900a2555404ecca2e81465d29c

C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 01fe6e01325ad45c48ccf5e01e0e1665
SHA1 6a0f6f404a80b9918e628ca3b073933856b159f2
SHA256 710730d94b131ef378ed820f36fdcb1f91493d62e8b1f9faef90e44c5895fe23
SHA512 6d3861aa4d885bbaf9513aec20b0c09a5c05be490a9af240dec5233d089213cdf1512b0151ccfd157db4d44332665c87053e77bd6732c9edef62efe54b7326e1

C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 daf87d9aee38f79bb502b71c43f7870f
SHA1 e7be778038dce9b6c52a8f582802747b99f8ee22
SHA256 992efc4455a4ff038736d7fcb402244c9a13e3da4722f0625a6b4db65c7d07e6
SHA512 515671801f26f43c3cbd33d9b1b1ae78bbd74bc57dd9ec8dd925793be5b4cbc8c00a177d541d9044a1a556dfbc49e9a28a86bb5edca9413911b3ac6d12cc0571

C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 92f5931303b95bea2946de0551228c27
SHA1 d1e4fef138a995341fcbf92bd8a05d0af20d8739
SHA256 1c092e1407df6090933c8197bb681482e1aba9f6f2c9209b67da46e896bdbbdc
SHA512 8b35288e4f4c4c7e1287ddd418cfc8a1f8d446a9cb284d379ec78f1911d6a9cc566f666246b760a942dd5be496b2994526af8953857a7428b88b43b521a46409

C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 63373711d7d2bdce0bc39f93d66bd068
SHA1 78005fb80a46266e96f469c388db17207ff42a4c
SHA256 aeded8a4e48760bdbefc640f49d71391249647c27795c1ad9666cd8d153fac79
SHA512 3b7cf30adc54efa2c8856318dc7bcdd71d51d1bd2dc83524ffe15496c82000395ed3f739fc7044d7934ae41a6b999d90f10b882d5c0b1c3ba45e3b6a298aa1c6

C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 ea35e9c8dffd539bf0fed1ba93f029d3
SHA1 ce72a404b5d57c0e429908147b94ee5fad8224ee
SHA256 e332b545e8188e3d4b0157937d3c787fd11c0f4952c199fd143afe7e7438085c
SHA512 27ce46e37f6e08675e84bf0e6970e30247d961e43b3e692413e74f4dad192cb1c978d5c7133b6636929ba2fb7114bad386c76618fe354902e506280cbdebff31

C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 eaf8e2cc34a243028daf6a1bd6abe8f3
SHA1 99884e32f28f1b668647ed069a7024d086261df5
SHA256 d4aa046538f2423dcb6d91c51710b4f5016f98130271e0d8969a2e87d552bf5d
SHA512 36db0b066aff2f7891ffa800c16b30d0fb69a4dffaa31df39e7e1d4730490f22af76d38678ea781e814774763db80940443cdd80f23dd83dcaefa9ded38a6636

C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c920c1aef1fdfbe19e5ea089a8847287
SHA1 8942979b2a51f680788705f0e91a54d68ba61620
SHA256 ec3ab64fe8c15c3fbf37aeaaf6c7f74fb3e871c8aa0a5b897da5f279191495d4
SHA512 f649ba7328b4597d6181688cffe2755d8e8ff87f15fe0bad71bbe29ca745880fab6d5ae62f0e20e160e7e1fecbb4e10c4ae4e8006b340f45c5f15e32b7606203

C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b99306b60c4614ef44e27c0640884bef
SHA1 07f9a710c8a2c99909ad3c91bd6be5200e5323b6
SHA256 4a8a92ca947f679f1d896019d1949f6fdfd1cbb0147a35fd69023b12ec473367
SHA512 3440a8dc4af82b37b275a8f8a9117324902a96ec6fd83666b6bc3b657394e485d2c01c7b396dc0f81db9a92915d2b40a452ce725576e42f584c08e6dbf7b49e4

C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 02adfe39234a34c0e36dc55a947dfb50
SHA1 c68ef02bad097ae559f4278a14f7762adedaa4b7
SHA256 f93edc4cb24ba196e6c50d157f0781b5134427094290a16495f0c52a0fc2f55d
SHA512 dec473e0f24d82a5e3bfd258087e5fa49922341f36a321b622586034333b2b728c5bc1907bb55bff4236f4ff2c87b39986ee3bd943e762db268ebcf368ded8ca

C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 120d221dffbff444efb0e0fe2e136a4d
SHA1 691a5b52ad9b08dc8e81c63b2823c02742df694c
SHA256 3fb75233b611e75dadbd02c5ce0e9244fed4f2702b2f9a97be9f0acfb6d6bd24
SHA512 0e9b41c034ba1ecaa2528a005d8ec389feafda6e0f158b29767e003a9cd176d1748d096d85f8bed085f3c979be3bc08af11bb01e64453ed1487844c061d892af

C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected].ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 bb6988c7b5adecb740c4e6011716e519
SHA1 134479115de8364dd80aae56275629c2f68dec22
SHA256 59ed0df988ea9d05cf31d658d5a248c769d4ad8043bb448a91ccbc8775ecfefb
SHA512 7083cc5aaca035119b2664dc6ea3dbd786b7da1d2587a30819dc1ed0c1218709c163e91be969f4ab0af876618f63dcdbb4299b665331cd2f7997faa53ca48ea6

C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected].ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 6e9d00eb48ef223cd57faa510b4d3b0f
SHA1 9d490489a3510359c56c2941c5cb8f3dfc0d6264
SHA256 0fff4df1b638710b8781e4a89352b709639824d1435f29780cd231962e3ca191
SHA512 7a85f875908f37f931b651ad80359ac469482fb85de44eba996ec94a5a6080bf02f7fcb4935dde75c4f65cc724ee2b0381fd5875edb8c866dd8975e1833f9e98

C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c2844f69368936891b79af4b6ff399f0
SHA1 a502526d75a1561ac82263e9bc667271e444e1d5
SHA256 4dd03137a5d12d484c88464a13f4c21f24cb6d18b926c3e7e881c8cb48ed4dfb
SHA512 9b881db11cc4bb1399f32aefe65c144c82249351e1ab8ec303c40031d3297ad72b6f895c2802ec1a5018175fccaa8b2e02b76ea867d7378619dadcd4437fe0a5

C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b0be355c52193bf685a39d2f27496ebc
SHA1 421a331e38f98076e2aacda7280869751f8eb18a
SHA256 18aacd1ce3ea85471fe750315f855445447f1fd325c557762e1bd6149aca5600
SHA512 b98e1f6d464b2c146ecaa7dc82292895d96c1f77733b1e6722848b925b0ce2178408201577681b3ff6e32f075b3962658b27843a765a53ceee87789c4294dc0d

C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 e52064e0f688b2851d06da64bcaf534e
SHA1 2995e73f57b139dfb786cf91cfa73a3e12c3130b
SHA256 79c5a495fa376937ccd3c48e9f6beea44b944776921a1e624db5543496a80536
SHA512 df5811e0742cf5547ebe4f9bee15846269182d96baee87279f189d7d0df1c74b57b7d29a3452ccc7f7a122c858e8412537f9cc0ba32361612339b4c6cba6ae0e

C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 431d0b9de75033c638af4c72b5934bb3
SHA1 ee5cf4cb6cf3f8891b425fce488d96544c78aced
SHA256 fa584b531ce0c3b0d52543db3f19803e16ecbd270225eddac045a61bf93c5850
SHA512 4ab34a86eeed2d0cd160bd0a8fa01f7c9eb60627a50fa8d9b0b9d680d6dc1169f109c8d21be58c97a241940da926bba9d0e320530c2d30fa8b579b7cceb52053

C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 75a2afca650ae5bb9563ca4705fb332c
SHA1 b4e323d5370aa9ee3afb4b9ecbac3583966e7418
SHA256 6371efdbb31fcaff93498e830460ba9d9940bfa21c8199a1c84e8f66043920e4
SHA512 23b384de860a4365f9b8c41585ab60ab7ed1492f5f498d3187765f95a45cc731878cfe2e718fd8afa1c3f7cd47fc2352091c2619addaf57968e6af35451f76b6

C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 36fc8d7997595a1f8038f9564771c1da
SHA1 d8c6c6eeb7c1e2ff683bed4896869a1f9b9cd627
SHA256 a65e891836f285ce3787a850a62cec3e614a847ce4fc9a46e82df390fba5c3b1
SHA512 a9c53f5b6f237e5c10ec14c5de140fe90df68519558e0f776d7b11d236ca54e27f4659282afed2466c88e5ad066155b97d96011e6e39d019d12b5ee2602d53a9

C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 7b0a8542131ada7aa74f954f0e348aad
SHA1 ea770181813c53ddaa36b2657f2950d46ce740ec
SHA256 c6e290a2c5bedd798fcfe13c8ff0d037a9c23784541ab3902732e0f05dd0f488
SHA512 765b2ac6c71c7b14644f38d27b98ca4c7389806bbf5b90366a720ac53775caa3f288ed12386130becf2432cc9785d6ca41c2f3f716acc28f453b9bf208da1e14

C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 146d62dc9ceb86ee609e6b47252e9e0b
SHA1 d14d73aae9e309747cb2008d8e1a3dce9e500293
SHA256 a7732edaa08c61c0ba42d89093831a86b26311d5ca13b33d0fa3b9b94bb3ba1c
SHA512 1e451d94878d49c6b2c5b0570bf3e46cc410d77df1f4633dfe0e3ca85f52c25a79698b93c850eb76432c2305ee8ad089a53ee0b2d2aae0c2dd5eb2fb93f4d5c6

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 d88f9d7769722e877bb44102eaef0bc4
SHA1 cddba4a6fca0410a0cd6a724506680fdcf494223
SHA256 2082eb23a9b29d352f2c514451a0b254afd5728780b9f28fc85258cece067105
SHA512 67a8d253a68ecf9865f505025b1786410fa01597848177b3047992e3c0e08f8a7c40458e6973f02cbb7a6acef5f5cd63d76eee8078c8fc2e53da5f0fe9a6f0e7

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 d7f1a8b62ea90b2fdae08a73154aa0c0
SHA1 d3e97f8e149f4d1495a7bbd131785804e14bf084
SHA256 e6d58a55a08369cda1e87345b8bceafcf22e2965062be79fa9c43f30bd821261
SHA512 a0b837575e9e6d97aff27bb6e55a0c19ae0c33323d6a19f96a2201004b5592df067f6b5110e45917a08f5c67293df46387b64c10f6453671530e764e965cd37c

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 9e39ef326903dc10759ffe3de1c3943d
SHA1 447a9e5fd5163cd8d81c5faf98208fa029d84f4e
SHA256 33900b3be01eec26efd20fa7b56900053928595f1715d497d56903a64fca4ed6
SHA512 297f2eef715e3f91b56cfe861b8db52f12e1c7a20ed856b77f1bab2fddc24a04b6f6c9b0f5c782865ca2bb93863f9c89ce47338e9e98574d8dc0ceea47d04753

C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 d2071e7ccdc1af578f7846f5b52e5d25
SHA1 4e730749a18dd3b9f3e24e04ed7ebc9c2dca3e7b
SHA256 89a3985acf715f4a02c69f51494043680fdd919640f2f40e08d5846cfe01a677
SHA512 2bb5803222f1f59dfab42e568de304d65af4342f4e752717d781a904842db49e16b77a7ef32d3a10bc6f2453b2b002be2fbfd0c20d5713adee1c0fcfeb4e9fbf

C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c7591ab31ea0b88e9de6d9e8c5f3ec6f
SHA1 a9aeaa0f119e3bd6034e7e5c09d5d8f51d97a38b
SHA256 8779f29c1a46a95ddf84dc9ad319cb778a7f3789957e56a0117211f4bf3a0018
SHA512 48a235fa7f14ab8f0ff1e4764a41548add9270a7e14e1b3f0103c3904ad3e9218ddc4d03f6e31c577089d70a35c2080c4f02b52eda0661da8d3df2034b8a86ef

C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 df605c21a4a72e16f82b0ba64ed0b288
SHA1 3f5fd78bd9e673fc8e1e823c9efe6a0255ebe482
SHA256 56d7b82427fb3b335361aad69ac7d9e38e25424a95e1e79a7fa51911938824c2
SHA512 8d9207453f7b720a967aef0cb96c9ccbe06ef05af9b80e3f57a3003820af5869da4fcc197c94ef0bcbaf60c4e8efb23c7cc5022f275dd743c7c6510fb4bc32e4

C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c4e84805a0695bc182bb1c4856beb514
SHA1 ff4d37989fb68dd945424aadb9cb54017a8c047d
SHA256 e7f1232f1f49509a6118c749951bfa9247b9a858e2e4adfa271dd096a4e4ff79
SHA512 b1a7bf3e7cf0f592c0f3b489e56c2ef3b293c2534ac2bbafc483c6f3db840795391c1b27f2835d3c16f3be1af4db48b6f87688c8b9b521f5be967eb25578f2b8

C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 5987aea3febd97cceb2a192f699afdc1
SHA1 f198467bfd03d0d8676a403a68f2a611c4f3b24c
SHA256 58f7541d2c776830c600c3bc8ec9871358fa9a18cf3b9e4486638cf625242209
SHA512 d6519f62311082edbe469606a5d01e8e3d1b60084ed4b87356e7fe8030e69ee8b9cf47d8888a50bccd592ad07b37b58a2490d026601601adae8560310a91e2f1

C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 ee6e95114589253629d75fa9e471f945
SHA1 07cf99506c2ea58ec7e69da8bf05e46c00b119a5
SHA256 61823076a05bb5f3f303eaa0dd2f286606b67c3611a9275c212e9304923f4f5e
SHA512 4b7c14dc610d1fa200e1909b647b06895b1fb4c1de1ed49d619e37eee24f2da31fe8167d7008dd81d48fc2997b787c97b3cf341d9c712956eeb32342787d5a18

C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 bb88a351d953cc5ba0ffeb596c870fa2
SHA1 495fd649091b0ab741e21431023a1d6add40d6e6
SHA256 c74b44ada2aa93264449597cb7cb56c86ca5cb34db4d3169e3eec3c7ec4931c5
SHA512 bcac53f4d34297978a97a0ce0da1f5f040f2f4668a477b0a914df912605142b20257ea868222278b6234ad0326a9ce561d95f3eba05ccb7a85ebb43fe86e2a12

C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 8bf7696e5144c76f42a12ebf275e06a1
SHA1 987aaf479cddc795777f15f0165e34c64076ffec
SHA256 0d9a8cffd7ca57c5c0742a71288c225e4f9cf2d9917f3e0bcfce240336936183
SHA512 c3cd5b8297910ef3cf39d636dfc28f1a09a64c9b81842bd9d19cb9b460a795a158d473dedcfa67adb56d75804ddfc8b5055114724c6aba3b41787b58fb315b76

C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 0e8e266321d7a8337ecf2d52a7348fe8
SHA1 8c9dd9eb12cc2fe954ef410e89236bd6dad0f791
SHA256 9d2f3431808b76ed72f0f96ee40f1e839c69970e5c679426852936d73a7da249
SHA512 3fcef47af5334002fe8d956b96dfb510ba15776183104b24de6b73ac56640cebd9ce8eacec9a6620177874b2bba9cd2c7c2c9d5e936bbe040768193c024350b2

C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 8b416a0bee178cabdd85471baed22cb0
SHA1 35f80ae68b80263ff400cf5f91969388bd0af375
SHA256 237855e516be5e708fd844a924f282428ba14597f7a20e63f3268d48f129b792
SHA512 de0d01ff0c2097755b550f782f238138175c83965bbadea4138ec9b25f6620036bb6705ffbd23230255bef82372bc2282442eccdaac90a59b4abcfd789e2066a

C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 8d9c584201dd70754ea2aedca984c616
SHA1 87b04176bc4c5a3c811ce2c5ac65838eeac7d814
SHA256 46723770ba019ca86be479a5b4971c26228f2e2ddb993eb14b463f80f93b66fe
SHA512 dbb59dfe0de6d0f447ce3445bfd0c21261e1fc8df990b4cb9fd9dbe87dd6c17d0c8138d8dc02bd702e2719b67f7e8f5dae0b13e5c3d998532fbfaae26e18f0bc

C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 134f02246b2f45f2c84315d01748c697
SHA1 5453b1e51d71336c871786e4c9b3c736b6602f22
SHA256 196fa7203c228055163683b185af55a3d509ae38d0eaf3e5d264150f27d4a1a1
SHA512 877986ad86446a5917f7fbd922f15532aa1ba3aa7a6bdee8d84c70b61a6a7cc6561061eaed9f9aefd74be6a01ef418b823a5e42b99eeec73df77a8979345befc

C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 1077cd4955f731b7086dc9d1c66935e6
SHA1 9880f02710e9f4e3d5cd6259d82670594b1e00ae
SHA256 64649c05d06cd23bcaa6181e0662ec927cfcfb1b92f32e69f1bd591dab3b7140
SHA512 220d7e809e1304cf85f975292e0f263428d2064e840b038a8b9300c650466e50476c53d46aadda30b3e50b1e5e22a396beaf4cc123ce77e3f047b49ed326c682

C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b2750d8a0f36f7a102b8dbe9aa55a4ff
SHA1 6dac39bb64709f6d53ffd42d0d60c622ec25264f
SHA256 bb7ac0a80824c6e9313ed6601d95c4e1c15fb3b2bc779920f283346a4a71a6a1
SHA512 e5a672ea23f805709565bec67437ac35858da833b73bb151eacb7affe9f8201cbc8332bfb5ac2ae54926f2e0c454c6a10c87f18a6d21785d9e703270d1976a2a

C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b594e74ec05a1df12481f43c4e4b05ea
SHA1 80e2553d6407a763596b428e26ef0b5c51e03051
SHA256 b2afa0d8cae220683685a701c857963b78e004bcac6b1508ab70d73702bb6a0c
SHA512 b28542d480254cc617de1bb5c43504787b54e38135cb8f3b6aaec28330915a11eb91f5390b608cbf3767e51a28a2721fbf21e49e47276d08b1565008f48d9743

C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 756c4ef09716270699ca82a6c40689f5
SHA1 81161855bc8b22a9a3ec2d6baef7eedaf87bb9bb
SHA256 3c865b4e927647587392904949dc57e463bcba3ba7476bf5bf3a29437fc41c1e
SHA512 491a55c6c1e5a3326500ba2afe19e27653f24a6ac33c1781bf7805f44560246da515317602af349b58a22469e95796c05c5c6ba0c92a39506c7d21b3b206908f

C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 fb4d536feb28f589134ceae4943f881d
SHA1 57ce77a1fcc0d2fee337d93e77a3f6792d433701
SHA256 2069af8ba0ee319369ce54c9a4cc1f9f666b57b48edea7dfb94e2574e5977a90
SHA512 197e91f93a63d61f89b19a5b32db7fcfc493e5da5c0bb3b84cf073782b126db384677a24cf81269635c9f2f252d1f2c51f16e6e1fd711ee6eccbf0f536e8047b

C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 201bdef376f19afb7fa7c32365a93961
SHA1 4654e6ba135b2396dfd19d919be65f1c768b8371
SHA256 c69cc6c46cb0ecbfb40ec6bbefc783b4f1cf8ba1e1a5d897b8237c06e6f5500a
SHA512 3a567aaa63f9bef9b03826aab1b13fa9615e0becf25b34df5d197dadd4dc8834f324fd0d860f6442ac1b92224e36ae100484fa417bfd6e3a63a17cf74a419405

C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 edea2e824e2aae4af2fa5deb32189265
SHA1 77ddb920dc9544082378fef697470d89fe32e855
SHA256 eef05398693ad0d04c5167708b4190a1001840412e21a80e09650b7c0723b2ae
SHA512 c036f9a9fc1fb3a8f0d5d062e43c6c498751330058454fbd406f5e9417e5f1bc140b741e3651ab7b3a7414f1a4b6956597cf47b03d4b1c060dd098bf3321843b

C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 7668180ea32a2c035bcfb63886203915
SHA1 7d3307c49d5d64e8a06e5de6c4cf3dcedd66d06f
SHA256 bf9880a11878e4c5627aca15b03e37cec9b78e4ca7b5f7b09559ea8f37531225
SHA512 b4b19db70e50d2f0f95ea23b5c309100c0c5c734ffca88c45737a19b4abd1562e1cd245a539c6a31a606be442b97601d1890895b0a2814ae53bc029598a022a7

C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 2402b32c3ff54d6ad2c34e9ee40e6ad4
SHA1 424a78224ca4f800fae1cd8bb794e3aff84e3647
SHA256 6e0b6cedaa256035aa056418fd11025f724ad53d9bb802f9b8e741861de8b141
SHA512 4cac6a1f47b3279c3f9e96eedd930b24cc3719fd4015ee5f6c1609003313f147b8b50c5ca05c7f619a0512e445a200795f02d283f359634c03cd5f8cca1cf612

C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 7eed4bbc548f18824761afaca2bc2128
SHA1 7cba6b70d8264511a6e2173a99c122717e9fcb1d
SHA256 dfc9f13c63bb23e59544a3efd763cae9424a4ffb1ab0766e9f973b1f63d174fd
SHA512 d06a17aeed06319a9fa7a52a53fa15f0443d2e6f3aad75ffcdf92eb03af207cedbcb9e5c4bdbd39c4812dd4f50d4b9f3b84e6db845e14c34d0a997645064e3df

memory/3288-3724-0x00000000010F0000-0x00000000011A2000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 1054493dc7e2082934834afb58f9f80b
SHA1 4843b49fbe6a84d04ba1e65a28fd13f8339b9b9a
SHA256 9e7c1e9a0c417987227c293db0d12ec55674786f492a9cf4ad298b02eac539e4
SHA512 d84f601d075dc7d590b8729808b7bbf3c1f74e8466b9828d0fa5dee430b8c275d1cdeda7c4b720d8d1526a6b82d4a41538eecdab4cc98f38d0b9c88c3551edb4

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 51934a9d705668ea9ce9bb3d44ec6f07
SHA1 84095b8269aea210a8da8ec907aac941450dc114
SHA256 3f5b5313878e0dd2c7fa2e1192e86a1f6c357ea51e8418f6b91cb4995684d1e8
SHA512 bae117c04ea6cc1d8ee68bf4c9cbb8996c0afabb91aa5141cca532f3549321e221e43f0c468800d1d3c09613ebb8dc7834aa7416701404bc56bb1d4edcf33558

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b6adfb4711d1d19ad8526f4d40e4fec4
SHA1 2f145a3c7551e93988818468e6641662d7075ad8
SHA256 dc9f364b43dd9f3652fd8414b8678fe51358860c75bd4abcd96c96e7546cf482
SHA512 4e158ad6f1c19fc108a2b93f833183f8ba077f28ecc5e5ff8eef4ca81004cdccec8911b6a854985a92affe5e207048f753df93c32dba9e412a4e60fd24fcacaf

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 a3ddf5363c19a39c10cbc20258c60ba6
SHA1 abec12e9402bafdcc70f8c41acabdbee579ac78b
SHA256 ed082e5bfbd1c792bbaa2b956ceba3d5fccafdd50e099eb5188406e77ccdf065
SHA512 00a81b9f5ca7718622a1e2854670c781f15bb004690a775939667d7a7f5b2f3700bf44d2b3bcdd2545964f1f139eae52b8759a60f8e330615791a2a6923adc82

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 379542c1e5ab5f0c01df3476a2e0417a
SHA1 f9237e54d7acc9e9cd4563adf42d12859acb0294
SHA256 b440159f8bb363ffa81d8de012a9f6c872db9aaa61ba71558fbad9a5b991a886
SHA512 15a8057e3621d1bf72eb0289835c1b7f1f1f46852fe8bf2dde29c21686f5b89f17e2fdfcc5a253232ff366dae264f57ed4612e0d2e96d2b03771da71ff493006

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 91948267ce2e2b1e72aafb55a6ead801
SHA1 b8c8c22d4995de32a4c67843854bf8608aef50f9
SHA256 65f5698b9039d812b3c610c635c31e94480f1086a9ff8b3bebd45d13f9a0170f
SHA512 e479e0dd04f76a095227843cc4ffa793f4d8bc6b6f76b011b21504210b8e44bed05b466edbe3eb74f91f97e1dd95bcfd326f87d4c13a97671ca9b080f3435825

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 3b354675f5b65851a33e3ea8e57430f3
SHA1 7d8324336a28036a0cebe6364db59edaa7c9bf1b
SHA256 243c3d31e6e3e7eaeb2035f34645b174ae87cbe127c638e2918d59bdd6b46c55
SHA512 52206720f2ede3a1742df8989564237906957e2cc6d8f85b74f3535a5f191c29f5c823c22b45b3dd1d111743975e725e19072f88a5fb1da4348e81fd7b1f10d0

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 017476e48d4fde972060db40412b6cfe
SHA1 320aa814911080e8b858588aab1c36aadd23e050
SHA256 29f9416dd4164b395fd39e9bf27bbd845519ef87bab932a9f5dbd0be2e411101
SHA512 f0507dc48b5fbb20fc9ba4f73ba97eecac0978d932197e9f2a30042adf58b47caaeef966e185d50c3511c2b223583847dec76e56b29f206ee5f4efc861f5f1e3

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 19621d0712671424adae6ab4908646c0
SHA1 1ef779f4aa3f040f7cccd7925b13b0ff5713ace9
SHA256 395e96bb13d654f77fc1219cbd6f3fb9822947e294ef1928b9b210fc0f9ddf6e
SHA512 f64277942094b1dc48da88c0185b0c17cb6bd391df487d8462dd5e6445b5dbf7bb898f363e2af08c86e7e6e31167cd5e7f49b4ffee9ea5d77cc88df6b88721a5

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 491c39eb1ae4e6b408cbe3e231c3caeb
SHA1 c60e1e71811c29a5034a6e4be21611e7b7832b56
SHA256 d07750c58fac96b6e6e55e03a9999927633191dc37d54d8773e59485d1114805
SHA512 2c8a096e677a949f3fa55bc6fa9a74ccb34bf2f044bbc9f19b383e31c5316373bfd0bd3b64d3045031b39e1a9354a253b912d69935a4a2cff5f3fa2e1d497369

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 fa66ccabd0f7211aceab019b0c7cdf79
SHA1 5a18fe4dd0f6aeee5dd5bebab243bf2b93b6d7c8
SHA256 0a3c7ba6fa2236ca89cc0857df8d52f40cbdb6ab6a724dd6d2bc431b2d5f9337
SHA512 5aa1e49b684c98834b17c63218e12341f5ff51bd79c128156e8f2c9c4becd0fec5b955d432f4cec49c49d4b8f7bdb80af08ea5e7b76b43c3b72a7482e1f281e9

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 ae5008acce5db02df650877e4292b4fc
SHA1 f691aec5d029189b94b9e153aff5d35f037fdce3
SHA256 f5b93dea7fe2254d951f58ec92e8bfafafbee816b0effe95c21abce8b1b455e3
SHA512 7bab2b3568d14eeeb24ad116db81715cfe7f3cbf96ae5fe3dc333e29ada64e517d6f2eac7003069d424b7e2e6dcf84c06b29084179fcac84e2eb93d989eb9f44

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 fb00cb1cb02399012abe8403d0fc7a1d
SHA1 ce9b855932cb03e87e5c0ac4a39fc885ade1925b
SHA256 45d5fb16a370e0d34c0fce74db7951e860fcd25d0690153b3c49ecad6d28cddb
SHA512 4b42b81e43b324553e0eedec179e140f326b318d3034e74aa0c82274ad7a2e16a1b448bda47c40eed6ccfc35b839ba733dcbfd86b6723039e7a0dff3e8673828

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c84579e7c2584b9faab6e28312b7adcd
SHA1 511144fb416b171f2c062d2cc2ecf807cae4ac1f
SHA256 df69d383cf55588e446958cb0c52879c6b4d76a6b451e2f1a6c2000ab37560dc
SHA512 d366fd17f75223e26348eb8c51423168315f27bbe0f23019fe10c8699becab2d7d3fba79fe2be9bf305469b5561d61a75f1cc21e82dc4b596f1b3b9001303fa3

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 4b2b783028550fe5632c768fbbba2c22
SHA1 2e25a244cd9cd06c2b5f4ab44c8abb8f12c68f46
SHA256 8ad1efc49c64b225bcfeb6dafd20bb2c5b5969a3fe00cdab939aac92a57a04a0
SHA512 0274ff01b7544ab1efe10fdc72745753a7da1c00b3b5799af61d3e8abed54c52dbb4f3a6646b3f4bc11b2e70cda7aafd9ecde5f8d4044a433b8371deeb3e399e

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 cd2055331cd70372d3210aef8b548fa1
SHA1 6d9d1218743a184933a572787398392bfd771fd2
SHA256 6a13a10824e48080f5edbd8e4347c3170d2cf7d1cb7a8e4e1e86268277c0314a
SHA512 992f6802c67e625d6713ad22694a6a5c1e6209c70a1f091c4c2c1471ce246d4f712852afc2fd3f71bf0773ed72bb1c14d9ca3203567c92f5d5eee299c80c57c5

C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 ace6f4d5e6370cbb00d086692c8fca26
SHA1 392252fb233d161f60d1852519167ded4d47e8c1
SHA256 726d65114acec9ce2f314f5f15396657668cf7ef6c58a9dce506d51da91cee69
SHA512 f5c794854c2d5ee23741491b3aa4eedae9767b0aa269de0b17cffbfb0632067f7987239b43a0df72e45107e62bc57ad31a1a5026b74e7872105f1b1c3f01bfe3

C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 d400f32e5af3d9532655b115c5ca3dab
SHA1 ff379cb14c9d6fd4ce7a282cd66aa85ccc117b0b
SHA256 f86b6ba8aa712f5d0cb4babbe354f46f03cd779062e65168795952247d57b5d5
SHA512 2e5e1f19948e8f7b71490e5b3bec56560efed84e827f1a69f0117820fd33cf5b2235b89a071781173485ead1be3605ee498e45e317ec8245d157191ad915724a

C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 731e05a5810e2c95e0652170369c0852
SHA1 94c6e77d0ca3c216e0eae65f5c5dc477ff3c607e
SHA256 088bb03f723738457356abb04f6991f72ba141f58df07bf8269c468f9ad584be
SHA512 117faa083f11cdafbf3a27bfdfaf2b0a31cc088d23b54a6a09b35ededd692bdfac26ef1197f301d674eb9f0b0d3c18197b77bfa062b07f95a04c32be2ef72adb

C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 d391b9e52b245ec11140c4da2ed187f7
SHA1 7eae58fdd3ce35dff84d5c7b9474a8ea33b62792
SHA256 8ce810ca6be999b01097e55ad39e8673160cdb91e0cf359f0b9ca0a789fa2f28
SHA512 7f4f30388f04353b1e6e463c5738d56da01d11c9edbe28d14e44101025cb33d992eef1e4f834601b967a7a5a894e6e4026bfadbc09c0c6eab4dbe5956503db36

C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 e7b2913d42da40d77b1b5ccebc3a202a
SHA1 55db411239fdad2219e36b4eb2dadafedfc61d4b
SHA256 c5770af907156838511b5cf700097b9ad8704a2a437647967cb418a1ade515e6
SHA512 8d261f9ce059c7fe58ece57cfcccde08475d83293a494bd2770adcc08d96e9c0c012e59e45a6a8d448c0e95910bf83ae9ff1d07c98ebe299fca41179e2391672

C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 4894b0aee7d14f971b85b1b2cce1500e
SHA1 536908cad7b4c338d9efc311c7d3d16d41b8ddac
SHA256 1bab921153f1a3b6ef8b5dc5329311b1ac131e087863c4a6508a8f9995457564
SHA512 eb683df6b00699c7c00b35b9856d17957cc36a4b0894a38c26ca46eda9d3a705f0db5497b3de3dfdcc70b26e10cba7b6a3e9487d63b6adacd11388e40936645a

memory/3288-5078-0x0000000001270000-0x00000000012A0000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 f8a00bbc10d79cad98ec5bf94ace018e
SHA1 81c8b3f6e9bd80779419c68bf96926c290f7fe95
SHA256 7967e614d84e21e0effbf07c1da4e5ca056160b3e570d19d1c03423843636d51
SHA512 bda690cf46bf4779e013efdf4c06e8180a544352c833a3c3f4a5f496c63b0103a6c325a1053b390c4e87a037abefb7042f4798a6664a13c040c828fe8bac659b

C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 33f90a3a39c27eec7666ab34d3bbc586
SHA1 82956fbddfc834135ad3c483e048f16811d7202d
SHA256 566b059d51867ce23fa5ad0b719069fb52f1dfee022de243fd8404751d732bc6
SHA512 6569b10aba88672536d07a83ed7a16de0aa3a062176f8ebe9b21b4932b8fc8b60e3ee70e62f3db2e71b5535366044fce42a3edc89527ccd854bc3f18fe21758c

C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 b76665c0031707386db901a384cbb50f
SHA1 c402147d1b75b28043c79dd576d79ff05b2ad98d
SHA256 b63d7e1a75b9a999c32c578d4a5cdfae6d44d7c2cae558c2192802582fe30f09
SHA512 adf6d967c27e4cd95db873b791add0464b8d2c91c62d10a0765e8dd54b423995c567c5916ebdca9c6fc17adb27888efbc42ebe84ed10fa74f6f37e4cf2f168ac

C:\Program Files\Java\jre-1.8\lib\security\cacerts.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 86b14c231db8de9adac617ea5e76fe07
SHA1 80aa4caf80d8d02ce7258f23eaca4a1294cf226c
SHA256 9aeea031ab40449c5034ee5843cd8da678826a8643645113f11bf287f0b42f99
SHA512 6506e55c5f509b33d4123bee25b042c9e5c3a8174ef4f1e0965642a618d055d41d5480df6dce34a4c8bcbf3c768ede361bca02db0c9040c16a5df05d5e01b22e

C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 4620898bb391546b2d54e5272b910738
SHA1 e39b5930c0cac59db33411897b00f81e9dee3f95
SHA256 7f8bc83a1dc2f8ff81fe048e55b496213e1517e4e3f69a3ee6ebd182c47e966f
SHA512 6c6549b06c84c55e19ddb78f95534e7946ff5baddc7ea7d2d36a3659d45ca8153236cd598c13b300af8634670133b930b6b65a73e1c5aa1f36dcbda6eaeb51e1

C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 3e159600640ad80b2dde5192fe916237
SHA1 a1516dda3ae831f575a03f74b81c3d0a2e2ae87b
SHA256 7e87e89d33487abe18b7bdfa00f8556f41580282bf5a0ebb7caa9d8d6fe73d8a
SHA512 64374ae8c886da4736cc50edd61d2b73856596d082f2edf0ed11628a9de849aef3332d133eded6ded8661319b181ac4ab9d9985ffeac8025946a898c78efa312

C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar

MD5 09476c4ad0c0e3f98ea22d2abfcb01e6
SHA1 379650a611f62333981ba125f1b0bac8fd1dccd0
SHA256 5e219f0da795aff97274f3dca97ceaee125490e10edbd681d998771530ae9a7e
SHA512 a2afcd93e58992119f2a78b2b13c53630b69df315f8e7062b867ec811815774dacd02e896264b3274ea3e4ff948e8ebbef061678de87306d26dcb15926a7ceef

C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar

MD5 41fe763c2264a2c397e615972ebebb4e
SHA1 5b9eb6da504b8274623eae6414163bff6e00739e
SHA256 f5f5888073a79402ca60141a06d81c0e7fb450eae03eb191a99893d0aef5434b
SHA512 b2179877bea26b99fac9ced5be816293027d75ef292c5e17ffb1d25b15e9085a759e545e21a899a67fd170cd575af0642384fbbf485c24cf6684c8f7b52c1a93

C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat

MD5 fea44e3db33da49d36a210adeb571281
SHA1 88dfea24525b1eb900005b58778f92f8498fdf17
SHA256 111fb258a4a5cde5f2e92745b4d5d48f432269f6f1c15699ce6fc5e1654054fc
SHA512 8404f1826af52c14c9dce423f2ccb9a05bc4ed506af4e84449bc635b2d00127c3ba156c8c0e03f7e296c7be5d9d4b63821e68e00bf72b5e906d239b4cc969575

C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md

MD5 5e24d0eb94bc07fa3e3886e7b5ab4612
SHA1 756c08f4db9fa668c6b8132f3c50087cc5d2c975
SHA256 92400a50b0696332cef308af6ab9b6edebb67c9b127e450f052bf738cea5cca1
SHA512 b6e5276dab53914b4be5acbc6238a4d23b5e14ffdc00c63ff1e15e27516054286286a7e3b33c8b80a03a78964468528ab1aeb85847fce4a70c68611946caaf80

C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md

MD5 15969d5aeaa82d75496b9908138274a6
SHA1 95689d215db6e6cc00619319ed3970c9165f3b80
SHA256 140b84bfe22428e134d70df4b31dde48228a2e2207805923aad8e34786708ca5
SHA512 5408b9496f227d3f99dc11af7f82a0e0f0fe32c47e33ccee45599bdaf4b63973dec6b36563c4d9d0d20e77801e16dbd4a8eaba3a09091b34cc2cc2a1c57c8901

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 23a829824f4c1091edd5d033ec709b45
SHA1 22f6e3128df72627b340bf6b98d19638e607ac53
SHA256 0e26caad6aa57010105072c243cd850ab7718f07410650a0c292dcb5900d2576
SHA512 242fb7770d1e4ae09eef511f659075770afe3185309ccf43aa7fe516c0449fa4bdbdefe535e1c8600560f789596e7a533d1bf1d7ef2fd1b19dca82880a5a69b6

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 d87db27ee8b8b2bf55e75eec8b28819e
SHA1 1052cc2e9e5b14e6ebe7ca665afd1899ea0dbbce
SHA256 dd4b070e2da994b5ada4c6e9dfa09cdc8a5aba6a7391ca2b80148a15f02a5b9f
SHA512 d023abb959f2d54ba1471bb1f9fa9248635bad43e66442a633c44a60d98257f099a91bf925a655283490c9c0860c6ea17f8059d4492f8d2e40471faa1cfbef3c

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 54773c1d96ffc86f705898cc31e1f3e5
SHA1 5545acb3c53bf39b2dea210d9b9758b84e3d2eb3
SHA256 0daaed4ac7de70a0516e2e3f9d58c12e01221934723438c2713c07e21df480e2
SHA512 b9c3926ec529f0c9e1311a011aa1a2157d8d6f09463bcf2630010229ef8f6c909ff868bcb86fada8448d47942e61d109ee44c59fdec2e1b7a3633b71f9bdca4e

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 540158a64eba1c3c5d5d2ee69cfcc001
SHA1 8147d11331e812b7a857e9fb7cda29e090a57ac9
SHA256 760e66c006471fac527d046a5fbca47046ab2f8b304931a81e6effb9194ed206
SHA512 eed5837bcdb343a1dcb5338b4b4e6c993e98a6a7bc506ae4fd2e52972bd864fd936c7db6759db8c44b3b97e316e854daf778ca1322f54aea6a2db345d5451f9f

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 63ceef3c3874054ca5ba48d300cc8751
SHA1 1043348696d5b18bf1b1181ca6060fc67ee1cdab
SHA256 a47c21cc5bdaf276cb7b3d6c82c1f55c3d6f6780e0f3502ed6ff954652ab236c
SHA512 953823126ea3cbd83d1c73992f7fc3d29dc7a19febb3008e666b40a369cc634bb44aba483ab098c700587b832f1a7bcef4d32760f2576f02f3f5c36ae55fff16

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 6e180f3d0045cc04189b3cb72bf1247e
SHA1 62cc495e90a3a2dc60bf8dc2ff45630e04c71458
SHA256 e46c7425c721add34dae2a6c122a63f66d8dc146a8de0308df5b6f2f742e77d2
SHA512 0d8e2c288dbf90b62b5da01f4d27c140e929392d9f04ffb84a88ca0f9173b209fb098b9ae6168cfe656278d96e16a5c2c57215cec1e9e58cd0e1fc0386bb2a8c

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 204f551f12c6831e68d7122d40339887
SHA1 99b587781a022adeed7f77c464358705ffe24857
SHA256 c9b297401a838561558e2c1510d4dab901c9c4ecb63bb916506bbec51dc516d2
SHA512 f8f91462d2d870fdb0c0a2e422a2bb5eb75203336e719da16255b354947f8c077748f4028e45da895e1f28bd272cd596bc0d8788d98f9c4a3653131e8820ebf1

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 93d96b0d094be23932e353dd4b2904f7
SHA1 89c09f8515eb4bf0175bcb415de1e4ac8ca977aa
SHA256 8d3be90cd9ab1c6cf59a0ec306a0e01e306687d0d469e2699c10ce82a6a8b48f
SHA512 ab708469569d698bc4e22621811facf280336b57c6ffa79f5ff9dc335e397e646b2f61fc5351c20402f504afb707a76c04e6914b037f7e18ab3e0edd358ea6d4

C:\Program Files\Mozilla Firefox\browser\omni.ja

MD5 ef30a74cde1b48371fb516e00620219b
SHA1 1427366d11f8081076b58f01396d00ec750c8ec1
SHA256 aff58016e20ce4cae1fbb1089fcc1b89ec292f5aa05987102422f3ddb68b352e
SHA512 04ddfd74b4d21edc48d8dcd3c21fa18f157d79dd0f2e66be234b1369c2e31bc99ff63d6f34f6d49207c384496f33123abb9265c3724682f89dffb0e1f75de12b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\673fd40f-abf4-468f-ba14-798387e21868.dmp

MD5 203c569b687e2525b02bb46c44aee21d
SHA1 08b5dd68ff0e7918678559ff6e7ec7b84dae1f89
SHA256 af5e0c197775f05ae622cfc445c49d1e763cc973f691f896d76b566a5ea9c6ae
SHA512 d8a8121f7e6eea5d2f6e9db5fa54c51c5615bf5fd3d0d10a4e9e6f64dc6d18a44f9caf883c8d6b2b0a1c90b18c7d775a32f2ec311e70f38a7fe0a87015256543

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\LastCrash

MD5 501bed027d6220f163837e1e0ae4b71c
SHA1 20ad0ed818776641ff9648f27ee34d2e2fdc21f7
SHA256 cf172817fddf0007174e8949b96e60b38aa33872859ea3a896de12d4eacd89a4
SHA512 194c0f8933e83ba08513c529ce323c4814bf0a3e951363112d3d6f9aa1f3ed199350a4a87ba5d8a6cb0c747437a1371b520a9bb062cb517e4b69432de7216b15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\e9f0af2f-deb9-4034-89ed-a821b3692f90.dmp

MD5 b610f4bc184577b5067461988037dd93
SHA1 30af7d5ffd6e474c3d69f59d91ed4a2becffee74
SHA256 286a4962e54eeaa4a1ef12652b19a74c0211544e0ef51bdb1d9ca0f144893162
SHA512 6146b3ba7be138945f01534df2ccb4c030452d3e938f69bdf038662968d26d078c710c93c5dd6636e1b4394feb88d58a228faaa8b1ec6d55341627b307d87ed6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\compatibility.ini

MD5 170ce2c50c8496fe8d0d2febfa08c06e
SHA1 f4b26b8d9fec9a9a7514b8c66a427d021510a375
SHA256 75f315800fe5caa702c2fc68b93dde1749fca7fc4d68cf5b08ea4bcd8dbf8387
SHA512 2077c20a8d1840932f09d64233dae145288c30c7c3159fa5c1933928ce9a8710077c7027dfc78efd1062510a0e53f37a4342228f2d845410103642c4c45ec786

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\LastCrash

MD5 db5c031aa3ec39ae4584f18666102198
SHA1 20ea5418b498bbdd620c815766c55375bd909ea6
SHA256 4804003066e77c75e58275d230657ac539eed41673fbc87122d1604583ad466e
SHA512 a09ec95aff39620fa2cf02bd5179346ff0b2c02c3a6ba49b602689f4b2854491ef88b876ca8ecffa4ac33d2a95308f99cf91a8586d7798cde3ef2cac928594de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\LastCrash

MD5 960c5271b47cee2bcb73abfde5ee55ed
SHA1 2c82274dcd4416e30431c44fae9be6273a4fd696
SHA256 963c114630b02f3149825c398b6fa554db78d2858a1bd7d379343467aafcc00b
SHA512 b7a9bf1a7e4e97af81edbe3b0ade6f31b5fc5738089449983e4872f105433b4f3b94e53ab3a4cd1921967088d6fc3cc41edd162b06b3cf6e0a3cc9c9cb86ea0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\f078ddf2-1ad2-4c66-8dbe-923d59eaf417.dmp

MD5 9b477569d18361dfc6fde7fbab98ae36
SHA1 017cec1a4b2da7a02c7393f6a7dd4089c7832248
SHA256 65af69ee35a91768a741db82e32634018b196d74f9f97b31386ded01b1970b5c
SHA512 3899e32e902682fc25992ef6899173da66e9d00990c19e30a73962a98b848b4fbaa5d112ee9206b4993f3ad72c6d5ca6c2bf2faf1a99a24d95939f6dc906bb44

C:\Program Files\Mozilla Firefox\browser\omni.ja

MD5 0a74e021ad1481653d714057b66f1c0f
SHA1 7e8576e5f84311041d699ea26e114b35c7f00994
SHA256 2a66c166632aedb2eb8c5a109d7e33ffe326ae5b06614345c9b96a32c92cb42d
SHA512 0743278ba700860932f279d6d6252eb35a720198f96381deb039d1bde16886d37bf02800ec07b550fbcf68b13090dffefb90796ad4fc1bf7c31027b84e784590

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 34ca925952bbab637d546aa6bbbdff0f
SHA1 d6e643576039d01443596d5b0f651e2e61d3c1fb
SHA256 870de2453a0f3c0e207d9ea20c4eeaad59c7e4f5823169c688fb2dc4fdd7c74f
SHA512 96fc3f3109fef02a67d2e4d8c5272f23e3a234d552a37d1e3a846694db22e7f070e1b688658ca50deff75b42a1543c845b273a9aeac571c9370900270590fbef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\198ff012-831b-43ae-8116-07dcc8bb42ba.dmp

MD5 cbe330e2cc5cb562594fc60ef091ddd4
SHA1 2698a8bf6dc569b16b93ccad40d14c8e456317f0
SHA256 b935fd6da50f9f4d57ba8c9b17cfaf22ab86ddc344d57401343c84290ce20a93
SHA512 b0a1ebe2beb59d7058684009d985248f0d5d7e3e84d0b704cc10db39893242fd2a33fe2a7fb0fc1ef8694c92878381ce00251d749a58e7fa133fc892a8598dac

C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo

MD5 60e03d7ed6e270b30d107a306db4ebcf
SHA1 d3d3d5fa86911274a72ac65aedf4c65ac28f67c7
SHA256 cb7a837622bb1dc8bed97c4f1f54983bf9206fe5ecba6ca09fa30abf12ef3bc5
SHA512 f8fa66e94679e021196de4c5244f27f9a64df63a0f3db4b427e65d281c7d72c267305c97fb6a20ee56b1db1fbbd69d90656c6286c8b2b537f5b2112284f77998

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\LastCrash

MD5 8fcfe13d75578dbbd89a10b5a61aac38
SHA1 b94fca3e0d6dc8af63e3c16396d03c41b33373d8
SHA256 559dd31009343483bbd681a1864ce3388ce16e237a61630ced091c4041bb37b1
SHA512 449c0b82135a8de29d83dee7ace6a895e878401fb7fee998a4ed23f82d31bcca102221fa14f809b87635a1c1ab94b5a950249b2bc20bf57c1d0bfeb416ca9893

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\5825775a-f220-49ac-bd23-bf33c26edecb.dmp

MD5 dfc6b3f324f87f883483f6990643fb33
SHA1 d23e6bd7344e737c025ed29d37f64866480bcca8
SHA256 86ac30983572b5be2f4c733517872f5d18ca3f18d1947d164c6486dcfb7664a2
SHA512 a34370de95f1eb98f044b39938fbfb6b7ad5ad8368142c64def318b074208f267624fbfbf45c1ff30038ac92b85fc8d99e556030662614c546ba9404d51c8eb7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\673fd40f-abf4-468f-ba14-798387e21868.extra

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\events\673fd40f-abf4-468f-ba14-798387e21868

MD5 7a6f24e022bde2eb0b21276b35317bee
SHA1 d0f572f2485c520ee1750ad26ce5fd0efb3fb68b
SHA256 1cbbe5c0a6bfdbfa7b9dacc25768385d647c2aa4df1263797b5e00dac5b3203e
SHA512 6658b12a768167127ca6a74a654854ae716012973ce09400ba6759effc998259fc7046f95011680e9f26e86e1ee5ce0b78290888e8aa14820412c0e38830bd59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\673fd40f-abf4-468f-ba14-798387e21868.extra

MD5 1a9b2d2a841fd098e89ac1ed16622b94
SHA1 b5a0e5cd24fe6a5355ead5e84ada71a6be214a34
SHA256 8876ceb9096de60e4b4b44fbdfd58141996774a92923dc1e3ce005ca09c16da3
SHA512 50f4b22b4ad0445e8ae9e791c8e88b622b7ae835398250dbab44f6102e7f6f5469bc4f7f55608133c33d6afaebc25590e16a738c5f6e02e2241266a826c2fae9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\events\e9f0af2f-deb9-4034-89ed-a821b3692f90

MD5 af49e8521d6163d9a3fa5de8ac936152
SHA1 dd34c329ebe1793d20573fc2e1d6a3da4df39c56
SHA256 734f8f609f9e41969486caa274fe26e81a407a716283d86bebd027fc74fbe597
SHA512 ddf246683b974ebd823f9417bc238b2829bea5ca0373b5c1db98cf487275a68b30f9c2a92273819434d5ba5dd59b789384e89da90f9b6582aa538ad67819438e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\e9f0af2f-deb9-4034-89ed-a821b3692f90.extra

MD5 3f8bc27616aa34a15ce73ac751096ca2
SHA1 7230abe4186f8d09416ea9411a34a2cd2a5075d6
SHA256 b12d951592624b547663eb1dd0e9e33c7115e8d93b9bfa696eae80d718ed460e
SHA512 3e245d940708e1034d46881de5c31c29759c28fc2ef087a6905bf64391775a8592b07327919542882e92a25f2c9cbe4d7cbb426a1b3a60e1728d04590dc21e0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\submit.log

MD5 e8b7a3021a4215e842a5d7a96c8e3a4e
SHA1 784efcc6342d44cca31b1cf557d51285be684efe
SHA256 94b41bae2f65feacff957f6f4a315f8efee3491d481d218adcba8e3b83f20a7f
SHA512 4bf7464cf5d605525e58f3dff5be41d2af9325932a084d1aa4aa303d22dc16cca9c4582bff6152eca8a2398c5302e76ea6b0ede71d7db2f9be26a0fecefdc136

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\f078ddf2-1ad2-4c66-8dbe-923d59eaf417.extra

MD5 a6d1e3e5e6975e78fe3ce8e8a70342ce
SHA1 f7ec02b27b3cf038bdf489d8f41680230acf00d2
SHA256 de44909afa2a265935f6ea23d8d018313d0b686fb2f4b08b50b59d7ad2972593
SHA512 bca11e79fc9ee261dd9a78271d8d3badf9bd1aec8a80cdbf63410420083f20e443ca38de64e5c9adf989c5d9bfc2fd99f198fc49f15f4e4aaefaaf946b805eeb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\f078ddf2-1ad2-4c66-8dbe-923d59eaf417.extra

MD5 f3805dcf9dc72c9109769580389852af
SHA1 1b87840e434766650d556a1786e0e6f8664b47bb
SHA256 160adffbcbf6ac877400631dc922ae72472747616253b2a68800ee1a2f9a0be2
SHA512 8ad71b5f555d486ae0b9611c54dfa5803f2a7d33955ba719ae39ee4b71b61511d5464b24288667cb493fe13253a0d5567fc96751892d3ccdb56c06bf054f0f66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\events\f078ddf2-1ad2-4c66-8dbe-923d59eaf417

MD5 293ebefb711b8368c19fac87976af086
SHA1 e18de0ea53d2cb7f82ef3d6d16ff635305fb0dd1
SHA256 632c2f65a92797a0399950f57b96929b352b957cff0c352fe486b1c67044349a
SHA512 95e086fadd9483ac4ac1b7f0a51f8dbfa339cd6573bc93375616b6361fb2d0a0111b6dcab6c68c1b347d483794319064c4bb00c454d62caf1bd17daacd765fb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\198ff012-831b-43ae-8116-07dcc8bb42ba.extra

MD5 a30031b5082f7519bb1a2902f7476fcc
SHA1 36ab2829f03354a7353781d6b6c805d280909603
SHA256 67be4da82935e2173372e66f3fcb12f7d019182ce6f31b11b25e87f4b6ac360a
SHA512 894207662ce35a3ecc456093367f3c60b5b207b4220b29b3b45975f468b515f43f193f8174748534dadee565f4d96911dcfb75aabb728302cbc73b66c50a6cc0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\events\198ff012-831b-43ae-8116-07dcc8bb42ba

MD5 608a78cbe966900be2f1a9c80788b4b0
SHA1 291c8e8eae94265e0bb1c8ae21a1fef8039bfa3b
SHA256 44a9da9c259682792aa1a57e490db34649b1ad5df20712ff7b99a02e5d3a3fe0
SHA512 8f59d3833cc9bd976cd39dbf4f6ffcaf4c0fccecccd06ad9c07f5ca5e96f636e6b19be5149ace23ac48a3b4a39a140f155bb87e4675e49ad06bfd98466bf5f88

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\198ff012-831b-43ae-8116-07dcc8bb42ba.extra

MD5 a2d4998fd84d43bf994c2c48cf7551d9
SHA1 6fc17f018c06d27aa74516e7e3b5afef4aa7bf7d
SHA256 def4a7752815b15f772115711bce92172da9e748d8017648e15c6df5e28067ac
SHA512 546ee737f1567f0442d5043515389c37624350d2612afa251cbd3d3a3cae033d41384c816602623b0a964e8fa6d90b2dcce89c0205235b55b49b8bad3bc74359

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\5825775a-f220-49ac-bd23-bf33c26edecb.extra

MD5 ce1fbf14dbbeba786b05a0db5662ea3f
SHA1 7eb3994543663de8b9f334239b27bf316e41ae39
SHA256 41d38d01c8c0b189eb6e4c156862acbb3967ba099369ba1ecdb1ee04ffdeaf0f
SHA512 67612e18ae56aa4db94e8a9cda9a557b062843a3ba3132ef05eb5a46d06a04908dda74e79deda0816bce340fcb4b4ee9f55ee521f66abb4113e64e21ffbb3d89

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\minidumps\5825775a-f220-49ac-bd23-bf33c26edecb.extra

MD5 448f5320682d702dca797438f38704d3
SHA1 2b624eea21ceffda9cb166fa5476d088671ac132
SHA256 5e72b1d13ea69e5faa3f03898deda806ea0ae6b31b7edebfdbd8f89a30640be6
SHA512 af0d009509b63c9db3d3129a771b5f4fb4be8f94ae8d1bfe9abcff38b0b9e69206776595ffbd5eabebe4ab9d6d4400fcff50c229aa688b3374e151f00ac9ab9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\events\5825775a-f220-49ac-bd23-bf33c26edecb

MD5 5482a0440f15a318052ab46ee2159afd
SHA1 54c4171bd4bcc799e07d1a57fb3d3b9fc3bae440
SHA256 809296eeffd8f95bcba1c6d8deb53d2b14ac6ffb8d8724404f1f610a79afeb92
SHA512 496b251601b57a5cb2e5101a314aa2e205cb6ffc9c4a52c3281d646cdd0523558f8b91de461b991df2a78e637cb200bc4e128c5b00a0c1d93f3bd7a6c10b4102

memory/3288-7926-0x0000000000730000-0x0000000000762000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar

MD5 716a7b8feb2f9e71ef04784dddec3634
SHA1 d0fc689a3383d62e166bc568cf367f78524d846b
SHA256 8a60a834824b4331d8cc160e411e0fc58d99d99a9afae3ecfba57b6b46920f63
SHA512 36917070e311baf76da3fe72f39a515751ef25ded4585a6a7f0837161da9baa0f116dfe2a52c5161ea619e8907d298be5efcc2f7661e0a42bd15ff6792c1a530

C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar

MD5 5ea58e02c7a521ca71d6c2bc03e0922c
SHA1 160126f56da586faf761c84b24b54454cfe8141c
SHA256 b67f0dcbaaaeea587784100e425c98618851e8631372d9340f8ae348a652a540
SHA512 a0e78403ae72a03122331d6300ae499eed7c53b3f2e52c435ee2b30771ceecbeb305fa8b2ddedffba9df62d73284fb06b2377758901efa14c60671c14d9c4563

C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md

MD5 1d1a318c38ab51a053856a7ec808f4e1
SHA1 7fef1b13625c045e21041ad0f9f29f3df7e0f644
SHA256 044d3cfc5f0d01711c689103345e5a2dc86c831184073d9df1e6cea695d2048a
SHA512 7a652aff73cb3de3804600cf45213997b761edaa09ff080e5bc5bf8ecdaca96c7d4eb02f5754b0853bba1488944d261618495abe324c3b4e95545c5dfdb230d8

C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md

MD5 60dde5fdd4b7d566e948df23d6c5fc96
SHA1 0f8007e5856de3006aea4d94fc51e9e4668ee49b
SHA256 e1b1731f969288aa94ad522e0f9c5115cdaaf7aa2f95ea2146f4cada197d59cd
SHA512 c425e5f97ef110c590dd15c35114e51f2abf84fe02543c7e44325d2c1dea6dbbd8013b16ffcc94057c75cdac70abb8a2ccea5a79dc4d70b28e59434f3005041b

C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md

MD5 6ad8f19b7257e0b2ada1cedde7016001
SHA1 20529f41b1942a7d65089a312522c1c68019015a
SHA256 9ebb002247001392ce3352d0997dce0b986d90b50b3fdba47d9d9acf4cd90d35
SHA512 4bacdfa38e0af561cd6f47dfa8fd27321fd7a47ef8f832e2f723dd2010c6d0f8e7db9838f12df32aeb989f5d99dd32cd0bacdd351f8ada93b319b09465cbbb5e

C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md

MD5 560c5dbe1deb717d4bef68bf80ff9124
SHA1 35421af21120779072876ef77d3c09a7835b1de0
SHA256 b2f245f1391f741efc06b5db6fc6bb5aa7aff0d8405986c072852dd14b6f7b67
SHA512 aa3a0cdd66c636a494a7d7b2ac63cc45c5e161455c2db2347eda6ab33e9de2ef439649ee3298bb5652100bacdcb374b279afc67ca76717d22aa8e623ce032948

C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md

MD5 0e6bd5835f72ae32fe39be2ae5dc1d1d
SHA1 2aae6575efab04c8c398792f29aeb26e9a31f986
SHA256 c12ef62860500eff8ca5085f21f2c81e03a7451c529b6e6ae921aa4a235130c0
SHA512 abc8c4df2155049f0e44f066b7dd358d91f24298e730ccb6c0cd735db3dd5b1c17326346b7dfd0f837e89e1c082f576234619e795ea721ec18a008a6881916d2

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 a24e4de486ed19f98c282bfadf98ea01
SHA1 533efededc02ffe46defd98a733b764d1fc2a3cc
SHA256 6536098321fb2cce64cd979b666e50ae4503189ba69cfd4d4e2b14fe2c4af5bd
SHA512 64f9fb64fdede93b76cc44618ddc5a7bdac2bf4f64cc1d2f195b4338d8b2ba5b4eef6eb69954950afe565738a987aad168c36c53ed76d6239decba66bf0e5b09

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 a35fad6cf17e9b7f19abd8f50be142e9
SHA1 3534cfdb163138b1ea1dd9234ae521221a35980d
SHA256 683671a4bcd31d031ffa8ac4283d93317f3fc6b3fdb8e322a01c7c01532a4d34
SHA512 44d6677f2036f06b2fcc80234e5116ed742e1586695cc10135ab4cf0d7f07ad28d5d0c2e9e1910b5c08086082199f0edee62947b1090cadb48b4941daf4875e9

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-12 16:22

Reported

2024-05-12 16:25

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

Signatures

AsyncRat

rat asyncrat

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A 5.tcp.eu.ngrok.io N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1012 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 1012 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd"

Network

Country Destination Domain Proto
N/A 127.0.0.1:3232 tcp
US 8.8.8.8:53 5.tcp.eu.ngrok.io udp
DE 3.64.4.198:14548 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 198.4.64.3.in-addr.arpa udp
DE 3.64.4.198:14548 5.tcp.eu.ngrok.io tcp
DE 3.64.4.198:14548 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
DE 3.64.4.198:14548 5.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
DE 3.64.4.198:14548 5.tcp.eu.ngrok.io tcp

Files

memory/1012-0-0x00007FF800FD3000-0x00007FF800FD5000-memory.dmp

memory/1012-1-0x0000000000990000-0x00000000009A6000-memory.dmp

memory/1012-2-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

memory/1012-3-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

memory/1012-4-0x000000001C330000-0x000000001C3A6000-memory.dmp

memory/1012-5-0x00000000012B0000-0x00000000012E4000-memory.dmp

memory/1012-6-0x0000000002C30000-0x0000000002C4E000-memory.dmp

memory/1012-7-0x00007FF800FD3000-0x00007FF800FD5000-memory.dmp

memory/1012-8-0x000000001C2B0000-0x000000001C2CA000-memory.dmp

memory/1012-9-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

memory/1012-10-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

memory/1012-11-0x000000001C6B0000-0x000000001C6CC000-memory.dmp

memory/1012-12-0x000000001C0B0000-0x000000001C0E2000-memory.dmp