fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Analysis

max time kernel
139s
max time network
131s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
03-02-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>Eh0nCRMky5oHBRHF7daiAuhigytqBBzHSfuv+gMQfjkaVdkJU+gRRadg6IAc5qs7JakZv6tuIwlNhCQoBFw8KuDF3Duzv5vrD/pSumKdulchRSB/fWV1RyaETIn7FEgZ6GCKNg541uOnvJfLdM+RiF/hq8dBGjJlmVJRwfSzSdZ7dwXCBED8fEDjfziFgKoxgPpalYZ/gyHqlvDf717H/AJs2xl3g+1uoGzACAAQ7jPCKGAGSWGFUPIH0OM+ouSH3orijIb9umGBbKwabrvC4Vp8aWIwh0VxQfSKcNwIdHE83HAhu1oLgWeVxDrcE9rDp+j1GrZUs4Ok0uAnwJhFWA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1007) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
4864	WindowsUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Defender Advanced Threat Protection\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11701.1001.87.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe\Assets\Office\SelectAll.scale-140.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\LimitInitialize.xlsb	Fantom.exe
File created	C:\Program Files\Common Files\DESIGNER\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Addons\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\charsets.jar	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe\Assets\Office\Emboss.scale-140.png	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\az\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2017.125.40.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4812	Fantom.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4812	Fantom.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 4864	4812	Fantom.exe	76
PID 4812 wrote to memory of 4864	4812	Fantom.exe	76

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:4864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
5295bee8ff816edbc54d795ae728ccdb

SHA1
980e46d691c848b24df0f2a74d3df2411328512b

SHA256
60508c97af99aacc06c5817b8c1b9eb9544b0acb333cf7083c711d473cf9a950

SHA512
bff796ea1d1968deffc8350bd8d918a1eba6067aa026cf27c175a202175d77a6ad3325767a1219a7ec47110fc999fd8ea80c02883fdde17126f4648993626aa8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
3ca85159bd7af7b0b02db725c9f1c11e

SHA1
a603b5e9333f0ff0c4b5203499f9d8722ea627b2

SHA256
38752eea8f117268fddaa3ef4768dc436aa5f24d8c20ad2d7788c10341c5c749

SHA512
3443a9ccfddfb2b6515523f96bd1a5dbcf63685d04680a4e8848e809ba61e5ac83aa019691056acbaa5859641aae9381aa959de89e9d4d1a19b3933c37633e85

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
133dcbbbf2d2a4cdabe82347b5edbf3f

SHA1
f2662998592c6b4306409c8b55602ffb567b2813

SHA256
6f81d39f45c1421041e8bbd37a8f00ead66e9a042c6fe6a02ec0d4f5a4b3a921

SHA512
cd57128aa659b1be3a658ece0dadd374bb63173ce99d32782563bbab70fe23a3553466dd23476b84349a6ab6955f342521a43488f7afd55bdb0edcabecb29e32

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
cfd97fb96ec91de55fa33c6f62cd1319

SHA1
ccd5665a2e800650f65165f61998c10096af7aa6

SHA256
ed45c77525bb48fc6feee6bb53945a2883800e815dfd9ce37e29ccdc9c39b344

SHA512
6947fa4f6b40a6f4176c22d33ac6298567f37b38c36429398b6b0626994039e7e4ba90d76311014f24b0350dafdbb17bf9868a6ebf2ce4e14933435c962716fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.fantom

Filesize
1KB

MD5
d649951b8d2b74bdbc1e88d5d2cc8fcf

SHA1
73199eac32bf10b1c9831e64eb12d988404918e1

SHA256
d47b8c69f66fa03e055960eeff259b042e2a505546256576e802d44ba44f2bc4

SHA512
e74966f4cbe50cbb89e6e10437f3d723150be693080edaf978e932efa0ad21e8acdcf26e7a02e5648e55f42a4e953002c1b1a955b342a7cb045dfc37c24e55bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
8f2b9402e03e85beebcd104519bfe314

SHA1
4fc5d67fbecb427c4ae039b598d8d5c548477b28

SHA256
d6f260e5a5dd4a279c81523ac542e10d1345a4909fcce22d7800323b329ddfe6

SHA512
1fd43be3fdb642cd2621975017242c5ea9472de5f69e037cb90d9ebd9f8da609b817d5a453563a085384acc1fb2508ac5eb4db00b92e9276826818418fb13ea3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
45bd0eb6ef03ab5c97fe030135234edb

SHA1
472b4de16ca96d70c4f8d1b9c59a603358876ce2

SHA256
873c61af618762c474ed8802553b8af0db4e468ee6503aec38c62be0b79e4490

SHA512
5ebf99b02c517c660b620edf96d40b05d64f200ac8b9b5cf4ff04c0f189d6b8cd3c2e6f0b1438c36d19c9b0ec36e167c9f806aa198c1f20a78b11957749f6119

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
fc65c813f6eb29d66fa6130306ecca4f

SHA1
359ce681777fabee4d0d40738f975131002bcf9e

SHA256
2b5f9f996188c668680374da5fd3e162d7482b17fe8bdef5af9759e6c0294cdb

SHA512
7117fb4c747b414ea190fb0279fad5ea3c0c497f817f2eeb8e04cc182275e1dd2b7215478a52bd143cfb150e0b17d42b575ea0eebfe179823e2e7b6433028777

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
5b1ee86e6cb59e2a5ea4213c84dd02f6

SHA1
b2dc53a87be11f2e8c0d2fb4bcbc8a0fc2c0e1f1

SHA256
3aa44b0d52be8a03f05d9dcd90600e51ad3b50edefb4e97c29ec4485c014c699

SHA512
6dabc6adc6e32bf4c32e08af2b001ced4b6d123b8be7543857fa073d8c66cdf732dc9ea6faf286da9fd66ba1e36ed634c78b53bd1dd77e4c8067cb768aeec8cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
0bfd8ef87d6570fdb2eff757d1ecfbd6

SHA1
03d354fe3f10a1cac418719fc2192132213bb049

SHA256
0f37d76950840fd06ce44a24dc97bc0fbb9f1446e5af29a6c78a2548a38b589b

SHA512
900be0ccd9ebe3adfb217b70b2c20899a281e20ad3388d9ccf096a922174bdac0f0cd47fb0a635fa60ace5947d9968ccde7d309e1393d1a555120bbff4efbb7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
0737bbd52a12ab7747034cb8e2224314

SHA1
e42c4fee351ca5d062539917de1c1b74f82e357e

SHA256
2300fbfda853c2e4fe0e479041537e3ac144524c281874e4aab18c94026ca181

SHA512
385e29e844c40da1a800ced8a195be6e9ee7c43b1332d0568477493d34425518893ea16daff5ec497520fcd2f0ba076aafcc3e6ec99d4827246eb47d24a43dac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
48fcbcfdaebcd4b8288b69a138bb2108

SHA1
c3f37266dd82b709e4f75d1d40091871041f6e84

SHA256
e78fe5f223055e23e43bdd40da522259a760e3f36b9ccd65dbccbb6ef63224c6

SHA512
c637fa9310f00a4d02eeaa9ae0a5508b244b44270186ea4d511050be3d6e9cac723390f57cd882b54319b736068adf0edfef10a31774fa2ab08d5f58e7b88d20

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
9fde0ba3c31ab693199ca2a149ef163d

SHA1
9f8629b113365965ff8509c0445031b1273d6848

SHA256
3ab15a03114cf88679afca83d9bce0945d8191ebbc2d0237ff03083169d069b1

SHA512
3a929d9df46491882d09d94d9f70fbae3bd0b3895e7a59a9935a5cb04b98f4fe86723a65eaf5d3f3f45009668f554cf1254cedcf83cf5967cfeee21e59110b90

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
afa2e7cac23c6f0fc7a1fda46ab7553d

SHA1
054ecd60782b3e5ae0abe9d9cf15fd6abfc00f41

SHA256
490b79a2d4a86cb08c13a01b7b4fdbf9589f6c7bd1ef03ff0044a4d19b79a5d5

SHA512
e792ebc06af3e484a2178871068cf42e4d9b353e56169ef5bd42c6d9cc1350521111234e6976bc4f1e0db7e4f9785f678e6e4f96489e9b42a82540c5bafc8f76

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
b61751e7f37fd814ac27fe2b6b1592e5

SHA1
c5cf176bd6e1df8d01d468d3e788b435ba70f5d7

SHA256
c347f8b5ca17708fc4acab4d7df595899a303b9933165e953fbdb3a5de2325fb

SHA512
a37dca24d1b37c4cbd6df9943053f67c9249a154525f85b9eb70353f117fd9854315b95c6755d56a7e34c4dd39e9b39f615b99d9131eecf39b6f951eda2665a9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
4c9c0dea07d26a005835fa9cc7942407

SHA1
1754e60032872ed37f2ea7b5e624468b7e3e59b3

SHA256
59f5caee362c79f5bd0bedf196d60ee3b17fa592300a07095ba8ef56cbcdcb2e

SHA512
f8bbf944543bde7588de1905ce14de49aa13501d57a64a41fb0b46c2243d769974e79e98651e256219f0da808f8a09a1cc941723469a7f9063a7a3fdce81f1ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
7c129369766d1d4e5161050d002caf0f

SHA1
ea91470fa27a80d6fd0b1cfb0fce653978bd15db

SHA256
2b4e413355ef5f140ca035be3781569cd6254b5e9498d8f9224614c53211238e

SHA512
2454e02cfc0f2ff594a96dc10e6d8a9f1f9292992e5674ac423ae5c2568d992144c502cb7bdac3668b163a545e918afac3509d9e4895a54518bb16be184b2a53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
dcd9e4d471ff6284d3a41e8019601004

SHA1
ae3deb088bf0b6d2a268aa8e792bc50afa0f1eab

SHA256
56207a7081e416f17ae7a1bbe7f9acc3b886e50f500b02bd48436f7d5ac08ae5

SHA512
743162b1794bdad2005e5d16f92fc2b5f11db955ece0ad593b468d97bc374861b0df6969ff4d5163354e73bf0431d58449f15a5c553ddeb0d7580435bf8fb85f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
f9527faf77bbd8df7c130ffd136d34d5

SHA1
be1358a971e857f276f96b7518cfa4d78905c833

SHA256
26cd6c8ef7843da4a0d8add98a84f3aeacf29c4ad530d8ae61723868ac56edf9

SHA512
62a98de77915d3c73621ad9611b799876a7abe638b4bc9da3976d19b6dcead4d69408c2d11fc0b460fa0d22f60ff43a2511c354cd53b9875fac4220c69aa8570

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
dc3dc8bc44fb70497bdc1daae311fef1

SHA1
fb81853e3ddf7e1766733321abbbd6ec1784458b

SHA256
8701b1ad9b0cbe387720303709e2b2a328c291b6b7aa565db427d760e701e327

SHA512
e09355f404ad1ea6ebdbb2aadced8499537ad802d30aa268a700ec51d991df4d1ef6e573a8a50deb8280d38be7bf27bf6740473bf78a1eae18c88eca4934c3f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
59c0bfe3498e8fe8988788fece79a5a8

SHA1
04c8a0a642f2821ffb5ea754c1a223ae6ffd8229

SHA256
9a74a58a9fe2023b140ce9118d9eba7aa059cc6d765882b0743e18e390da6beb

SHA512
6a7f657762ec51eb54bedd23a5ecc1858542a765ff4549fe037256441be68f614629ef38637c3460309f8e8518c00ee0dbfb3a6ca6227242dcf83308411857e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
459bf0ae6d37499400cfd4a6f1ac0d3b

SHA1
82257fe1aa240e6b5224d2d338b78ea174e162ec

SHA256
ba11391a72046b877a70d7303292119f8baeb4abc826297ee5eaaa4df54258cf

SHA512
096ba0071a29b3607b4e4163b3fc9f9a35b6ba197b293a766124a4ae2e8cbe9ff37726a29cabd3b4e0a00970ef3195183f3090b82f623f1420807348dc170e56

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
7214ccc003e1128eff637a9baa902961

SHA1
bc7e676eb73faf7628a0ada341ce476692e8dd75

SHA256
065b8f8d2509d63dae4ac20e4c4d86226a16d206479e68553c296634ed9a5f7c

SHA512
4a5195e3ff2ee9afd68800ed43b22fb9547be7ea4cb0d79f76e348c20c1fb979e5102c5c6af5ba8710b90fa01e9d75f370f7afa1e191812b6ebf457f834afbea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
fa97ecbd4a7a9722ea3d8fb70eb12700

SHA1
bc86e5a33edceacdf2aed9c3b89aa25e00fbb981

SHA256
4768825116f136ca404ec48e754d5597411c9e8876c885ca456219fe79a510db

SHA512
ccd6e5c586568075f93126157355f903412c61f1c376c13044dceba026e0a47bcad00503d54f57b83563a6372e98bcff3877f6cfbe276833e4c3c2a862e01c2c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
0ccdfc7c1b4813508e7fd0cc0abf283c

SHA1
994fbfa090d9ab3a9b6566d42cae2be0b5d4a5ac

SHA256
3588a675f96d9a02f26379b869964a7fdc9f809f185f4ea77c7795f67ac28218

SHA512
504a072c2b6b1d0f59c37251645087b00947978e25f7061ebccebcc4d1bccf138b0c184736d3b9ab0a1ad448f9b6dfb70e916a9e2d11959a566ddb38e0fd9caa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
fb4e09bd243771709b60eaa8a633ad87

SHA1
1c06803067e70ae139b26c2ef535547e85b1bf1c

SHA256
308cb62bbf87e7569d1753fbcf6894f673f639639f5a488b92362d51ec12cac2

SHA512
c4fc857f14eb9d65fbb4a975618d3dfd1518a0de78ff8df09f381b6d1bd570e544b6ebad101f315cb8c8d0836439a5514def81ebc4acfe56dac7cd1e44df73fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
f9f8181f0274475523645b5697143b82

SHA1
90a6a9060e554a51e319677074c1e12149915022

SHA256
299e248531bb94522adadbc4a3de9637a52ab3fd7e96c0c5a435565a34991d51

SHA512
64cb3be500c1f28e896475805a380df26a7e9d40044be2ad014b004b9962d3889bc6ff0f41785565b0e155927bebfff812fed4b4309e044b7aaf81bc9909c531

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
05435c4148eaaf5975c3e7e9363f5628

SHA1
e3bb011f7378afba3cc7ad841e272c1360bf9a43

SHA256
961c1c8bc4e894cca6fa43e7d19894b86a872a09234561255afd6306575e6438

SHA512
7fed9fd3ea7dcecebf9b76d8a820dfbb0c8f6cb7811fd5f4c2d34432cb3963709c2707b6323b73b9c98fcd03cefdb7fdbc33686c27959b28fc0e19e78bd1a3db

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
a9b7511df3ee81ce6ce7a7e513abd3f2

SHA1
24acd7cca751a19eaeb66ae39c9c80e6c4e46970

SHA256
52abd52ea6b68468293e17babaf7c420c4fdca4291260c3a7045c86c8386d575

SHA512
141803e9b8481cc45fd9d2222a5913ad037b177e6ab74ae2b46faf55fa2b9fadd7a3cee0e0155e99a96ca1dc74e5859cb0ea349e21ba4b0b6e23c5d177cfb7d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
0f3e0850f15dca07fd192c16fa77191a

SHA1
03aa63a6361e2dc6e71b5506461ce0edddbe8a5d

SHA256
85cc32b74213a3d19702b88e0747f337b1af58cf1f369c7622ac2af7eba109b4

SHA512
c205e16bcfc568ce0d11d21472ba229cb3a770599b95caec337238a07c91c5d28e37b95ddcb2548db5a86473f56c29a47ffb61eb2a08b1a1ef6f3ee78aad45b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
2a5c67d4f953ee8c25ee44c34fc0908b

SHA1
69a9e7b8fed9b1af2fd4e97a19dcfb146587490f

SHA256
2b0534985ba0025309dce2152efef4881030e1a0713d89583f2fc5a42da73892

SHA512
bfd5ae01cfa1a6f937627dcaa8a44b8853a43be6ef877ee169b396c3a504231961fc8d99cdc5ceba2173943d2f85db12fcff56a8a3a7788e77717ca924b7dd84

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
afe760603022690fe46f95ff625dc93c

SHA1
7be4f88c09eef5ce0fda6779d1cd5d31db8c76a1

SHA256
f26eed9a9d887ebbf92f6715854ff5a20ab00b3ba70e16fed3bcc4499ec4b761

SHA512
ab936774ca1a5abac027393b78c018f03ab5bb7b4d787fedeb91ad7dc14e2db07113d605924f0dd23a84ff9b3c2d9a18cb33fe73b1a9a001bd15483ff100421d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
496f497fb8f1a622f84040cfcf5242a1

SHA1
faac06a24831502145e2a87cd46edb4cf55c0e44

SHA256
70e7b3c0047f7ae75c356be0e0919eb16b5a84892b680eaa47af3e852cc19dbc

SHA512
4234272c04cb1682d63f28dd8d4e877a2835efd258888cf60c32475cd932c7269b1fe3f97329e95371fa3726c97dd5539dd27d6db42de4acf1a523b7c6937b3f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
f7da7cb7a5c6108d752533388d0d9c30

SHA1
d9fdd69b828068fa712b10336b17fe69d19b062a

SHA256
67d56f2b10e8c9100ae55df00fe40536f473f2d0eadad98b348c6d0cb6a92487

SHA512
ca9de28860cde144998db80b0f9f1a0d5bdf3e8fa24ae3c0fba2e33db3c238eb815dc742a7afedd7324a4a2dba195fc390178e30b7094d492d0fb7f28a2b3a19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
847fb8de8ca61903c978c5c66e8694cb

SHA1
d8618ec47a5e012270d9edf0997f2e0e5b6d608d

SHA256
b71783b2ff65301d9c035fd67fb465f3872f8da0ee259fad4e0b5dc25b2dc109

SHA512
98debdc1b33a0d0f504a9f5420aa6a3d60a77e2c3c7b61800e13a5a3c11d19f2a447eb51e68957fd8b151fb416aab00cc5f49070d73e07e782e3d4eca105d041

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
4eb7864f43b4c14ce90e7e7df5c768b2

SHA1
9c4efd6a2a3afa4b4542a7b757713d2cf048d4aa

SHA256
9e46c42d36e79fa08c28b7ea903d9e62d43017faec38b71f509e3d9bfc2861d4

SHA512
37592ca71d848e154c785e532c157332f119ecd89de953e7f01c6cf73dfbbad90abef79465e22482b268a879bed8dbacde11b970007dbd253e85b7046a8dbf93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
dd58b3f334fe9822297879877fa9ec6f

SHA1
845395db2d134d499e67269f328e065260966b5c

SHA256
526ced2e9cd88e4c081496cc5e365b78d817237bfaddb80c6910dfabcf3015d6

SHA512
3fc1add634d65fb7b9eeb7489076fa1816f260793feec7a2dfe52a03c10237f1dc59a82d88fcb7187125ba049487f330d0e4761eda512f886a20ea58cf68f594

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
4f88fb7d6439fda3af601f01376cc4c1

SHA1
99247396eef1c12b5c5a205a925f2b5bafc36e69

SHA256
86c31ff2fc96753cb04b3b721246d53e068aa0d54cdcb790200be3ca675c007b

SHA512
7c3631969bb565d5f4a64f1d82f9e256fb17ea51eded0a4d362442ac733c4cdb801087aed7d1e88608734d4ac9507fb0fc620b080f58a230fc877dc5a4995678

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
17c41d63edf2fc3c59272abbc0eaa30f

SHA1
e86fb3eca6ce63895016975172f2b6a026a2dbc1

SHA256
212a8790e9030519eafcafe7f8a95e8092f63699ac7c6d24d348fe27abdc44c8

SHA512
97d5b5c2512bbbd22108987ec3147849c21608724c420b6037c98c3c8ffac370ac0dec11b4fc50f4530cc5301039af96a4f341984aeee44d3495f4820f9a0dc0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
f6ee0f8b233b300202993fc939265f15

SHA1
33e27f46a336ef9ba92231896a69468e66ac739c

SHA256
6e44781f230bd43ff59da15b570726b046395bf56cc196799728311850414277

SHA512
5d49db391e02892b1f7603019c4614f2e03ee9c9c96c6c78d108fa0895f4e30abc5188d0aa38d18f55ead3c116452900d46755582c1571b33347355fe3fa4c97

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
1d14a6f838bec88755a78e36b93b11a8

SHA1
a67eac68632b6ae6234755bf4f60fe7b3bd25643

SHA256
f0838b511171e7c89142787804598c0b62d7e05c4b84752e949586a1fbcd90a8

SHA512
a02b9cd856d3b81c1706e4bf6d2f287f48e900968fd33b30b0238b32c13f704ad28dfc3a631ed0cbebde56e746edcdfc19bf46b98220531ef825c75bb715d0ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
66b8e2033f92873d70430e280c9d1b2a

SHA1
1bef4bb8642308bd989d3bf574f426275842598a

SHA256
e481d2eb193a2e3d64f48df6bbf9412c3c8114aa38e45ed41e8e87710bd97a02

SHA512
0d38c953d6c00924ba1168ed4a330fe7508a2b0a4de396dc04b643d228d776f8b4a34e56584becbc6be0651d02ee3f2f8b3a7411d608b7c9c291d7b8757c657b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.fantom

Filesize
11KB

MD5
6f05cf9bb76de70e12907b1afb2fc73f

SHA1
ff60a5985306880b779839e1a2bc3569bd58d289

SHA256
003af2fb39b3159380db8b77f0ac7afadbb81f4dde25fb0d0ec9c630cab32cd7

SHA512
70ebd5a4f015abf65c0f9d1f9dc45e46858b14fd97d7641b6fdb1a6305bb2480dcabdc840749bf5b2d848d1ce46f9d407cd071a3a5bbeba7091d8b8016db4b26

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
ef90f8f6c194d8c17976b815fe666f15

SHA1
092880312941a69a0d0b58b345e4f8b2a34b6017

SHA256
218eda0ede2687bfef44a33c2d1d6926c34830b57fb7f33a34dafb8b6e90b4f5

SHA512
6297c32e39912d49f8801752ed30b25c2810a66a82c3047db9b0fbec626b72a66a3c3d15729f25f35604e44153252f42e949eb0563871b8d90f26fe9c9f5d510

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
afdbcb49a343efe98575dff04679c94c

SHA1
1218c12dc6165a86d6b398e1042c8ff1411c42c6

SHA256
d0d81dd3ea1c8ea674d956664e2c8d603e5b995b53cd4c41ff0b0028136045b1

SHA512
05639dee6ad7ef16662eeaa12e995d7c9b5f05856ac05be26a26fb47965908acbf3b40291eb14b2c0a9bb9a52267f012716faf3cda6a1d783cd4cf5143ba5d33

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
cc588047242a1c3304b1b71ba4279755

SHA1
056abf9a5b1e04f205df0bb14dfb47422fc443b4

SHA256
d6b939a846fe851c5bb1cde0752de221f6dfea5c9688d4d3bc8a8323fdb98e33

SHA512
dd8ad66c76f8cbcc4cce4fb5d3689bdb3b8a6acb99f6d1426ab576eb4d98d567454fa0cccc3a8a661fd82a465438e4cc1c35b25a504d4e2c74686484738ab045

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/4812-42-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-44-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-1-0x0000000073A40000-0x000000007412E000-memory.dmp

Filesize
6.9MB

Download
memory/4812-2-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4812-3-0x0000000002490000-0x00000000024C2000-memory.dmp

Filesize
200KB

Download
memory/4812-4-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4812-135-0x0000000005540000-0x000000000554E000-memory.dmp

Filesize
56KB

Download
memory/4812-134-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4812-133-0x0000000073A40000-0x000000007412E000-memory.dmp

Filesize
6.9MB

Download
memory/4812-132-0x0000000005010000-0x000000000501A000-memory.dmp

Filesize
40KB

Download
memory/4812-131-0x00000000049D0000-0x0000000004A62000-memory.dmp

Filesize
584KB

Download
memory/4812-130-0x0000000004AA0000-0x0000000004F9E000-memory.dmp

Filesize
5.0MB

Download
memory/4812-129-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4812-68-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-66-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-64-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-52-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-62-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-58-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-60-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-54-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-56-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-50-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-48-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-46-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-5-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-0-0x0000000002180000-0x00000000021B2000-memory.dmp

Filesize
200KB

Download
memory/4812-38-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-40-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-36-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-34-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-32-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-30-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-28-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-26-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-24-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-22-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-20-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-18-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-16-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-14-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-12-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-10-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-8-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4812-6-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/4864-143-0x000000001BA50000-0x000000001BA60000-memory.dmp

Filesize
64KB

Download
memory/4864-141-0x0000000000B60000-0x0000000000B6C000-memory.dmp

Filesize
48KB

Download
memory/4864-799-0x000000001BA50000-0x000000001BA60000-memory.dmp

Filesize
64KB

Download
memory/4864-559-0x00007FFBB1370000-0x00007FFBB1D5C000-memory.dmp

Filesize
9.9MB

Download
memory/4864-142-0x00007FFBB1370000-0x00007FFBB1D5C000-memory.dmp

Filesize
9.9MB

Download