Malware Analysis Report

2025-04-13 12:36

Sample ID 240802-skftxsygjq
Target Infected.exe
SHA256 1b4ca2ea6683fa110a3409227361b8c29e00aa656ff197291b06105b36ec2fee
Tags
rat default asyncrat ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b4ca2ea6683fa110a3409227361b8c29e00aa656ff197291b06105b36ec2fee

Threat Level: Known bad

The file Infected.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat ransomware

Asyncrat family

AsyncRat

Async RAT payload

Renames multiple (1273) files with added filename extension

Async RAT payload

Executes dropped EXE

Checks computer location settings

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-02 15:10

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-02 15:10

Reported

2024-08-02 15:13

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (1273) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\IsoRight.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-400.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker32.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-400_contrast-white.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-125.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\tilebg.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\Data\BrushProfile\BrushBump64.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-400.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-100.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Rotate.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-150.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-150.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Cloud.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-100.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-150.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200_contrast-high.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\91.jpg C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\1x1transparent.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-100.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-100.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\web_chrome_permissions.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.GIF C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-125_contrast-black.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\Logo.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleSplashScreen.scale-125.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireWideTile.scale-100.jpg C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_32x32x32.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-400.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-125.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-125_contrast-black.png C:\Users\Admin\AppData\Roaming\test124.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\android-call-monitor-perm-illustration.png C:\Users\Admin\AppData\Roaming\test124.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test124.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "test124" /tr '"C:\Users\Admin\AppData\Roaming\test124.exe"' & exit

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp8117.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "test124" /tr '"C:\Users\Admin\AppData\Roaming\test124.exe"'

C:\Users\Admin\AppData\Roaming\test124.exe

"C:\Users\Admin\AppData\Roaming\test124.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 and-statements.gl.at.ply.gg udp
US 147.185.221.21:43442 and-statements.gl.at.ply.gg tcp
US 8.8.8.8:53 21.221.185.147.in-addr.arpa udp
US 147.185.221.21:43442 and-statements.gl.at.ply.gg tcp
US 147.185.221.21:43442 and-statements.gl.at.ply.gg tcp
US 147.185.221.21:43442 and-statements.gl.at.ply.gg tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 147.185.221.21:43442 and-statements.gl.at.ply.gg tcp
US 147.185.221.21:43442 and-statements.gl.at.ply.gg tcp

Files

memory/1716-1-0x00007FFCA3B83000-0x00007FFCA3B85000-memory.dmp

memory/1716-0-0x0000000000AB0000-0x0000000000AC6000-memory.dmp

memory/1716-2-0x00007FFCA3B80000-0x00007FFCA4641000-memory.dmp

memory/1716-7-0x00007FFCA3B80000-0x00007FFCA4641000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp8117.tmp.bat

MD5 3a09093ab7f44923f75bc35f772d8e86
SHA1 ee33a874ab8c3d2394d287b575a8518780f43f50
SHA256 81b745fdae50913b1edd955a7dba9c2b04e0de48094056e4e7ee8b82660693e0
SHA512 3cced58b18034e5a34783054aacef465f1a3e6ac8562e3040dceab6d8e7edd263b3d5120ef91b03e47115f8d801a06df5536669c60eebb1287d35098db92a44c

C:\Users\Admin\AppData\Roaming\test124.exe

MD5 4ab63aeb8e93aa7784281b8692d25ff3
SHA1 877e3e2f4729438ffdf7bfae3c7c261111e9dc6a
SHA256 1b4ca2ea6683fa110a3409227361b8c29e00aa656ff197291b06105b36ec2fee
SHA512 3623a467a97627b9d43660e2cfc9ed0334e1544a4bc68f9f1cb9cdfe8f365728fbaf9a5eec85e257c8d767aa4ac058b7a0e2eb0e1177514cd8a53d67be008885

memory/3164-13-0x000000001DAB0000-0x000000001DF7C000-memory.dmp

memory/3164-14-0x000000001C080000-0x000000001C09E000-memory.dmp

memory/3164-12-0x000000001DA30000-0x000000001DAA6000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 f8d4292b9f100453f713da76adeea457
SHA1 d701712c85494e3d4352b5b35fb0c797562e9a47
SHA256 2200940f6d70bf9e637ddda3a008fcf69a5357cbb11c2a781ebed1ff8b24a269
SHA512 0cd5d1bef18ad2264cf834b1695caa19f35ad3984807a819c1de4d813d213e306df4bfebb8fd508c6133735905291f810f4b75f30335df5a23cefa4dd38b6a01

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 e6fccc928b055b312a1f9a6617574740
SHA1 a19c03d1d7e1b2191373496407bf2cbc50fbee35
SHA256 2cdb9356979c67c86e0ff50bb27d8bc3c5c47d9a16a7c6e15c4f122c84487ec7
SHA512 17e22bc75bf66e578e1c5b60477ae6163f94d8a57908ec3626d3711355f3f96ca4846fe6bf4cfeb9cef8a4ae9cef7cf7a0dd4e5849af40036a2fa19c362368b7

C:\Program Files\Java\jre-1.8\LICENSE

MD5 df96c172f10fa7bcba45a4e4b16b890a
SHA1 aa214195197007027274dfd5bdf232c7f5cdd2d3
SHA256 ad57d98e507ff4dc1d9c19f57b15255808bb05029247aa94cb7428703c4e25bf
SHA512 d52758a399cdf64892154f781e129bfcb185decdb2701d12dd7c28f9df014c590f6f7b884a81678fbf59d6ca2d5d89d49dd264b861b96d30f6024809bbd07068

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 880e424acd9b25dcb1dd5fa4879344c7
SHA1 340bf79ca20bc44103533578ffe98a7838f85fa2
SHA256 84cae23400c39775b6e995e96463422da5196a952825f1784a62ff7b6fbdbf4f
SHA512 8e4936a0ae0e40db251d875aee328281400bb22cea81d74c95362a7a3f88b6bea3aa3b7342374705aa9b0fb4743566df17c61d6b59140047c857ceba1cdc17e3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c1997a5ee7a3c43086fdf6b1088ad367
SHA1 cdb83fba51412399ba01f6b08db069d72b465691
SHA256 70186eaa1766db101fc34f55ee544d55cac6f6e5fda5e9b8ec17258e700667d4
SHA512 ce6541e791e711393eac7e5b23c9f83be7b48787191f8fd1dbb6025986ee9fc48e3270ca25c9356dad1534cbf6045b43ae8abcf518f796c616641c52d65cc803

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 94d05ef0bede9735b4ea84005308d5a2
SHA1 166a2592aeb940f729b94f1865fde9b62d781e41
SHA256 4b449b9e5409711d9049123ba8dacbdbb837978e6fcb154de5839a51dad07b06
SHA512 02b0f2bdde6f3f3de7bbe36c95c03f7dc6355813e953a30a7222ed9aee5624d8b8f34c4a991a218f27d77bb0fca184cc0ad608aaa3c78ae42bf78e6b949b8a13

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 7e51d170d76124133ea7e81f55e22f55
SHA1 f2676590cbbb09c4581cbc2fe11341e40ffc593a
SHA256 ecc637d2dc02161e928bd684c5f2dfce738915d7f54abfe49e3489ba7e27ea5f
SHA512 a0252bc0d2d573e3167fcdb978a8c9806dbbcbf4d3ec79cf381e1c3c41751a9bba2f766a67b4a7eb28835f52ef2bdd1843c05ebfca9160fb52b61ed7e527941a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 c6a7bf4e5e6206a961122e4ece160651
SHA1 ff4c0cd3a39845511cb63b7607e0b8dc1f802d27
SHA256 0161ba3e2e504540ea81f9fd7c7e7c9292f920398572d29f3f28e8bb6c29afb2
SHA512 384360d97cf2026a931a225189d62c6a026ac0f2a2457ac1e18678aeb32585cc817c393f6e799c7fe191e9d5bb2a07e00f28f1e91b683c7d603e95c32cf3e9ae

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 cfbcad59bcdfe18cc955a6cd754663e7
SHA1 821fc1b984caea076b908e7095524ff029ec4664
SHA256 9f5d5498cfe9fc9c61f26651efc13c21de3d22093d984184c44c7fd41691a5f5
SHA512 c75d8db38d541305add0196aa58a844effba5c715f4a2e96cde0227cab96cd3364cfdc4d30c9f1c75e4fc41b92b6723a8d112abbb5cf23b9c6a105a2420baed8

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 d3759d600dc3b9f2e68b270b233b9fba
SHA1 d9c278877bb709e47cd8eedbd837c69eba4bf817
SHA256 5b648a502f1d380c8611918153c727e822fec0667897f1df8cbe7c4224f3f34c
SHA512 f0e01d94ef723aec00ff79f681e52aef982178899577ac348915a485998bb9ab8ef222153d050a370231459b25193ba444dca0b19519a425dd71d94089247276

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 5bcec4280970b843986b95d1d04cd709
SHA1 6b8976b16058d908c8f7279836f56780fc210216
SHA256 558bcf6cb3a7abf2c9208e6c56d8cf26c3a9299ed03da7fe5c82123a99e09509
SHA512 d774a88d3b3e49448a38c40e476415b765b6cf652fe215c9c7a4780c72b9b3bc0cbf3accb9537d17df7ad628723be7bca667674211f7c01c5f65d1234f3be3e3

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 f5e846f92accd122dc2c03b3903bd228
SHA1 7e51072f734850739d0e840b4566b17ae7e007a3
SHA256 88fe4ee9f9aceb24610d43835f3fef0f20435a9af8f47f193ca5e61e4fe151c3
SHA512 19b9441142bcb241e7bca70885ceee5a91fbd3befeab64b4c12f300a3c3c1dbe339b8592c995f3f3684ca6b3e77cd0a62af2ccfb829176bb0c5c399af56a21bf

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 5641521a6f2a8d66b31dbcd25dec0a47
SHA1 6d418a1859227632ce36b184ac83c25ffdb1b3de
SHA256 af42a5a382ba074284ab3057a60f2a2b62b98165a88af107d0756df7fab5bd06
SHA512 b1708211e058b48300004e1fbf6b4a50b7ba314b958eae12b46b3e7ebce277258f8e78b193bdd737ff09fdbf555267cf7b47ef91a685202639ea8825c1569a08

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 02a6cb7f683988af4add5f891e1fd158
SHA1 5b8d220c36280f7ce1f2e2e48d33c6391383d2f3
SHA256 54d4cfc219b36f2cbfab6e9c1ea225437f26e6b897dd71008a40d1276bfa9324
SHA512 5fa07c5771328407fa507bbdb925809e5792f0dcde54e429f69d6515c1dc8b12162141e3648da85bcdd40d52f3919f94bf9f670737b5e36db70d503051dd9108

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 d21d9a04e19a84f00adf6d8238fa72cd
SHA1 106277ea0b1c6896f0ef06adefd8c23401540ea2
SHA256 925ed5df72579e4c2b4422bd63d0e4607a7012d5d8c8beba73d2d2dbfb61d20f
SHA512 0e1e792a787167987a1c75a8f6c76bc1b7f187824404a459f1e095c070f4014cb74e3dbd9f9964c050e41fc2efcd6f49320e97d96aecda34ef6881efe6bf52a4

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 62722b430089f5d59095cda73694dd96
SHA1 da425ba354d5d799ee5876f63e8e492d7bd4154b
SHA256 69fc9fdc62dcc713cb6afbd49c4f18b3471059f9e0062b77e61f2ff11b1b4437
SHA512 66ae463ab84ed13e1e533f121c81fe106f7bf1e6f5f26a47de27be3e9d06e3cd99b3802897b03fe46f0a6908897ad41ae84a37396f005da18d9b00d61853777e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 b56eafa411bf0232b32b4fe016a630e1
SHA1 acb9712f87709623ee1b1591291dc6d04cd5b1cc
SHA256 9a8402aa53ef929500493af54f0429647acd13f041bf4acac97c9a83d1996816
SHA512 0ed2bbc475da72cc5a7ec0504f5b794599630512dc2410e31d3eede2117227860badba5a7e28646b46c077e7234a13f9367c5e53f360f3e48997730a91eafb8d

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 5a272b7d43ddd038b2acc1d394c74305
SHA1 832963ee580a900c5c6434f021ae91af2309c13a
SHA256 dfadc4462d456f7368fa6de851f390815e0460df18c89f585d874b419c88a8f5
SHA512 fa99bf904926ca1f4d37353c46473d1ad4f884a99a88951125bf21057a85e479d2b14f7212684cbcfbb876e910cd2dba8c7f8b9a475ec4365c3b89570febb621

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 29d9a843ddf7dce673eed8778b57ceaa
SHA1 11b5c6a88a51ab025df8bb720b2bb70a38db96e9
SHA256 47b66e1be7225fd5b740f82087ee5891c01a21aaad0d871d93de2a8e4f30029b
SHA512 7c5b0070d5284f9fe370dd8a9215378ef6158181ff91d41e04ffed6f6ff53f8e53f5553fc6daf6cf22f6c6e0cf68c7b97e44a95bcaad32041f190df536599125

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 aef8928face3339e73145b207f4eb08f
SHA1 3c252e8c10588683f0f798c27717e8989bc5021c
SHA256 599b1f97f7b52ae9ad8f54f4f92340a63f00a7e19f47bafdbb389d79a2c05a33
SHA512 3e0d4f8083b602b6c2765eda7dcca11504321d83de32143ee64ec6470a8a7676506927d574f7d9bb543390bd896c2e8434d250118be147711c002ea834766a49

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 9f89cf057004447de94e7c6c848d6d79
SHA1 6e53fd7b2f6c29d9f4aeef8e86da78feb0119ce6
SHA256 b39185c6b46bccc3467f162695611fbcad506890772617518c735caa691c62f7
SHA512 a73c058baae9c2a7ecd72c49aa85248339971a6f76d51ff0ef1c0402ecbda4bfa17aab0b7144c80568a9f9edc88a6871349f5d4ae1350954d70b20715c427d36

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b655c104e7cbee2e3376a78689542440
SHA1 fb4928fb822d91ecdcff23db528e931087a848cb
SHA256 07de7f85f233e08c91f39f593ba37b5cb27ab5f516e456e67688330b35328c12
SHA512 845eadec66abd4329ea8a7423b84421c3f1564f63f6b8a1eeda1288e3e068847c7957e5b0d3ce7eb964266dc9eed277f61b6c705e1082f91db2843eb1ec54948

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 69ea819bf5d9cfd09f2bf98ea78644f1
SHA1 f23b0d3d14fb80ebaa3e6003f41060c181276138
SHA256 036b058984bea7b4d2d19e423e5392b146c1623cc3bf6af41776a584a3d8adbf
SHA512 607b98317336557e7de03cebdfc9024eca8fd52fb6741cef3db26eec6e6cb510cdc44662a8797df998dba215f9edad3f830b091b25e5205bade0512df69f1e88

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 34a30921b34a5b1f3000a84c51bf9742
SHA1 8c3c2aa025e8df24b056fce8b511e36907aaf8fa
SHA256 57fd1656fcfeecf5c8909ef4db4e13f699c3fe73efe8da228d779d8c2310df33
SHA512 61e53acc128ca5997e3c971f7d568d13e48c5c7e9a9ecdee97e3aa0beb6ad364f36ec2b361ae6dc8b6386f2ed14f988fbcedb6f911ead1d7d85149dcdc69976a

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 b6267eb70578fe935b56581e7f1446ce
SHA1 97b2f145b1c09f6c917e750e6f2f0145dae7117c
SHA256 e31b7d285b381f184651809b8fab45ed7bf3d5f86c6f93d9970fc7cad2b69ea4
SHA512 5cab76d604f999b8acb1a34f40d44d31a7e89cd9ed9ec8ea759a94072ae6a62e73c6a5fa189d682803ac6af9aed66ef31e0224c88cbfb582015e17f55c4cc28f

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 98b7b288871f9c1f00c4e3386bc53771
SHA1 c8bbd1da7b61cc9cf39bfc16267e23937d8d9a74
SHA256 2d4f25f592c30290668cbab14fb7101d6f1f050b5db79321c738a2f54d258b06
SHA512 52336715afd27c1152b62c3480c8a3a4685f45197c4edc79aeb2f704775352ee6d3ff6213f91616427df47132b68e2bcc69c80444dfb47beed66df0b231386e7

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 aba60862ef4ce6ee004bbaee5f13e6ad
SHA1 274dc0b72a1248691a179a94e8038728c083f724
SHA256 80869eda8c6975098c547045b05bc29232760d32fb0eb40d4d84ca0b68f7dcf9
SHA512 e1f7ee5fc49242ba86c60edee5da98d53d6c11f7bf94a82aad4c3fb7a6f4daf325c6d84aad9fb42a7fb822ea0a75030b85b32bc76f62baa2b098404cccafebd9

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 d96659e447742b0869be16ad1bbc50b4
SHA1 e9d8fcc1a4900dddb1972243f309c02396b462c2
SHA256 7e8ec3363425fb2e9c41e2d5d1de3f27f6abf310a464a5cd33f8dc25ce277f41
SHA512 ada690eebd3a9e59657649731c53e48d07f63476308ddedbae8a2a1a6a037eb030b2954ecf17ed09c4e094318035f2d9740cd8aaaddef71feabe5c0454fb4fb0

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 13531d5c8651bedc54a6ad54a4da2614
SHA1 f87147d5973e450b3f43383414fff08451114bd3
SHA256 a0ecec641b2b891eb0f81fe145d44c7589cb3f03306ad3ab72b853ec428114e9
SHA512 769cc4517ecc73108f555e027d1a9880a1e0b74382758437efb940cf74c498f2980d57ad9d65ee07424897ee3d3b993c6f039da7076b0b2c9ce60ee19e0e4513

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 9e6acae9b09104017bf4f2ba84e73615
SHA1 60cd7084610233bdcabce8aa2ce02704c3bdab1a
SHA256 8d5c1762ad95493f0966d6595513cdfadd4821ba275281c6f75c13b4e6ee366a
SHA512 aa0f62a5e2c5a395d28db266fdf8ad0e9d8dfbbdfd615f6f7081da2fcaa4f6fd48ca4497c1ae89a9e349d33ce9a07968bf7d21bebdef18713763206466cf4d9d

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 dd6fd4ea3afb431bba778bc001e7e4ac
SHA1 2993ee4c59c3626d3a9d1cd8edc0a6acbbc52759
SHA256 d1308a53f8f6c2e06542a19820a34a6c6714f8f30bbcce88196a0989b5772c76
SHA512 346fb9cb2e8e67e9f7e6a2cc00f0cf966e842e9a25cf080da90907794b4c7d1e62f96cb0ff8021febeba41876201918bd6f4d4eea104c43380ac5b68f1c24c40

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 1ea9d0aeba7e2993ec472e2d75e7f395
SHA1 91785fe48c5738345066b6bf54abde03e9e5e389
SHA256 0d8d7ac356557ce73014971ed6b43221e66782ebb436a209533be9a9fbbc6a4f
SHA512 babbf4d8674588740dbb26c343da7a96d575cdb85c9d651bcf11f8034b114f20d8d583e3862346dea29e64ba2a7e9bbd5378daf40ef81535ef0e05773b08863f

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 9787008bccc6444385d693a96cfb602f
SHA1 39bc65a9c037f742448c324dda5d059fafb1262a
SHA256 2440815e401abb24295c6efb8f5f2edd108d1b0acaf28bd35d21cac2901c9f68
SHA512 42de9b87a6e4910d5ee4861d63a6ed091899eb7b3fc39c8df78cb6547a97badf7f53b9fc5899695cbf20bade75b1d9ed8651119416f3903e0ac7e3c6d616331e

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 58aa0152957926b36274d13a231d87c2
SHA1 a311cc8cef23dd0e5d939db481edaa92ae1ff098
SHA256 35cebc22ee8cdf7d4dd691bcbd998913fa8e497fd89622d1fc4220b6b255f2a9
SHA512 07719cf1c03b4133404ed345e0cf30c04d6950a04cf2c17388fb62ffd99d8f8fec20139b9d2b77cdc35b03fff372f8a26132a529bfc0cddabae0c1201bb1ef24

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 7043d8985342d632fedb576a46f9eda9
SHA1 c84da889102e05ddab22356a2dc358ecb680db47
SHA256 f3a6648a3b307c89e3239d3c3f16a28404121716267be508b6d65a53190080da
SHA512 e6898fb1e7ffdd84cea47eed3e839caf31dec234df220d7ed1b45496d3b487ab32e56e29539c1da2c0d0f4a14b7b0697a669ab910e2cf98b2aa8465a1cc1c9bb

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 c77988ece04c49fc40c2a5a05f8fe39a
SHA1 2bd35d8b947ea19bf1c59efce50e7f3bd335bc68
SHA256 9c488f9454d0a6eff51e58ddcf6c92e9880de563fdad98b9bbae675b39331484
SHA512 a952d849b53b6e02249d48dad1f7ab820e8c3aec4c3001cbcad675edb325107043cf8e55395b7444cafad9e787f3378f085f848ca76089c2e3fc577b7976da94

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 79e163adf054a25f98bcfc41087f4b66
SHA1 c3090d93920d2761d5ef62828aa0752243cba48f
SHA256 e706387e0b20aad2061d77cf01fddfa98fd5dad5ddbf1bf1a57610bf776abaf5
SHA512 e4274528a77d546462db3a1a4d77ea9222e985b07ac94808e9b27cb107b530336081ec1cda8853afb0b8288bb05b9843d76d4f24bb473489b7c91cc9e23690d0

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 e2943ac3ad26d5d2445211526c1aecb0
SHA1 bb2c22acaf652b529dcacacd0be36cf40fd81b44
SHA256 5f88e3f2c8d30090698fe3f3f0f564b8ea5ef9fa96ed0a403daa4cd12f5d19b7
SHA512 5b22175b18ca69febae9ed56512bc114d69774ee2bcb2e7effa5cc6a36932e5ab92173326c52f7dc4b48fca9b70280246a1fcb590dfc7c30c980c29882665d4b

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 4f401355ef58c29dbc4512583a741e3f
SHA1 3e30af04328a51f2390e8c4cad3bfc5692cfc345
SHA256 e51908f4b08a0e322ec945b734c1806fc37b163e8f15bee17d16714431b985f1
SHA512 4911e3b6b0e5ede445c7c46d3495281e4cd14b0bfebec71fffe05e2d5a23e7375717b277084c296792d74db476d56cf46717218f70041c3232e7cd89dfbb7c01

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 9fb8a89eadbde01317b43258106ab7d2
SHA1 5ab08521637e745692933166930ff4ab9954ee8e
SHA256 3b1c6995a034c6ca3d13ded41744e3e44e9f1f9f3bac3d8756c47fdd95ff2902
SHA512 56abb15d16952d042ee66bfeedacf7aa06d741c4b576b12bb974ffff6992527e42004421189ae43e7ef3f8b560cfa04c2442585d9343059ee3f98ec099ef6a48

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 9385a2e0c845e36a63216521e9e9d088
SHA1 5175b9c6bddfcfc1feaa6974564d363c43f1c108
SHA256 2267daeb51d47835f0f764d5ad3b946baa2ed620650019b43dbcbff9fe66b949
SHA512 d44e3e114e973ab9f584f260f1e554f8db9870b7c8f4e85c182c63027d5ce73f4719a36b286923a0ee58da8fea362554525690d6f04d7653ccb9208a273efc41

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 f3ddcf708a6d163ad1a02c428b5d368f
SHA1 2b9b24d00d229fb9c0804b2051248b6d92c0a853
SHA256 dfd26cae31863adf297826a8148a555c68135af9905be7c8cc9ee4ce976c90ea
SHA512 95e7f74b8c14d402a4cb627f3c6eeb7225da5d8176e01f1dab2c860b27724ea2982bae976b39368cf3615495efaf49adedd7b65d782de038b9385eafce6f0e2f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 4120638b5feddba5c7989d85455435c7
SHA1 f46ad5a05eb77e6ae0417a2f3f2785c3301486ea
SHA256 c4559fde4bad8488257124503bf333fd293f1315bc2fe988d308d8b2fa1b4208
SHA512 d85130452500e721e297a5d295ad2828b4812d49b98670d6d88a7d6e530750b98239955b2f2b9916040015ff9a432dbbf910a34faa238c1b833d2e2877d6d1ad

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 8f01b3db66d980982e81e483fb9bed2c
SHA1 0f8fd9956e4a4a6eceed13a128c31178bbda9f62
SHA256 61f377797f84e822ed5f7bf45633c5893a55b90bc1d68625ac79a03d5dfff8bd
SHA512 d77fb2e059a929b1bdcb7d91de6491e3f73678e13d9f10b69f1a0cc470af247f3e5074ef062a80ba8ed3c5b1b2f1a7965d684ea823e62a215d06a665ca30a9b2

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 1a5720c9fc21090dd68641d831c6172c
SHA1 92f87e18b0280b62bc9312683af02a691f719504
SHA256 683788d5264034e21d8da70439bb14c6e1c9084f6ffde767016e2d4f96536e2f
SHA512 aa01f6d7f6125abc1010e49c6d7d8bd6f9c89d91b1aa5c1f7cd9b3f6dddd58eeffca5de4fa0b571cee196494bb03f58de8c7abcfade292523da81ea0eb0f72ce

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 3323d673419c67ca3cadfebebc8423fc
SHA1 3cc3169d734f241f08b44f07231067063a5b33f9
SHA256 cbeb0b8e6198ca2091bfe4da8d58975330653acb881fec439623b7a435f4cf8c
SHA512 cfee35b032a518816e92473921489bce4788c68c2bca499e970a54e3af83398fbe765791c653b10fd1fa97a853bcc48e11d47012c4bb02a9b38af23d416338f4

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 febc85ca3414448770f304500978adf1
SHA1 497ba25430da17c04f7e0773dff4054bf0b688bb
SHA256 904c24f2c6db60bf16cefd992b21f007ee449fe292053937cf1cee90f906859e
SHA512 aab4e100e6267283c28e1c80f2b47d0960cdd1a7c3087b73b82f510dfe94081e5fc83f659464b2d67fdf9b62d810ab957fea6c02867644da53837b17d5dc104e

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 ff0728f924600fd2b026c4669f7a6a0d
SHA1 11359a7c88e14501e023af96212b453314cc1c94
SHA256 7464768ad6682fe8b1e131335dae79aed75918fe85fb72e2ba00f9e6d4259332
SHA512 9e901dcecb3f8c4850550c278ab5e9b0d78d35a2b888fb3c75f1fd3ea4c6813d2f5f323f8c32bc2d3a9b9410c0cd84686e0c8cfafa4f2f30231b286008976dc0

memory/3164-1511-0x0000000036650000-0x0000000036A58000-memory.dmp

C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml

MD5 07143ce12047cad278ad0a5589295391
SHA1 050ff6e05ab1ba21982cf913ae15430e97b9c744
SHA256 e2982c12851994de9729c61b953cab932c8432f17543d45449f9b16f37cf4505
SHA512 300bd7212395dc5298b6374e1c8d92132a32758fa078da2395634bb1de9310e9e9fa425e2ba5cda16b1a95c8421f899b532948e147ea6173c5bea1b10420a1ee

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 28e0bc397197c2c6c52b25a232c59f09
SHA1 4fbaf527d20ba59ee615bfa894b06d8478a3c477
SHA256 ed3d372b6d6279da47bd48862f89145c959b79d88acf5eca44a8f7b29efb0b3d
SHA512 5486c350db0dc8d4b39f576c38dec5b31df1f5e1440454b0c8797da132a53b4e285aa81f518e3506ffc0673d182754e6257b3475703d5eb62bd6d5fcec78d9b8

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile

MD5 bf152e1b3b299ed5afe8512aca2769d5
SHA1 0a365c189972887f9e986d9c7547c91c5c8b4e53
SHA256 88d87269f004d61d8d946d1b50c40ad79890166ca0f86d78c3c10dfbcc2e5130
SHA512 c14c1bead0b323ab710a85666de57e7a34c21cb59f526d287c6ef5da3871598d785feed4df673bbb8562dd3c3b606c0658a6e4740996df380969069e95cd380c

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 83c29263262cdbd356662fbdc1a622fa
SHA1 7adf47b604c8665f7e0cdcf21aaa2976b817f6fb
SHA256 8a9bc12ae587f6aaed3131bd29b1d594bbb2a4cb5b92ef851dbca4d45a70c7c4
SHA512 fdd771bce3670cc04498e7584427a046c2153dd7e88aad316dd9d894d46fa0c395456542683b5bcc18d283173a0143dcc4875844546fb8f03f83958d26b35948

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 b316d6e48577c24b22d037954da6f4c9
SHA1 b9c5f0d9a402720943b2d191942b075b8708e1ec
SHA256 351835c7512cc82d78d71dcfbe62da0263d7288fb90d5ca4b720e747463d0087
SHA512 1bd24867e9da3bcbbdd43dea3e0d2fe4fc6e21c415dc04ee1c00caf2202ca5406c7251d67766cfe41b50f013519805aa031d165cf115410bc57925d51e55e17f

C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo

MD5 bc81a9dfdb61c85aef9cdf5e02910e55
SHA1 0d1c294df206978b94625c8c9e448b5f70fa6605
SHA256 699a794b0471750b6504912aa2470fda51eea2286692bdcf97eb1c92a7d05fe0
SHA512 121fef91dfaf691cf35312d1c2b586d1f4c6ca382564321772eda0a756b7bd1921c899c6aafb11e93ef2e6ab02e3c551091ea713c3a98a06a0d1da35738e5238

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 beb9c3102dd0bec6450a7779ef361955
SHA1 88e209d47e68db38699e3b0285258f6f11f65dae
SHA256 77d7fd2f7cd0dfe865d15350ce53ba97c46462a6c3c1c13351394842074285c5
SHA512 c49b25113fbb930ad3c8eff2dee4b6265421eeaca5ec0c6bc345e21930e37ff2a24fdbf7d84bf8a2ca36381f6c8ef0646be3dfec55c7e7534d8e1995a96c1b5b

C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo

MD5 963f4bc30154de932a5bb74392c2a333
SHA1 7f27736114f650c1a28a03e29214a20614d97c0c
SHA256 64e6e5a45c0b03c8db56c1e8d45163c49e20ef03f0a7690b4c32403bdd7d8c16
SHA512 2d999755a583f0467966f04a96c11d38acfd979cb45078d06eb7d645527daba0321eab5ad919d700c7efcad7b3db336b518097aff99cff50f75864d2be03e71b

memory/3164-5221-0x000000001B310000-0x000000001B342000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 085377512ac240b76459a49d5f61eb9f
SHA1 d9837d55c464010bffc70f74617717c78b7f2282
SHA256 aeea4cc79e3dfaaf9dd07545c3610eb1b2d11f2cec6eaeb8e24988987bb2dfdb
SHA512 98be31b1774d300c927d978b5dbf9ba9c8896c79eb3031ba9848aab69f5c63ec30d98f9866f7f6d6187b86fcc621652278dca913b9369c450e1534b92dabc802