fantom | 2eaccf2ffad0c83282b940b5ed1e65f38acacc9e002b48e3bf4f852e1097232a

Analysis

max time kernel
168s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17-03-2024 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ransomwares/Fantom/Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox fantomd12@yandex.ru or fantom12@techemail.com </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>Y0OHRggYJLzItzRyw3Ap9cZ46x5Gxb0ZhqSlmZbObVPC7hoUtxk0nocqPwnHVThCxEaIwAza4iP1leOM/7aM1t5IFInSB4oqyWGYSUsWBZzevxGMhQ6IAQTVkPbuaeTI5E+WE1nDZCpSb63MCRJ5+G4gQ3CiJsKNW3LLUeQQ14UnaLspwBoufv2nsPpeGrOH2lobyUG+gG8CmxuQOxco6gLrRHj5KQ573q844LdkTOpgm+isTvryfosuN54o87IoOmS8N36tAkGOzCz/C59pL+KqBYuZsla6iS4lJRWLI7fI9GtpX4CqwH7fDy11Nmb5xPjtdb2I7Zn9BVAythBzHw==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

fantomd12@yandex.ru

fantom12@techemail.com

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (961) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Fantom.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation Fantom.exe
Executes dropped EXE 1 IoCs

Processes:

WindowsUpdate.exe

pid process

232 WindowsUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	Fantom.exe

pid	process
232	WindowsUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

Fantom.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak	Fantom.exe
File created	C:\Program Files\Google\Chrome\Application\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml	Fantom.exe
File created	C:\Program Files\Internet Explorer\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	Fantom.exe
File created	C:\Program Files\Common Files\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\Triedit\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White@3x.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md	Fantom.exe
File opened for modification	C:\Program Files\Mozilla Firefox\install.log	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Addons\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\ODBC\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft.NET\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

Fantom.exe

pid process

1672 Fantom.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Fantom.exe

description pid process

Token: SeDebugPrivilege 1672 Fantom.exe

pid	process
1672	Fantom.exe

description	pid	process
Token: SeDebugPrivilege	1672	Fantom.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

Fantom.exe

description	pid	process	target process
PID 1672 wrote to memory of 232	1672	Fantom.exe	WindowsUpdate.exe
PID 1672 wrote to memory of 232	1672	Fantom.exe	WindowsUpdate.exe

C:\Users\Admin\AppData\Local\Temp\ransomwares\Fantom\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\ransomwares\Fantom\Fantom.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1672

C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
2⤵
- Executes dropped EXE
PID:232

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML
Filesize
1KB

MD5
5dd8605033c93888c63894c996ecf159

SHA1
890684eeeee6f719a02a46285a6b0bbd09c03d6d

SHA256
eb6085dec70c5b6a59f49eb8126646233165ce414af40490dcfba5a86a448838

SHA512
b44c406709047fb5772ab6794c2169a2d1b1634b6fbc97304b5aceb45e9d2110ee631ccf274d3d82dd8a22768725dfcba1cf99c889503f3319b837c27ba25fde

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
Filesize
160B

MD5
a51c6f7524c3de6c8eb6e8be0c504308

SHA1
2c13a79d14ab5f1185fc7334a2732906494d6127

SHA256
ac11d4811ac2793de6b72bda6c43a57e495948b27c2d5c74b8a1c10b0f3cdb0f

SHA512
6dad303e5c0d40334e187a31ad0749b4e2b940f0be3c428628254105ad1e06cd093dcc7332bdae5d44210fdc6e42629d6eb504295baacb67946d0704516ca48e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
Filesize
192B

MD5
1c3f0cca4df5a5a9e59977fb1006eeb5

SHA1
f005ff2ca06a8972e42e0e942f833570907465f5

SHA256
d583f3522cdb3d7fd9e4022857accb5c4a570373f9b4fc52ae053e66bb76ee62

SHA512
c6061d250cc12f05bef0d03e72cb96e694288bb3dedc6d63f9748aae943a44f08f05f8fb57c1b0db99ba80863fce6e3f8d3c5be69ac29245d8f298d67fd15463

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt
Filesize
192B

MD5
aaad82fe14dce6d64643f94fcaba5c58

SHA1
44bc51cb00461230e333745362e8afc04773be5c

SHA256
9746033832560cb87432f8a068b4d35db126a1f65c1180fb61e3f6355437c0f2

SHA512
656645c1830ed1854a3e7e90571f2fbf4a41c0022df906903a1476a594cd7157a1f90d09c031baf80fc64104847b2fb5659049e040ce031673e3b7411613c532

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md
Filesize
1KB

MD5
40d178142d013ad0dd327d3370f1c53b

SHA1
4618c4be5fa86da5154ed5b9ab4b6cca440f64fa

SHA256
0b2a00ae80e12bd3b33f63f7b5b78a740d53c8abd7572916f6fa96e5238e67fd

SHA512
7aaa81b5ce8bd8f295e64699b9f18d68473a9bbad2590dd25fdf130c34bb8bdc9a6263d5d6f861796d9a65b0df47d0bb6d9d161d599e11853951996922c55f05

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md
Filesize
31KB

MD5
e86c16b39a053557dc161d70766884d8

SHA1
cedb416193724eb5631c461f8c828e090ca532f2

SHA256
678c0e2e126cf174b2c1ab6e1b2cdcd9d4949374626ac5f32f81f1b01a26c5bd

SHA512
ab6fd28316aec1d12c3dc36d9075d90c36c8f02d44182d2029e3691929c2e36089282a38be736c600dc9a185ee24c0d9583c9a4ddbfaa127253601b3152f97a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md
Filesize
34KB

MD5
17c6cb7c7a00d99f52883139e2c6ed5b

SHA1
498c10ac2f773dcf6e777295025adce52c03393c

SHA256
88009dece3f932267b3515319a928970d1bc96f639d3e33822b5dbb978eb24ec

SHA512
ace1b05190abb4984f9739a4225214acb388dec96535e504032df135bb5e15a7e38489fa1c5f55bcb80e2421d3ddbdd6b5e91ec23f1ed6659852096645b3146a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md
Filesize
23KB

MD5
1cb2884332fa3ca03a5d102dd4f800b3

SHA1
8a1f4698ed5eda290ce8edb0d3105b1a3bd9efbb

SHA256
3d80f179d157830bd1bba044938cb242c18a014edecf63d724119d878354ff8a

SHA512
b088e719a646957972163a3ba8e066d8861794fb38a7dabf2f633ceca2a9a5078dddc75a606e0e0f4b4e4dab48b9d2cb21db615d0c2c108515eb7e1e843f1473

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md
Filesize
2KB

MD5
6aeb5e9f857d80834ba7c4b62e533ffc

SHA1
6aa3609f9555435a76167bd1e2e9dfafbfe7a952

SHA256
19dd67992f56d22124ed620cd657a370d56ab523cdb134db1fd0db1a36e51119

SHA512
16c5322e9dc63c36fce6f0a0185d53acf9686eaafa6a3068117dc6968f84acb7eccfcfa005b2c22a57d6a1ab2ed172f3225afa6471bfe202b049fe66d614f037

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md
Filesize
1KB

MD5
de45858f2d4701510e5d0ec2664f7eae

SHA1
6e1b9f8d89d0c2916a7812b24aba48c73edc39a8

SHA256
57154ee333dfa115990cd06ad32ee473b4e2b7e03db7d3086805a0d68795c814

SHA512
68456bc2ba006ee2f94fa9996a2a84fa4dc3fa3af8293fcd0cf7951cb92c6bfc3223d175a553f8cc8ae2bbd768883feafa327571f35c83db92b683b056502568

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md
Filesize
3KB

MD5
e9a14b67071eb283efc407d82cbd0eb6

SHA1
1e2e6c637cd24c697fcaf38b54f0376028c11bce

SHA256
80598fb6fca4e00cf418127a8d6c210abc28144902ad8404b11c14cfbd0a5cd6

SHA512
971acef681f5ccb4b7a0ec1f6424e1869aa84f15bd5e690e37bfe43b0fc725e684f0480abe06effdf8ce80ef3b0a4712a56056df204260e20a815ed86e1bccd6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md
Filesize
2KB

MD5
24dfc938dcc294f9030e1b94945bd26a

SHA1
f9a2dc40237a6a9de6d27a8964f1df20d66a19f1

SHA256
a871fffa3577a3a1a1244815ca085c51fb0ad07eb8ab85e957d0e3c5c7f5f9f6

SHA512
85a4623be1279c58391d9c5ca56c5cf4c75085450a67be2a798dc6afac396abef68e7cfcb0db7747c170cb252723a1b8e8c667c86a3f8da49825f9b423c23aa1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md
Filesize
5KB

MD5
beea179dbc37bdd6950d3928fb36f5ba

SHA1
e67dcb6806364ba223cc98bb7ab64824e37535a6

SHA256
bb807807c03ce241fbf408231fa988d8b49c57dab48bcdb381639b7c54d5557d

SHA512
2ff8d1099aeae6dabc6902224b1bcde0238b26bce3cb1563e13a0902b9dfd934b6102a05ec53f62e85e175fdb1ee61287d342debeccd0a926d2d798f465aa44c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md
Filesize
17KB

MD5
7885c158d994b768bd18e1c54f1d42f4

SHA1
362439dab57560be8046d5c4e4b499549f0a4043

SHA256
903abb6221a3a1fd9144502bf574c1cb349613c3d397c39a75b830b309dcda69

SHA512
eeb881e2c78e370d69ffee2a9b30e802b0c8e1382d4e30e460624bb08439a13c70999098960f80543f0e7172a17eafb7b8a8f8462308f2f1725641a0583864ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md
Filesize
320KB

MD5
ea0d6cb52ab11e74fb1e9cdd224bda97

SHA1
7be726cc03b7f5b68a88feae969eda479151576c

SHA256
06ac8a0dbf08a61378ddc22be06b5990800372b20ad53ba97422ac5dc4db13df

SHA512
45be5b82ea57ac30d0fc4858ddba9d56320ba45d819e744cf3e01d96759f519c73d2c56879ea5e07182a715b35c55def239e537da2d9184d8cc43cbedc7b9cf8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md
Filesize
1KB

MD5
03da5f8bb20e0fa7262cb1b697ae7e4f

SHA1
d0a2f63dd704a1ba5ed5b387440f4c936838f942

SHA256
848490c4f2dc2c66113dc6fefe01ddcd246d728ab7ebe16cb73019feada90393

SHA512
3df67ad00171667e574c83d91b4992a4c3cdf96d9444f567b4f4f83bbbcc9b8a1ba39226091f9c17bab58bed9ec112981d85303b40f454115c89400011cc9f2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md
Filesize
10KB

MD5
9e29005e2c0bf765bf8b3fc30393521e

SHA1
71ecf97c7d268c5655511e169f217becabf7f42f

SHA256
4921096a416a689c769f0f9e60b309857d46c97b96bcd07b1b639c0cd0b30f1e

SHA512
fa24e6966255f90b91ef9cb8142dabc491265f713ffa53bae4cbff1cae941ecbeb4200a0a127723f0f251711b2dbed662ae63adb9abd32488b48d192fa676702

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md
Filesize
3KB

MD5
6add7236ebb17c85e0f9cc15e5fc6c40

SHA1
89a993af4f24a45df80665ab9d18fadb5602a89a

SHA256
9dc84b46afd2fc2a17beccdbd1e47cceb75c8d0fb241da8d06792afcfbdb7d82

SHA512
c1e12c5d2f2e06e9a56497085d27de5cdbd010fe53628f2c41f66ae469fd4c24445e82a08a4c02d56e44fba286274f4abb82a4569fce8338f9d44246cace455f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md
Filesize
176B

MD5
7a0585ae640b35447725f16ff065c5a8

SHA1
b93914fdb1eeeacdc91f9551fb3348b22e8a2a9e

SHA256
61f4a13744204e8a04772314758a8a53617471876e4cd0b56b1bb755753ecceb

SHA512
25d0b90c81f4f5d72f8276079da2971bd5d9f0743601de363c21450d6e9339c437a1f2fd1aa5b6996d570c87c0005d6f54a0e94995e112ea5a71c81a04a65585

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md
Filesize
1KB

MD5
79ff62e40baa18b42f3384971a574a5c

SHA1
3ea6ae04198a674b13641d87b77409d0169bcb54

SHA256
b5dd53dc91733fe1425c250feeccb28e5c756c8a8eea2657333080f5bf69c227

SHA512
14f0ae4ff1f64360cd6d24ac38e158e34d35e096b963abeabde8b453f765c14ea0284b48b701303e3ac7d925aef7e4ac3caaca5ef984241edd43427d17874e0a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md
Filesize
3KB

MD5
9c7d1a91b5ed03a334c5814d44e13c6d

SHA1
5acbe02ba042918a6dea4e36b87c54c12a698e5c

SHA256
37474948738b061705122721dab66cce57fd109b2b675215852d1a0c6cf39781

SHA512
73ffe0dae92366274d86bbe4bfb4c78d642f2535237fa70b3bca8d7fb1964b9b48f632ee99254f497ff45e9a755a944ad6c815e994641b5f00a1c2b74827d9e4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md
Filesize
1KB

MD5
5f4608ebe6f24a69eb4c630b01ee62a7

SHA1
3c3831585679319b1fc576a45c94b7fb356dd434

SHA256
949728673ade71aded0a637360350607c60f5c0b7189c7f09ca067f33aeb3882

SHA512
a63404ebbe255b6783279cab798497b8cccc2951c059efdf05f7744ae333abd399a72604c57189488eedb2359d950074b69404f86b9ab433d756b3043d093aea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md
Filesize
28KB

MD5
2ce455d0c493ad6bd68125086022c107

SHA1
0e102d246841bb240c9aa4e31d4d4831162920d6

SHA256
fd121bd1fc3385aa57d0b1498dc73951ee358dab659391896104745c620089de

SHA512
21220987e285744f433f38b3ca87c2aa80bdbf986e82ab67237a555b897d82a73109b0fc5636f518a258cf5ed28657e82374043300b6cd8ff906accee44aaf0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md
Filesize
2KB

MD5
e5a9afb1e027ac89b1e05dc30c189de7

SHA1
15b4febb52b9bd3715397c746403caa5e878a389

SHA256
3c2e6bfde5b72e55729c22365a604701833f3873f47954a378559f94223449c7

SHA512
fd7443d120a98346a845bee29e5e3d2b6ba55d7e65ebd207bfa5f1bc365a8caa83fd916003f5ee34960e657cf8c650bb52f19a903afae121332e3338b2c9ed84

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md
Filesize
1KB

MD5
240ee5e42b07a0076b40e33b6808a09d

SHA1
5e0cb63c22dd9d01c1ccbfee9113609c33e2657b

SHA256
d290352da38a019081c460f2477c4c1e7ccfc1506f27a6cf93bd60341e026530

SHA512
015bed8cc17a0f35ef0c785aaa1123033d166ef3f414b847c3866529a94cdd2c3ccf8d97b2c66efb201df5ea61b7251e9ec421cb3308a22a8e248874fb457058

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md
Filesize
2KB

MD5
18c86459230224d31e6ec28c5257f115

SHA1
0aa2fc6371642c138fc5c43c97f19b2defd3713d

SHA256
4a86c6a67518453f62104efb3387a7f2d5f99c1bdec952576790f05326f7a1ba

SHA512
09b92d5637eb306ae81b487b77f84239c33c37ce51112d298d1824118b7ddc6484ec703c76d1a6aba963e8767684a27c6ed2ddd8b938df5304117ebdf6d467fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md
Filesize
1KB

MD5
174e1d18ddddeaa6d1aa63497a99edcd

SHA1
1835970682ef33b74292f51b3677bf72fbeee245

SHA256
c12cf05770e477ee638b403840f4f83484f28f193cd0ee630da895e8fdde6047

SHA512
e50514e198d24fd1a7424c049f7834a18ff2b3171b905be3f0472eb6927b5e24a760e4e9e5044d39d40854ff38c688516c9df7fc1d330007e4b45fbf060e1b69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md
Filesize
1KB

MD5
c1802f3cba99373cc3d29f3d90cbb86c

SHA1
e8097058b589fc5e7d00af97bf8e10f34386bf51

SHA256
1c99e93653a02ff03faeec3def8616e788d6b3f77a7586ba2f72fec254c2971a

SHA512
548b6b8fe2c70d7c765d9555b8d8f67efeff76748e7e195723063b62df1c0cac4467d0d8832c137417522c30739642cd1a732699ebf46574599ada5a7c07a396

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md
Filesize
1KB

MD5
059ada0d9b820fd60a39df5f2024d7dd

SHA1
04e1bffcc8b52e70125e74a14f2602e538280334

SHA256
d2f38a4189c48bd0995020259d37e0387e0d17498283390a4070e0a205a75f69

SHA512
836511fd4e8cc1f42f148d113a8c26aefe8c3d32ad3d0bd3b55c2f996e4d7a7cbce11b7efe730c7f58d19043e587fd044d199041ac22f6f1482e96adb812d55d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md
Filesize
3KB

MD5
342d49464c8177cbfb97d8505b82b731

SHA1
abb35d44b33ef8b426f292355e3171b79a543b19

SHA256
d81b665d1f8a9d13e9931d5ca40133bf15356ac55c5e9c5419f9a419529766f8

SHA512
7de1142c21ab36b47941caaaea7dc5c03b3c578e19dadd9d8d1c0346f30086d78fe914e107e6b0d1c599083b838d2c46915544ce4e81a2d242e43ae60f6b655b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md
Filesize
2KB

MD5
a8c047f160cd94929c57b99845be375d

SHA1
791d3a09c1184fd239980ea8a307aabec13e5973

SHA256
91fc4c75579aef0f53bce77bceeae66c2b9a68e41a8b1986ab7d7b94da53be34

SHA512
5faa28dbe623e1ed664f243f35994dd6b87b67f8f48327a5c20cb18a465886f31bdbd471ab7def600258128f455237136549ed7ebbb6fe750925f9f32b6a5221

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.fantom
Filesize
6KB

MD5
2c300bcf8a39d657c0fa3d1caa872d26

SHA1
dd15c05f34df3ee73fbd12b0cbdf9a322850ff17

SHA256
3d6dd0defc18afbb86bb7906b30028cf286eb7868832615003e873b19acc2ca1

SHA512
09ac57b5e9abd121fc3b89e96d44cbf78feed7a02d9e957ba862276742b297ab4c35d50cfbe839ffd1059953034c08810014b7a4a592071cca5bfce9e2f9053a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md
Filesize
5KB

MD5
20431ee331b343299a72efd6b43290a9

SHA1
d1981b182aa495b03701ccb8e66c4daae316f6e8

SHA256
3c3a34b226932dae6bfe4a09dadc60762722f7749f0c0d8089c9ea6eddefea9a

SHA512
2d0b316af588ba78fd489ca296c81d3d1db8f8b77261640db9beb176026b07a531d2b237d14b413d79f88dd5c77c661b048f11a2767edb267905f6bd92f4a9b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md
Filesize
3KB

MD5
ebe49b5b0cd9c6e7ac263be44a11aea3

SHA1
8b0b3c6c971ffc120a384797108977cb1da0c6f5

SHA256
3b9943d718b45f5796023218a3a01794c570a2a5a4a8aa669022d337740fd31b

SHA512
a70f77efc73c9ae77a36fe5d9ceee50ab28ef366543bdc4b786dff5fb581d1e674ccde0fdb7ce1a4f9b55b2e067b51afce118e452138991b1c0a23d53e82366a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md
Filesize
2KB

MD5
2ebfcb9d3e4cdfe47aeeb214202a8d91

SHA1
5a4e694f5962c5a8c7cf7837df54992cea0dde9c

SHA256
bb58e1ae59c53fbbbd5fa2c0f31d28ff8105abc457adcca7b74a09ec1c0a65e0

SHA512
0921170881f78740a61bd4d65f68385e609b236ab57970d5014ffa69e95b8802e16c91b21e0deb2d376b0fbb321ff8e671d7b749f9c2206b9fb79da23c98f746

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md
Filesize
2KB

MD5
7b92c548f5289e4244ca00db70c9fa13

SHA1
8f351108f89615b2c4c7bfd73831b5577adace4b

SHA256
bc70e2ef080032791dbd989b0f5e03c1ccbd2696890b08c998162c600e8af73a

SHA512
48c16d97b9c80369586d7a7dba96359ec4f50f4964f19c5b4ef24f77abf67e1b301294017b9d1fb40a7601fda3a56cf84accdd93a0b5126b90998a1c54d4332e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.fantom
Filesize
1KB

MD5
a90df9aae2dbc5518c499b6cbc95f979

SHA1
f719b9a96ae5bacfad11827f93cfe1dc895949ca

SHA256
51ff00530875e3612a75a7e6a61d8471414800edf4c38ef6f07802e33d158229

SHA512
d12ef9ee6514116fb500490f6f6e046b59df0dd34d8888f8ac96d6ed6f23ff9a94ac3194ad5c18755413b082f15199698ed9a51b69e8861a92432a575b2d4ae9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md
Filesize
1KB

MD5
c4506c7c51628c81c3361527620a0c7b

SHA1
00459b8e0508d332f14a3ea5097f03dc3795a256

SHA256
f114f22b086be3a8a3d163a597526ce2ba5ff0587781fd82e3617e603b5a4610

SHA512
6fbbbdfb3969df997516dca3cc465acd0530e025612fa1067bb06bdacaa9a25425c6d4396396cd22736fa2f4ec51042fa75ab06cd9a99c7caf497bbe9b610c32

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.fantom
Filesize
11KB

MD5
c399bea0094b3e0e8c0b4cc20e93f002

SHA1
a8082d1d69712e1de4c35bf526883c05148b61dc

SHA256
f1c54abfb989117e0ee810ca789fb22174abf7d507136a1b7dfc9f3ca353ef7c

SHA512
1be37979a00fa99c0306f212b80663a63dda57849f14e4f3231658b1021c139a1cd979c3609abe3179241bd82edff0f242879e962d0900f3d08808820d8758c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md
Filesize
1KB

MD5
9d42d99c4e5939477dd75bbea75018b1

SHA1
5798d9b7c8d9e2b50b31d33387ada7de5ca6d2a4

SHA256
47819082249bb03e044386fe08b44d33255d75ca40de0843cd25e6da451d5229

SHA512
fa9342ed95c6a8b3e7771150cce161bf6f81b394645ec5852258a3df414ce08a9509adcf46022804fefe98876c7d83fa0ceb2eb0a2329f9353abb51a1bd3facb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md
Filesize
2KB

MD5
782f5b668533f886e7abcdd27b1b1b51

SHA1
6f429bad38c9a402c4beca9e54902a8bc49aba48

SHA256
18d145f57f3e4bcbee598fdac4814f7c701eb209524d212a86b2e5400665ad6c

SHA512
c5e1654cccd21439da822e4b3946af2dafa6c71f2aa5ba5f82583ff6cd18a2a97a520299f625163122f1f309bfe24d50244d249fdb538bf5a0637c6e0e6c8971

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md
Filesize
11KB

MD5
0c4469194dad10d9136d8e3e92f67630

SHA1
50acaac4674d1efb8782322d1a3840391acf93b4

SHA256
5f6bde68459224a08beec69871eba8c8473d6a4170658ccaace68ba9763350af

SHA512
c094119ca9dbe1d55479445344880d54cebd3ef8404de5ad51704b9d3124d79b65188219e6c6620ad8fc5d251123e68aea155754dd10e39c7bdbdebeb6521070

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md
Filesize
11KB

MD5
29a235492d21c3fe867ecfa732a7b70e

SHA1
21137fb78df821bc541a54d2b1851f8362c28f04

SHA256
5adebba397cc742199ce2d00c0c5e0aa6a98de34cc8c0032299668a78a97358d

SHA512
16d013b142a9d3110fc5d40eb2c5442f941a7cc6d84778500e8d36e467b1facf362a1e1e8678b939554c3a269bad03efcfbc7762e22935945cf02cdf2acfb893

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md
Filesize
11KB

MD5
6de72271b4bcc205e3a116816b0ed25b

SHA1
125d96483b0c0d761515de33526f1b75b26af249

SHA256
f438c34606643a25dd0d91d7e30e92ccd81ce60e5521d82607621654c0fe8b67

SHA512
86a858b25a1ffccb7eef7188a0de3f08c091f8e1655ae5f912bbed092fe514e5f20dc0540003ddf2f87b7b87693751faad453334d1fef4ef391bb5a5f0caf612

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md
Filesize
1024B

MD5
9df5f7cdbe335abb015f90d1b7013fae

SHA1
2ac00869794531788c906c822810d900e3c7004b

SHA256
51885fcea5c9bf35b518ebc821dc0dd6057c951984d6c7b282869e6a6df49de0

SHA512
8e966a2292ad56a281c9daa4f6ab9a72c102cd09a8999862c5d8f9b208f5bc5d4e5580b1529478598f6b7915fafac5573d4820f47f94473d437a2be782c3b7d3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt
Filesize
48B

MD5
87e9d22daa108bed505ccbd4a9923abb

SHA1
a19094a2040639361c2301c246a354eef813e1b9

SHA256
d3023dea1d7c6ddcf7290d71d2bebdc3cf14555d17ed2e32a14c8b9b86090d38

SHA512
1002cbe91d4f2be4de2adcb592fe24a49867c58d1fdbd3edc80bfe13b1bf82d2e51ebb5e76da6faf880ff6d2f0d804f10af8d4e7988d272f147d88fe2898a68a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/232-149-0x00000000008E0000-0x00000000008EC000-memory.dmp

Filesize
48KB

Download
memory/232-611-0x00007FFFC53D0000-0x00007FFFC5E91000-memory.dmp

Filesize
10.8MB

Download
memory/232-150-0x00007FFFC53D0000-0x00007FFFC5E91000-memory.dmp

Filesize
10.8MB

Download
memory/232-155-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

Filesize
64KB

Download
memory/232-612-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

Filesize
64KB

Download
memory/1672-47-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-6-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-136-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1672-135-0x0000000005230000-0x000000000523A000-memory.dmp

Filesize
40KB

Download
memory/1672-132-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1672-134-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/1672-133-0x0000000004A30000-0x0000000004AC2000-memory.dmp

Filesize
584KB

Download
memory/1672-130-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download
memory/1672-131-0x0000000004B90000-0x0000000005134000-memory.dmp

Filesize
5.6MB

Download
memory/1672-69-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-67-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-65-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-63-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-61-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-59-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-57-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-55-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-53-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-51-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-49-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-0-0x0000000002360000-0x0000000002392000-memory.dmp

Filesize
200KB

Download
memory/1672-45-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-2-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1672-137-0x0000000000720000-0x000000000072E000-memory.dmp

Filesize
56KB

Download
memory/1672-33-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-37-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-35-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-39-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-31-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-29-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-27-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-25-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-23-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-21-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-19-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-17-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-15-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-13-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-11-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-9-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-7-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-41-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-5-0x0000000002530000-0x0000000002562000-memory.dmp

Filesize
200KB

Download
memory/1672-3-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1672-4-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1672-43-0x0000000002530000-0x000000000255B000-memory.dmp

Filesize
172KB

Download
memory/1672-1-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download