fantom | 7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

Analysis

max time kernel
86s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>kvhWAxiL03PGlFucd2B6KzmU7gF6/8HVse/8P19YuYrkcnoWYfyLv+3SZl0sDpyg/nqTEPdZE0EjPtJBxB1euwQxE3d0WcBwoGe70hyQEKY4xTqqNyeQ+4SlLGsO/9ml5UgdFhULuYWzCZdS4ObB+Q+Vle2zjC3hbeA/Bv0RNfgjxps0URdty7piDumSgAG0+994ln/o5H8CRtnjIruzhL+O1ReaaJL5LoIkJDRszQmUdLOOot64fgPIcFGRu/YJQop+2QqZq84gk38hn3XdwjGo1H+8q1JsaU3w4tupQjaSvY3g25Kd2rewzE0O10g4L3a4XsGqu+4MM/r0bMfuoA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (406) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000\Control Panel\International\Geo\Nation	Fantom.exe

Executes dropped EXE 1 IoCs

pid	Process
5064	WindowsUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	Fantom.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	Fantom.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	Fantom.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\legal\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	Fantom.exe
File created	C:\Program Files\Common Files\System\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	Fantom.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	Fantom.exe
File created	C:\Program Files\dotnet\shared\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.NETCore.App.deps.json	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\lib\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\TextConv\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jvisualvm.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3236	Fantom.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3236	Fantom.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 5064	3236	Fantom.exe	93
PID 3236 wrote to memory of 5064	3236	Fantom.exe	93

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
e383ba0159e3176d314ea99262bec851

SHA1
8b20198cc2394bbb527da9ff30dc94b979008e10

SHA256
dd9044f397c0ddc78fe5e473551eb80d9eb6ee18638bee469239039edf5455b5

SHA512
4ccec2a35a3dbf838e9be7ed70983fc19024c1383b7f4289cfac5d196727b65533b9f8e7f1271a0c567d0d92dfdfc08f03fff55a88540834e87a3617c11b0a38

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
17770e94a275638f472e595d46e1aac5

SHA1
e8997def61869f08cbb1cb2c75c04e231a9f29b3

SHA256
96616bfee6306b5ba23f1ff57385eaeede31f08b20f12db6d5daa62edf52921e

SHA512
41d12090ca0235ec2bb6ffca0171c3da3f5e5185038ee6ae421dbbe197ac31d5840a902e288d59c88fe8f9f4cfef91176a014d316659d0bbcd4606929e8e56df

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
29e297565962b8727cea5e4ba367a8aa

SHA1
7badec5bdce8908d013d9cedcd0adfd1cf7fa667

SHA256
f797e4dd90ee6ab028494c7a10637c159ca6da0e897eb23b12c666b42f058e4d

SHA512
48bc05d4b80b8f48c876cf4bb832b7a1aa74e8cbf86e1c377b8e3c5de42469cc32057e65c645259d77e96b1848ed5d1e6d067bc1ae5ffd326df3c062d48a1b63

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
98808de691870aba4f305ccf53ee70ea

SHA1
dc0391ff0e70eb561021c8426d0f2edf2aac2de3

SHA256
5f6fadd4e753e57d7af35e641efeb4085f0c631dbe51af343e9cfb13f9d85ae7

SHA512
88e0ab350b325207990f9ca7504f7de050950ceebdd9cb91429622142c83838a090a2bed7c9922950b627541820057cdf3281d23f131e28ea670960c50ce7054

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
508fc2d3c5cb3b07aa8a998d78b6e703

SHA1
2f17b54e3c22b875ef0d765c2085985c67c79353

SHA256
544ad5f55463f3dd5b737e4bed64babfa80732365112e88853d15a7efd318531

SHA512
af9666d59f214c33bdeccee71eb5869613fa3a85d301b60b9f52b23831d812fbd42349897029305a823a57c8225ffdcb840f5bbfc2b157dc67154d2157e49e80

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.fantom

Filesize
31KB

MD5
a22e5b26196b388bc96337c284ecacdf

SHA1
95b7f2bde4786bbfcf3469ed9195c6480b4026e9

SHA256
d89a91a3cff135644a13b9fcba4fe2508ac574e17756249826e54dd33b8447e4

SHA512
6ffc21bbd20bbe4999e9928800c806c0d042b2118cf7dceab95664758bc4598343c0fb8d1730a90e0690328d48f76ef3aa6a6723b205e2f41af1f4e62fc55ef1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
9a87faa5f0261a7ad10c48055a36fe22

SHA1
2fb1cda92006ec3a354bfa6b8442284ebc71771c

SHA256
cbd3a22a3a2d664ba29d58516db34a8fbb6b23ead49554a7f3e2236474ffc647

SHA512
bade07ef6b97bfb51de421045abe60bc8d6bc92a98c6ba298edeac078130691bc6b6f0445794ae8b592826829470c4b2928d694c1a1ed58ef85eb461edb979fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
b07af9625602c4075ba3715278beb41b

SHA1
3945d308f7422296b23916e7273740b29022a21d

SHA256
eec38b8be17030101476e2ae42bad445e29b6d30d1bc8acd740918858f2c5e42

SHA512
3606e407fb58cfcacea7930cc86269e6d1ed7298fdd6655e975c6097805d468ad6d6e4685df01cd514c1046635b4a539186e92a052c42665ed54c4cbd91f39f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
6464773a552f847b427b0619db55bd01

SHA1
9fe6bc9eb5624529812fad2130747e4aa09e7dbd

SHA256
76c65a76316a7fec9050bd4a367f2a99575591d729819e5a54ed0221e1625feb

SHA512
c215fb5acf7bd139d4980cbd80534f8e2bb0db06a178113221e311c7a7406470d7ad13ad5b5dd3a550acb3a78dfcf8e66dce0ef0cf977e00a0aebc90fa062d2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
4545c0686b78d34e965271a41c3f3cce

SHA1
5e6901cea4e1ebdb8cecefee4dd398a879c2b03b

SHA256
721d6376a7e3bc4bb1817f30258b679f02ae34fdebb2e441371a1e9fd8e1baa1

SHA512
beb2d8fd5f4f1df7f1b6d78538f526ea07d79ff87bb82e39c48097f710aca5f48ad8b90bbe20e6092139e9302ff82efff2ec7cf1bf9fcac9f4bfe7ff0d845df8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
50b2ffdec6a719ac6eb38d539fc62435

SHA1
bb2d4c05b17071c8d70e2dd2b4ff930a92010831

SHA256
d8692794f851667c502b90ef8fea089e6939c8723957bdd5299ef2316d006301

SHA512
50b265a20ab94086b7db48c335ae3184aa09c96a89763bc424c44d26081cf3c51ed07ce2e250f86a944059e046e1addfc1bb60957c4080d46e67d0ab9fb76291

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
2e1d3d2f26c9b10807b62183a98298b6

SHA1
23b3f6d73fae9d8969b4291e3547bba2e51fc119

SHA256
3e09e97358f8a28a8f5f4d9626dc014bd1c2bde596be28a8eee9b94ef05d3f40

SHA512
77162f3ae539f8817b2be9248e1fbb3a5df02b79917a62e1b790a43e64cebf42e76fb293fc5fb2d2456d1cf6ace59a025868f3b906d56d9c34c4880681f7e36c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d78f066cf415ef0e86564e1f01a11ba0

SHA1
c314efb864fa5089a1d92493926c60ce652fa314

SHA256
129ab4edfcc2e29aa509a939e1de46383febdc9c9c57fdf31b2cb9010bf4141a

SHA512
da8ee7c966ec7f4bfd0e70230c576a8b7126fe828a4dc8dd598e8413869985b256dcc661e6121b6f91219db7968c9bf6507e4466af09008d7c89347cdb273014

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
9cf166af753fd7cc4a5379eda5ca16fa

SHA1
39eb9d9fe4f3efbe103f37036a5ec2418143f80f

SHA256
2ebca6f8c9640eea7993540370a28b9927d2a2f58f47cb8e1167fc7b38fd9929

SHA512
241859c656b177b146a90f3891fae761eb096bbaeb1a4db3fbc59fcfe484f1fe3556a7ad2b4ee744fa34aeae8bb6d67b3f06dc35d6c2a6d5df260855a28573af

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
defa1ee0b9ad8b84d235d8bc6243657f

SHA1
b1b880cace4dbd5c6641495fdffb73bfe69772a3

SHA256
da0dc16687e0d87a6852dfcc0cb67c3464b458cf873826fa96a509e3bc05f2cb

SHA512
4d2d7cb619451bd8b059e619b191fd56923f86a33965a5a4a233644c448c1f6bc5f4a1118e5a5fe8dc054974fc7f20f3a201c3b28d0229911a8fe58b38467c39

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
30a73987a9776fdcb8262b6e72f8ffd7

SHA1
837887360d1bfd1049a52f9a5106a94a07ee92eb

SHA256
e37ab778e1e37fce5ab4c692811bf139e019e47b7f44e20b36826a5c6020068c

SHA512
b8b3bdadf0aec51ca54f46b944ef64c00a288bd7d6fce8b7341d7973c3c3170a253ee579fc5d4cf8bd6e4c59676509a4bfd7ef275fd8a4da62585c499aff8d46

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
06dfb9c6c1618419dd5367a03fb6cbe7

SHA1
9b175b9ce2af2bbcb739b4d3505a19c3a560bf51

SHA256
87c7b49f1f4a98f6f83db6352c69b36efa3e5ac28a70f27242f300136cc7ecda

SHA512
ea9a27109e9ba92673241cf757196d28bc22587f104b15ee071ed76a9697d90e4f4a043891eafc4837dcd5111685d13acd5cdb89c49c38bec0d4e16435f5c879

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
04c49b2784392b95a9faf1c67d621cbc

SHA1
2d32adea1093f8b4c0798a0391d1bb667fc55d7b

SHA256
4593c831021ddc94477372305409325c3b9a70214c8b2a2e996c576a9b8b43b1

SHA512
3dec8229119b76b4d51d17efe6c0f8d93304ec5a94c34d7c9026b50988c135fe844f386944cc72808c5d46fde7e19b7374fdc94255b47d3aaa78c9a190c608fe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
80a2a455fa0d8273bded5387e4d29dfc

SHA1
917d8ff22206d4d6c1314d129ea15af5b8c00555

SHA256
329aef855f5294e295c7d85b11ba64b7574e146c79c1ce6d3750aa7ca1871412

SHA512
d45279648a31302bdf11fdce6b3dd3416faba4853b993e1483216773c6a9baa59f34a74d85c824e982c60863410e0ea23d17faae7a1e8bdefe4a0c324803ba1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
0d5530094b536a2ad5f3fed16a38a2c0

SHA1
ee6ae667e83403b99ce78c18258510c2756566f9

SHA256
112589b63c7f843a4212f72c403fc0a46c67baf4a4e528bd90e60a352b073def

SHA512
54c65a1033a923304312544f306b6ba2e68b37bc13ebd5846fb25b341052b7614eb29b3b0900044896fe098228b5adbcd77b2e6f3dbfcd417c2edf909f1574c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
6578769d0e7767b52c39131870e53b40

SHA1
adb18b66b748cf01c17d1e21e4795d2519acc1e8

SHA256
1c29886ad1c5fc6bc69503c63c8a568a73d90b2fcc11b304020c555e532be73c

SHA512
c8f9ad2bf5fecddff1c6591850693a71d8c086d4f4f8c06d11ac6e70e5b846e31d4428c5b0aca920030d1420b2e5bf974dbbaceef74140f5b1e9428b78b6de42

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.fantom

Filesize
1KB

MD5
0b72cd7d28d1573c79278915917f9508

SHA1
e5f9742004afe6c8c0a3706735a0077cb7dd5cf9

SHA256
ee4ea14f61161ac05fb925eaadfdfd7787ffd85ceb74decc8ff65f4f23d87813

SHA512
b343f28595d58620fa21474352716148d7d6576806eead77d2d574119454cad27aa5c72ccd2e64d5691e6eddf1068b9893c9f9a2abda9f19af7d92e632045f99

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ae12367fdf62b54811aef98390983c12

SHA1
214292b16b06fca89546a1a26bbde3ef4e6cc3d2

SHA256
70b877cb3bea76ae14cab2706be80bd8f34a1d2ed211bb4c161ac0cf21c39ea3

SHA512
17b556c0b69bfafa3a0844c0efdfd6f9eb5a2b17b2a02d044360cd617706ca3be592813a3bf8272742aa938bb50374b400ff4cd0f3eb52733c02f0fe2690abdf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
26a927b56e6f403473cdb1c028531205

SHA1
c41d4bc2147809021703c2a6546a297ce96f41d2

SHA256
6c700e466488dc9179101bf8106840b293c6f084fc7992e334024b1323bf413f

SHA512
d98276e3345cf24aee523513f7ff7c708a90148adc49086bc18b4cc0149dc82cf21ff1f981184178dc22eb5dd535e8460f17432d7d54624962a9ce3629a4cadf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
d9f66259b40d503c42e94e28348b580a

SHA1
236dc47908b406675a16d2906b6e08a0f531bb18

SHA256
026ea29766f1b47d87358f3485e44d2591ace1e8172f7a3c0e9e1462e3a162cf

SHA512
9d7cb68b3b5b737df6c52ffaa2138503e1d4bd9352cedd0edaff6899234ee612d20142b950572b5edaa69eacddc22c5987ab589665f4dded1884633cda8cf97f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
e6db6b5cd6f098c8ac035912c9a04c3b

SHA1
762b6fe0c93e6e8bcf0889188bc995dc816b91e7

SHA256
e76f8f9bea08e1ed741e60a8d21fd7a9291a6a1b717877e0953de2e8d93c4eae

SHA512
b442de356edd90f04dbf6ccbe4f448f3e86f9299d56c2331505bdab0d7d536b47882ec93e83ee368988758b320dcbc45e546f15cd96fc22a04846fc75f1d548c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
34d2b058c1ed8241e385b48e6c60c404

SHA1
e6ae1ca2c7d1b1ad369c9408da6ff538d939abeb

SHA256
52c9570445b3f0d796ec47ceb85ef91011ff767314e671889e29cde5e83bbbf7

SHA512
4ceee8f18d8c767c6e72b6865e0f4655cffda9b049bb2030ad0d177b34377751dbda9936b72740fa8c185352f55c4717c94d981140a58baffd0445848614cf47

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
c659b847ae28fd8c9f030b616bdb0314

SHA1
16b18f6275d1483ab5fa3f40d6639d150ff06e77

SHA256
398b0649264dc57abede95fb8ebb76b0b54a6972c86ee4a555f35f7a44a21ed9

SHA512
664a759f4d9f513923e5b4fec179a6713b3348482fa550ac67d2819f3ca5738e780feda55aaf7801cb0f52893a678ae912ab3544ff9a518fa085e278e0d40526

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
19e4f144757f208b5e56466caaec3630

SHA1
a9dbf3299f5a3dbb9dcf1dc893c64aeee062cdbd

SHA256
9b420e80c369f72046e23926ca972ddfab9b5be36b6248b04abbe0c134bef85c

SHA512
e7c40928d3553403ef57b95cde6baf08d1f29ece3ff04336097ee17716ac13076b4faa23fdcf6301a3b0073996198d11847591bea4fdc6b61d9f216cb145e2b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
0d1da769e1e310b0f8490178eee7bcca

SHA1
fe6bbf559cb5475c75e9e9736ce3cba97c03f35a

SHA256
a383a4beac926a301d421b816f2bb0039fada40354a9e97c73b846d1be4a3ec5

SHA512
7c353f0de14f644435b51e9de6c58b52d7fa98ba23c866d492b25b2f01532b78a910e543bbe8ae3a4baa543c6c5df9ab97be3d496925f6a81c9e464d4e6f89e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
b67c999d3429b644f3062828c5e2da49

SHA1
adc1654b5822838cdfd7ce7cb840ea4fdd72f7eb

SHA256
6dae6a3100f11a981dd1a613cf211375a38e2f9383152b33ef9fb1dcd97049e5

SHA512
f48eb377b674a0ad621d8a141a456015db45200bade4739995ed758e048b1b9b256c84c5e04517c7f909acb3a96cd3b4f3def45aa8ffa99c9f54a40c46e589d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.fantom

Filesize
6KB

MD5
5d97c8d7e49933022ce9cecd5b45bd6a

SHA1
339fcad2e4a2d805dbe6e06a2bf3190385de9098

SHA256
d68ab5ce4333755a5e23a4064a4c1ac105823e40bdf91e6e12f17205e06b5928

SHA512
88c73ca05a189d3a974bb3b068b5da2f20cc3f44789ed56ec6c6bca927685ccfc1c67baf0f5a0674a87570b07d41f7f05b297ebc9a53e93785ddd882d85b9870

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
fb7b766c3ed0b5d5fb8e050ecd8d867b

SHA1
57ce5527a0c57aa280d46441b1e8fc1443bf1acf

SHA256
27ecea1b1aaede7ec734247266ffcd58b409890b692ea7711741c37a03cfe08a

SHA512
e5118109cbf7f0c6e4c50ffef85c8d7cb436d6190485ef80bb9efbc38d2216341d09b53bb32f8b1fa615fd49301d223bd5567d69b233363c1babb22d128bf43a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.fantom

Filesize
3KB

MD5
9702256b497fb1cc11035d14669f3701

SHA1
e915a501ca80be5654529d0a5905d2a341c86b8d

SHA256
35071af499276bce63c53eb2069786485bd89322354c85b60f039542574f2b73

SHA512
ba3cdd6e7e7b00975c435df4cd56ae45b019f774086b197cbf15cec6ddf179f35451d2fe74d87ed5298310d7026143a62ae3d4efaed644f1a515186a03d85da5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
108b8418c24eed57f6814a76ec8f0ec4

SHA1
5b1e2eaf2d2231e59a34351bc0f91713ef425bbc

SHA256
dd54276b3abc1ce41974086bdccca3dc1eaba8b136fae809865848f86b28c326

SHA512
35d77b7518a896e70356afe118e175d49c240041b310b0b809de1bb395e821b62858f389d4c9625da65b107e1e1ca5f920933b7af8a689224cb4cc186172e611

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
a4debcf910631551ebce454756b5c4f2

SHA1
88c1b057d82744267b6b14373811804425d5704c

SHA256
d4882a797c3fd417355e91f2f384cc7a59fde8a579fecf1df3b90a675f873517

SHA512
207da8378db79edaf0a37207357c3dd33b3ca288080ef67af7f7a18d0d34378aba8d0a998048674785983e639079f8814178dd24641ccf4af2e3ba33752c954b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
6edbc3f5b07242c1267269ef9a6e5392

SHA1
a3b30208d607c2789524a62d64d896f8faf55a35

SHA256
b9d7c294a1a496f27289b65f0732746fe631bab359e29a5fa96a03b3d3210e01

SHA512
70ccdbc9649948abe6121ebf7cb3b02f19d7ad42db91f36fd7fa3515c38e45bd839a2804de3d0dd98189224b619239a6824ab0fe448a1c0ad5b42b92c80055ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
20a981a930cd672797ecd946cdd16b00

SHA1
7cbff06d58a0ca65ffc599d20d256d292160fe11

SHA256
a7eadbe7998151654520eaa0d97e756f4f4413e90587f0c41fc9488e0c476f4d

SHA512
74db98566fc73a51dfbb53975251facb83e22ad1c9ca48061216f30d988de2957faebd1f4f2bfe52a837d218ea2421d791d731793a9d131acca6e4c021a21723

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
1f291fd38ce1fb121521cb139ec1c7de

SHA1
279be309cbe2fd27890dd4247359ff59f7ff7aaf

SHA256
cc6bf7c4949230679202f1bf82e179eeacf9766b850f011033c95fdcad266cd0

SHA512
d2bfa29bf880b499abdcab4f40bcfe16e68f5020ea6924d1be7ea98b5412a925d5e8e5e020391c8c8ea641a19a616fefae1dd4367664aa1832931c6bf8cceaf1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
a67d3e8120f7632d1ab4818bcfd7ab83

SHA1
128b5404f58d692fa6241dc24e0456c7549ab172

SHA256
c72162f82ed9a8735aa95fef40668fb5fbf7274c92adb2d4315d7b4faa655c50

SHA512
5490b8fe3732648b97026b73adf481e4451488843668367ca6ee5907ce3eebeca89a406bdb674c2fee9716536ff0e66bfdf9b28777c6163696fa43236081eb11

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.fantom

Filesize
2KB

MD5
7f28d8305a39264a5d6f6ae1a3367b25

SHA1
38d022790286054b00ad12ed5c85ed5a0218adc0

SHA256
79bcdd059ab872a1a54a621752913f30905a8bab1845e42fd8d2387c326822ac

SHA512
1093443c6032f7d2c21b71057d9faa6027eb9dcdac5e97b3785afbe3b8f5b0404a0b6fba1525ea6db3f026afce33417661899745eaeb626735a7cffc9faea330

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
5ee00749d796051cbbe8cf5e8c92e5f1

SHA1
af97d5f64fdc3065f58ba8efc9deb71e8fdd0cb4

SHA256
7c2df6dbb0fd88a2c1e0dad8e9b18bfd0dd183ffa1d2dfb499a51514f5c25a73

SHA512
c8eaf298bb1d916b4f29969a2de7e45ba18b04ceab8b22cc98db49e680e1ade73a5560d97d3ff0a7d255205b449cc468b5cd47e9b054498dd2bf9cf39957cbcd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
053158edc547e9817330140c8e39ee0d

SHA1
8d69af8eae2aca47666c138a1d7db9941bc460fa

SHA256
b46f4d3fa86cc16f9d1642b9c5a6b005de7803247733039862f0f6f77d2c452c

SHA512
10e339975253ea84edfdff8ee3f011f8b248324d366dc915e300a4eb32642bfa500366845af0488a50e2a0a99c99be1c0c60a5ad8755a436a914d64f2a039004

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a888d985983656ae0d23fa11430f4c10

SHA1
aafed062a85e6b5102e8064ddb61b625579ea2a3

SHA256
9d662a4c4b384f417532190164517288e6e86d65282a45edd43388fa8790fba9

SHA512
8ee0eacc0cf5eb61a165a419408775de372fc98be0771120920933274481cd24cf89fb2869c05aa1777577ba7800600c3d40f4b5531b3171804739280f93c404

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
2da94996b33d43b6cb54fc3dc8e96501

SHA1
55bfd323fc9a9e01ba82472de68cdc2961ca4150

SHA256
439229b6e8dd0971e185c47067e4caaef12a2fc79e83a64f800209f2f0ee1993

SHA512
d7365802559292ee362f4446a84a0ce4895ec75140bb4df9de30e59bc3c102ad47946405a4019b9a2bdc37d3c00f3213367ba94bde58834c835979b157031066

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/3236-41-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-45-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-1-0x00000000749A0000-0x0000000075150000-memory.dmp

Filesize
7.7MB

Download
memory/3236-2-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/3236-136-0x0000000005460000-0x000000000546E000-memory.dmp

Filesize
56KB

Download
memory/3236-3-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/3236-5-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/3236-135-0x00000000749A0000-0x0000000075150000-memory.dmp

Filesize
7.7MB

Download
memory/3236-134-0x0000000004CC0000-0x0000000004CCA000-memory.dmp

Filesize
40KB

Download
memory/3236-133-0x0000000004BC0000-0x0000000004C52000-memory.dmp

Filesize
584KB

Download
memory/3236-132-0x0000000004D10000-0x00000000052B4000-memory.dmp

Filesize
5.6MB

Download
memory/3236-131-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/3236-130-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/3236-69-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-67-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-65-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-63-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-61-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-59-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-57-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-55-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-53-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-51-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-49-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-47-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-4-0x0000000002660000-0x0000000002692000-memory.dmp

Filesize
200KB

Download
memory/3236-43-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-0-0x00000000023C0000-0x00000000023F2000-memory.dmp

Filesize
200KB

Download
memory/3236-39-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-37-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-35-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-33-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-31-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-29-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-27-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-25-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-23-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-21-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-19-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-17-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-15-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-13-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-11-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-9-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-7-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/3236-6-0x0000000002660000-0x000000000268B000-memory.dmp

Filesize
172KB

Download
memory/5064-148-0x00000000006E0000-0x00000000006EC000-memory.dmp

Filesize
48KB

Download
memory/5064-903-0x0000000002780000-0x0000000002790000-memory.dmp

Filesize
64KB

Download
memory/5064-718-0x00007FFBEF880000-0x00007FFBF0341000-memory.dmp

Filesize
10.8MB

Download
memory/5064-150-0x0000000002780000-0x0000000002790000-memory.dmp

Filesize
64KB

Download
memory/5064-149-0x00007FFBEF880000-0x00007FFBF0341000-memory.dmp

Filesize
10.8MB

Download