Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2024 08:52

General

  • Target

    Fantom.exe

  • Size

    261KB

  • MD5

    7d80230df68ccba871815d68f016c282

  • SHA1

    e10874c6108a26ceedfc84f50881824462b5b6b6

  • SHA256

    f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

  • SHA512

    64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

  • SSDEEP

    3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note
<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>a5Z6d6tVbYKd+8j4WUqVQMpxBJvlsIXLBvKG2Bni3KI2DOHLoJ6ZtSIgvxA88AU0jmufacg0pHhcdIvmefO6P+y4d9SVpuUPiqDaxG/0oxczGlrXO172jDbOA9rbEuEkJ4s1v2YSwWlI/rpIrgXq3Lm2iCznK7NMIYIzYIxQzG1OqGyyGZVcQpO+9t9DzWhcRHf8xlti83HxKRx3obo4AtDzkUYl3NJof72JVQrEQiAlb13D9a+wx/Kl9vYhDDBZUIXIB07KDz8VnOItRpd3nqHs0vsOnxXvTthDDCTy9zghKtDqxO3E3Rf/m7fzRUnxk0OFFAQvbrS0TzGQsMNcqA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Signatures

  • Fantom

    Ransomware which hides encryption process behind fake Windows Update screen.

  • Renames multiple (1022) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Disables Task Manager via registry modification
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 63 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fantom.exe
    "C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
      "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
      2⤵
      • Executes dropped EXE
      PID:4272
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2424
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2336
    • C:\Windows\System32\h920ln.exe
      "C:\Windows\System32\h920ln.exe"
      1⤵
        PID:1632
      • C:\Windows\System32\h2uwuijo7f5yc.exe
        "C:\Windows\System32\h2uwuijo7f5yc.exe"
        1⤵
          PID:5080
        • C:\Windows\System32\h920ln.exe
          "C:\Windows\System32\h920ln.exe"
          1⤵
            PID:3036
          • C:\Windows\System32\h920ln.exe
            "C:\Windows\System32\h920ln.exe"
            1⤵
              PID:2108

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

              Filesize

              1KB

              MD5

              6a394471c02a96ef7f64c3618c7bd946

              SHA1

              3863fcebfc5442a99d943709fbed8ebf3c81c6b7

              SHA256

              15e783d0192478fb2fd07ae14ae16f7f7e77f519049f28bcd550c63511e6c6ac

              SHA512

              25d25851f0d1a294bfa5b7df4ab99a9d66dcd131fc368274301e2f79b682adb522ad09e0ba4c8581d1da8622037016649ebc44c0402f7d78841a851f161156cc

            • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

              Filesize

              160B

              MD5

              63365b7832e58a56d937715a34a3eaca

              SHA1

              d9125787801c9e3c6980a4e69ef2e07fc0aeac58

              SHA256

              1e94928b4b2010b231e65669785b6d8dae1fc82c63f391d031a0b40c6edf35f6

              SHA512

              ec8c76ad433b65eb6bf2dbb0688b4d59d3148f50b8155d8fb1c773df392b53aaa29ea2c90d055f57d7efed518529dfe9e5d3b42ad81102ece8aa9728ea051fd6

            • C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

              Filesize

              192B

              MD5

              583c05bd85c766892cf29f0392a61ded

              SHA1

              82b5333ac1d74b89513f2ab443bf12fe5e22e678

              SHA256

              a9032f0da6a1f31b9219abf65d0e7a064484cf77acd299e0b8b1436a0417520d

              SHA512

              6921d6fb84435319c0ace32a07e04bfae91875ecf2925b8746123dbf5dec2b01375cf0612c97c3648ee646b3b7ee2b8cce469c2c35d1266cfec787c89cf49f8f

            • C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

              Filesize

              192B

              MD5

              488290c04b68b62dbaf5fa0bb7540cf6

              SHA1

              eafedcbcfce9514f68420516cb4a3e2b9b874aa6

              SHA256

              df9c5ce498c709cb8ea0501ae1e7e8db1d93df3c4c581072b86f7a01db55a7e2

              SHA512

              b57f04da6d4fc58a8d96ea88633dc5cfa7a4944212426256a189e4355655ee6f772679eb79a28d7c614121b0d9803da9be45d3fdd0b52c7ecf6fdd2efd3bd7b5

            • C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

              Filesize

              1KB

              MD5

              71c4378f24f14a742f8a1932c6b9e7b3

              SHA1

              d3fb52cf2c4610540eb29fe604ce0a45738718d6

              SHA256

              a219e63c021261e06949d7d8583ca2a8e7515ebcf4474999b7942062ac57b091

              SHA512

              17dd13c6be2917402d9d8c40e239ca8793b87143a87c357186f3c742e7503bea90c2f6f9d6b197d57542796876440680250bc88493257dd00caabf9dcb3a40db

            • C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

              Filesize

              31KB

              MD5

              e97352072a3c18d63ea49ebfd5b323fa

              SHA1

              7a1570dbc70063655ba94eff068c9923decbbe1a

              SHA256

              a1a37c939262a971af9185417d5b63dd40ebb5dd756dc4d70aa017b3e09b2093

              SHA512

              70e3ef6c972013cddf4b796e6023e5a156dd0f4fcdbf2999fd3c825c1b5a71eba179c30a569e33002e14d74d959e6ce1cf046d71f8d93eaa5d6dd1c9f7f80d17

            • C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

              Filesize

              34KB

              MD5

              1a5a77aabbe11a7ea2fe05f7dfdbd4d6

              SHA1

              782e8086ec1285e645db8a51bc10c568181e55d6

              SHA256

              7512496c7e3d9166c1c05423089af8a7a032db50c043609de6f5d939955e8c43

              SHA512

              32ac43a6492df2ea708a70ba3dd2ff74db6b347dcc9f2fae85d7c76a6cec59a2092def63da2fb1bec2d5f0b12c94ae06fd13832e6a0841cbd46e972d696efaf9

            • C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

              Filesize

              23KB

              MD5

              70edf78e125b09729a1e22a473882eea

              SHA1

              21c00180b9270539179d293f280601ae5c5e4da9

              SHA256

              0640168194e8c532c4396fb5b1be4410992cc0cd20afa56597bf75efc8b2a992

              SHA512

              2e4a4fbecf8261af2bcab162e89d52881cd4850dcc0c391f184aa32527d1550284e2fef80b3a1836d59bbeacadadf021720da4a2f3e20fe7dae2c5bd13b83cf9

            • C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

              Filesize

              2KB

              MD5

              dc3f3067c0470aa40f9bd226215f9d8f

              SHA1

              84b89ad63d9df7d1f6392448cae790b8ae655de8

              SHA256

              14486136614862292d683ca6cead11a1dd59c4526e715c4b0ef79e46e89a683f

              SHA512

              6180eda0b22b0adf89c18806dbbb31a6eff866da9140f76119a64fa608eb48e4647b4bacefea0cd61a2da220ff68871f95ed23ef1bc0616949ad8986ce307a4e

            • C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

              Filesize

              1KB

              MD5

              fcd7a64df70b7d56c3797639ef2bc4f8

              SHA1

              b1643f01bc5236c5f6352906dd9508963c94df8b

              SHA256

              5551ec9789bedb971be223d30403314c1ff411c5e2fb0ac486d48258e25b54bf

              SHA512

              08998508167d476aa9f54b050686d3130aed18a8c45fd23be67325403597a265bc2eee30f797f468dca5448eae30818a9bf5064513a37944473b51adda35ff98

            • C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

              Filesize

              3KB

              MD5

              8a855c0256ced46e24cc211d1cdae95a

              SHA1

              d3759b93a13fe55a3eb1575899707337467e95f5

              SHA256

              81145052ce85d86f28afcb4116287769a7b0e43b84470c0b15163b113fa47a8b

              SHA512

              f8f0824a33ca8f697b5ff1439d137cf74b3e84b4d52c3138e84822bd8299f9a30da68ba2d5e964e210ebd0b1545345fd57125034a5664c45d38c97b1e6c29c0f

            • C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

              Filesize

              2KB

              MD5

              66139c55cc3da5bf43c544a12f945d01

              SHA1

              a4025b5ce5a671a27c0eed411b67127f0c2ed6ce

              SHA256

              03dd862f8db6c3ebbfc87181ced9a2bd4703da5cc084d488eec85e272e48a6f2

              SHA512

              99d4520c80a98bc4b6eb6027b078b4570f3c2d2e7c4149bad037ae72b251bfb1e51bcbb5833f19246ffab4c275f1ecb618550df40f184b65308bf50efa356d7d

            • C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

              Filesize

              5KB

              MD5

              ad4d20024bbbbe894d166cb2e5666978

              SHA1

              3ea74d6349b0a071e62cde828e4214d264ebb19c

              SHA256

              4b8bab6e4045208b69cb5265c4015f305e1d995898901863544e504e7c2045fe

              SHA512

              a78073bc00973fe8cd13c635d0c0ccedc9a97a45dffc55955a16d9a000c0e404ac54e1109e145be55a2f753772593883f72359e86feed1f21e66ad8e358f6f30

            • C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

              Filesize

              17KB

              MD5

              2be0e7233ae36cb52e42391f02865a3a

              SHA1

              1080c7bf870f00efdf9237b85a723fc6d6c99a78

              SHA256

              762a5b2d809fe5cd12d3f391b456f76566d37588504a533a90bf80fedd81539e

              SHA512

              fe87bdeaddcdfb8429197a2034cb6de7705809dbb58eafa29723a60afa7fc756a40dc2386e203e43ced19d8ac573ca192d6eed95dc43213b65677f0e2f1f4995

            • C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

              Filesize

              320KB

              MD5

              2ae4c3bc25037f36c727c63c704f09fc

              SHA1

              fcb09ba9b1a7c797a72077f52771314cf6d07e9a

              SHA256

              04c058f6ce41db7aa32449ba285d317634cbdc62db74e8b99c9761a9c040fcd1

              SHA512

              72844f5cf523b93663fada4956bc3e197502d419f2733356d7a9eec97fb4ca2a7f4a5ec5b5380655eff2be57b4700bcfeff835ad99ea4ccfdea0cd321f575a5e

            • C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

              Filesize

              1KB

              MD5

              8592fe2bfe7a407bd2e75d0df0f7ac57

              SHA1

              79c3be5f5f076cba6df0195e2779f157edf27697

              SHA256

              333d04b2eb4265bf4ec829517e461c5cfdd042818a7690bf28947f5a112f2226

              SHA512

              d3c9cd081a4faacf1b12a58f7be0e97494f03cc987e8aade62409305692ba7cde4fa9f4b3e9ae80cffdca3105419fd7e8e1579211cee0ae51c0814560684fdb5

            • C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

              Filesize

              10KB

              MD5

              c2eee413c1de136fcf1463cf2250d24b

              SHA1

              056e70e3cda698ed6f5ec93a22a429323a55d36f

              SHA256

              7fa281c70bca996ba0a405a87ce5f646f7a84fe8f6b1296e17d43ed702e15b98

              SHA512

              4f49966f919b06779512bc50dcfce51798026aaf63f8160b0cc9a9ace9ff2af5d6d94393d17a58c10e2f8922eee7dbe155894101dc4035f02ce5cf1d33caf0a0

            • C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

              Filesize

              3KB

              MD5

              20dca4dbc30f9ae52cc7d4e3986c5799

              SHA1

              94e3db60b7bb57c83694854775c4b87320a9424a

              SHA256

              c6df2518df90d8bec2d3d73d50708aed60f2362064c9d187a9ed98e883c24bfb

              SHA512

              fdb78806f45beba0e959b1ffe5a11c88cec29b4a66c833b0401774caa312b5aa6b05eaa20299ecc9994ff10073c807cb3b84ba543b8a05bd7b8cdd05cd8dc81a

            • C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

              Filesize

              176B

              MD5

              62449ca68e9442552aa794183ce61389

              SHA1

              ce791ac23686d312d5bcc7ee5c06e220d87e6c60

              SHA256

              c6606fb2738c122c9af5cc2215296d17e37a14c5153ab82a4819fa0ff797ff9c

              SHA512

              40add0e2268a22ac7dd0cf86fdb123b093f83af0548f04742f56d318fff849e7b4902523bad7017717d40ba36b090335d2bcd824d54d00bc36f77dacf820419c

            • C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

              Filesize

              1KB

              MD5

              f1f6f5574935391db5f0932ca67ecb87

              SHA1

              76005704cf12741cb101ed37e03f00aad58e4f69

              SHA256

              ee5b9355b13aacdfb65fbf56fc3679ce350da4d8f4e8bfc9c85a89275bbbe04b

              SHA512

              f17571f9af478dae78706259f9402ac0f4c5943c3ebd5f088b1aa00ff683ecde38cd2c648ee8c5231355a77e5ffed2283bfdfdf6194a9a2c6f9a934ca91df111

            • C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

              Filesize

              3KB

              MD5

              7d3ccfedfe08864c9eba74081a764a8e

              SHA1

              b20dd321ce3e55b9460b65aefcb122f8e60b0f4d

              SHA256

              539b6a10677a8c35fca2fd145424a6457a1fa748bcfa85312349e506e26ecfbb

              SHA512

              b5b3b4d4b5276194de07561911e9e2fe6e6106ed3c5787355b634ecc0404798da505e3de8b23ccad7e0e27b331204f040785e21eee8c2a9e175921f63a4677cf

            • C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

              Filesize

              1KB

              MD5

              9ebb9fb6ba0e780a47188136d0472a70

              SHA1

              0636ed8b84f357181d4c6dc85dfd2e9b0dad16d5

              SHA256

              d58de3b831ba23d4dc1d801cb601259ac564d3a5179a61c5c3ea4d2cb62cf204

              SHA512

              01c9ed2e7fdec11db804815c21d5b459e5150db3f9c0a301b4b53e5db5872aefbc8f5422c9efaf273a4365e017a05a15fe9945a86385d3f1fc8c76a330c317af

            • C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

              Filesize

              28KB

              MD5

              a0e8c844bdab3dc4eaecf274692fafd8

              SHA1

              0025722d8e5e4030454e652731b0b191096ca679

              SHA256

              01d4f01b0c102c8c02a57d1e2244daf8db19a2ad5718bf8822371f1933c71154

              SHA512

              09f9266b3c16c02af92153408564e189e42690ff18a5e07aea3060a34c9dc87fddf2a0c337389599abfef1d2d858c7174d197c761af894f808d9445ff0ff1e9e

            • C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

              Filesize

              2KB

              MD5

              e2f72337cca2dae85417aa3426e1c757

              SHA1

              8dfc88a871b638bc84f91626a97431f930482897

              SHA256

              03b97f2f472bfeb6688e1c7b6aa102662d8cf268b5945687644347c84430647f

              SHA512

              db29deabecb46b074f02db5d68b499c28b395adef468c7bcc9197fafb568413dddc824cec784d2e91fad83bfb50fbfb9232391cbbb90bf43e31754c975627982

            • C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

              Filesize

              1KB

              MD5

              6936de25a44f24145c788f3eee576b55

              SHA1

              2b385673433efe04d4050a3242bab39497f134f9

              SHA256

              8d571762bb0f94e8165d7e685ceedeffc99a7dc0815d62d7ad5e8c857f288d5e

              SHA512

              77c6ebc8d91043fff98b9d5d7692a0cf553594a0b6d61a829e64625bc5155a8fbf067faa2129244b7ecf0cb2fe3368c4931600f93bc628b4137524d015caadff

            • C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

              Filesize

              2KB

              MD5

              aa7e77b67b41a07345262ef64ae09d66

              SHA1

              fb8c22cb34a8011aa01c691023f93546e361d121

              SHA256

              13911f0f78e4dac074801ffc9aed011ff4c017dd71bdecb588844c3bf8819b28

              SHA512

              a76ae72edb253231e4e536eb224f7a30a9205cd6f990a0e0aeb20dbb7dcdcd6754b20bd3d53fbda47eb1ab5a7b8a7d5eeb0b9276a75a75aac26a4d67dcaa6f38

            • C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

              Filesize

              1KB

              MD5

              bee3d8ea7720f71a2655fea128133bed

              SHA1

              19d2e260dacabe08d6608bb45317e3d2e2c69ad0

              SHA256

              baac07d34012542332221548f5d9e9bee30849d0a50bf32fd4d85a749d8441b8

              SHA512

              036b52f267a6ae2e2f03997fe9e7d1f2a246c1fc778681a87f2d3ca3467a7f4fb82e54519bcff63686ea94ddfd8c831d16b5a0aeccd075db36dde79b44bce79f

            • C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

              Filesize

              1KB

              MD5

              50cc0b4beac2ec60e8d6cc6238c71644

              SHA1

              c3aaad1297621a8106257666ccc1368b1042d76b

              SHA256

              66756db7621d001edc3466a93662c4b2baca6e04e2d23212fc4f39ac3204373d

              SHA512

              c3aaa263e7f9ebf66822fd095a6ebb19dd906ebafa21602c6de30449793459f6ff47819275c911d6faca0fbc2c0a28c28ee5d13f4979bea784dc1f6ee7f0d975

            • C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

              Filesize

              1KB

              MD5

              a0f8f20d6f26b7c695efd812d38e8063

              SHA1

              542bb548877a2d67eeebdb500306ddb156ff38c7

              SHA256

              d3fb052a3bf78318db07281b67bbf55c6311c20bd349692f38fea1b7cace3221

              SHA512

              b11b699d1ed4866722616afc7321394d47d9dd9e91fdb8c9b0613b14dd40087c0ae9e0d91563a3f0963c27f63b90b9a2816e6ed6e543c7a2a3ae5d79bf33d6f9

            • C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

              Filesize

              3KB

              MD5

              2eb568debb2aeba51e8d3a5a8094b656

              SHA1

              f2d7befd0a7a46ea95ff1efb24b4d477b23f3fee

              SHA256

              bb6c97d3e020d80adf432216b3ea08815db025b99168fde075a0bfaa111058fe

              SHA512

              c5234107fead4b06a482a74aef9c3f625d733364bb26ef257ebf6543ffe8d4bc6ed05d9987e0f3dc4cc55caae56a2c14493d667549d031e8ec026be9e9469ca3

            • C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

              Filesize

              2KB

              MD5

              2c88635bb13bdb2b6f056389bba1ea30

              SHA1

              772315a2e3dd73c61f9ad84e46c8f12d720396f2

              SHA256

              169655c549e52d178678ca2ee99ca430c8f263649a62583ec71d22e61b648986

              SHA512

              3cbc9d9762bb5cc417d526cf50336697be10a27751b29b8f4191048caddc39fca8d3fdf437717b9304ff72106196ba67d7bf4afe547cb22d1ec42a9ca765b19e

            • C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

              Filesize

              6KB

              MD5

              bf32664fdd6f5556d799361a4c85c2ca

              SHA1

              ca5cb26d0eccc7250f948a31d9d8c08f865e14a8

              SHA256

              7c3ab47618bf8679f8d221e129d75f989dd68cd6eeb9433eb7e8a03fe45479f7

              SHA512

              d8c6f8486c4dcf492d9c5e80f586312c8abd7bc8d9fdff73208974be5f0d594a40e5b2e6152570235127b48625588c00e146b57475596113df158d4788932518

            • C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

              Filesize

              5KB

              MD5

              794c87deebe529d6fac9d5fc6d1f778d

              SHA1

              59ca5247107fdfb67d3a0b6174decd4c7f69c931

              SHA256

              f3afc5e54b9f56c125c9aa17101cb4f08fbd780ea2770582bdd3fe12a5435f21

              SHA512

              a6cddc08d068fd3bcbfd5b3a3f25346771e658d396f2fca1ffc2b4c9b5999eb55d37bb2d9b24d3c3440849bce1a881837be01302dc5b497b5400a6eede24860d

            • C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

              Filesize

              3KB

              MD5

              e140e4f94bcfdc162180158e3c8a2280

              SHA1

              e2d940bc0b2b2b44b845824d4dbd2e548e850971

              SHA256

              e7860fffa8ad7d2014cc235e80250ce9c23c42359f20bf502b7a95443dc16090

              SHA512

              66ae15897b76297ba862647b544c2bb711cdb19d3faffe21fcbe910c11eca9b740fc56bff82ce6e59e90caedc174a97368df59a8ff4d9c9f4b5bf31b59938276

            • C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

              Filesize

              2KB

              MD5

              c5b91484dcf2ed67aa1c54f6419883e2

              SHA1

              7427622d11c7bcd5605228d090f0cbe7f864951e

              SHA256

              a99cf54276378bf89fabdbd80090075408b0784aca68951997d28a63f1f23da6

              SHA512

              a73dfeebd0cd3fb6d4d3a09e9c0c852a7116e60debca85d73b07331d1578c0ff3208323e23a01094d0c697a835d9cc3e254214713ae7924455172f46329d457e

            • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

              Filesize

              2KB

              MD5

              77c592ff5329c1589a6db66323cabe07

              SHA1

              6a35c6ca4ff04b08b6dba1415c479ed9dadb5990

              SHA256

              b5123ba9bf1e7ac8055abeb8dfdb6d82f6e45e308f204996519293be52a3a6e2

              SHA512

              89f4ee4b5320d874c2cb192c7fa65d99b50f7ca954338291185b23fbbfc6a63b0d8ac66531d9ec892eb118aa501663d4c891230625d2d9b36e144c9e4d8d221f

            • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.fantom

              Filesize

              1KB

              MD5

              7047ce6c5f077ce6f4cc93c8bcf615d6

              SHA1

              82309b66c9d22581226243c3921692bc54b6f86d

              SHA256

              afd96ba627b38f0b01e2606ab9960c00bbadde36829a0530facd70b61f33a441

              SHA512

              ca300f5504d3402314797b6f7afddec815258a16b38e2e9636a1142062bbe48162708dc852cd1608dfae087048766a63cc7a1b6b5ea8fe42f13e50b87219922b

            • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

              Filesize

              1KB

              MD5

              007595bad9708041ba35f7c1a1ce842e

              SHA1

              0672ed3e5581a1f857ccf3be03b216cd98ca77fe

              SHA256

              7a441b81701bc71591363ee79080dd6bca5500aec649b6921ef1497ba10971bb

              SHA512

              244fcb0f17c737b6e7155f30853460397228c1239e5e0b07a394fddcf2b03fc092488bca874f66bcb59f843ffe85e6e995b290bc259198e7ed4d0b1fc667f1c1

            • C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

              Filesize

              11KB

              MD5

              09aa41b4fc0e2f92c233364b05d9f7bd

              SHA1

              18f2abdc4d3eff5308529e95e6012274d232043a

              SHA256

              8b07628f5c997aae269f5af6606e4bdc11ec25cae4916d8fa59d51b63999c0aa

              SHA512

              a78fae416c80fe3f3726963293be8429b49fb5285110eaf0e80ea6eacfd65b527b870c82f0d905cb27182c37e002ad5d9ff85fa8d3a025be7670cfc5c9fc8081

            • C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

              Filesize

              1KB

              MD5

              75ca33dab985ee026bd49b4194dcb9ca

              SHA1

              301a542ec8bd751813e3ba10e9dd52b1109a2390

              SHA256

              a82964ddeae17031725ec0bf560777504463051042586944b17cc47b2fcf29e2

              SHA512

              bf58254172c53d9e63c715cf10e7e80d2f6ed25abcfc1b8f36252ee5bd9b2de6c5dc1c36e9116f4e75e6f3afef12212dc8ff6068d3a30b4f1851f494c108d3f7

            • C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

              Filesize

              2KB

              MD5

              a3a93a72d56bc10e222428a753b61706

              SHA1

              9c6644eec39547f4bb174e359f01da0b4ac8f0c7

              SHA256

              2ab7b35ce28964439a6451b104e42fe17a5e75f2ddee386b4ed1a45d82a0e02c

              SHA512

              e1df1c435c9999ae6407efa6248f55b67aab940de6c5f1fad47d8dae65c99a03e3d99772559415b864bc264af8aec13b6ec245bceff312037018aad30c33ff4c

            • C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

              Filesize

              11KB

              MD5

              78efdef6dfcb045d39cd5aff4c763f41

              SHA1

              06a1645f02fc0d4b416115a9f38b12f95ae327e8

              SHA256

              957b4ba1aecd9ded55f1b41146814854ddc2c9eec3c0bc88be091c167e8b36ad

              SHA512

              6510ce9c4b9deab16a66126000f6c2f29dc7b39c9f3060cea22124d415bcc5148bf7c96a2cb0e55d591300949ac5a8cd43d9516c6116073e4ed3dfb7987dadcc

            • C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.fantom

              Filesize

              11KB

              MD5

              4830fe82c9efa68f00ca2df07c883699

              SHA1

              c7c484b9e041ef09cbd0b601051c5124039b7e50

              SHA256

              bfc6ce6727f01ce8afddb4fee5f6a27a6d80cd46eaf30043978cb07b811f8c0c

              SHA512

              1295d97ad7b5eadfb8da1f695001d5de684cdfad7202f25f51247d79289677c744b4ca2c2a6990d45f5c7516d9aee207d22b1095d32f7177490cb1dab1c82de5

            • C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

              Filesize

              11KB

              MD5

              205a9b6749a383ec4d6b850ae6c14410

              SHA1

              37740d58f5172ce853af21a5685388080c332d0a

              SHA256

              2e20e0355e8875424271e421f432266bb4261ed7292b4257f3c8e022b99ac23f

              SHA512

              7447bb4f74c0aa260a2b4cb0c618cf8b7ea7ae6538704bc72cb70f11ef906896d9cb2f0526b60f6be57476afe0a44548002f44d227f3cdcc2cda28abf50fa791

            • C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

              Filesize

              1024B

              MD5

              041aa86ac1fb6b2268480e9c72bad461

              SHA1

              84902166bde86b76de2f795f63e247a51d253eaf

              SHA256

              0391b0b86b26c0bc95aa9f05fffef2e9bf6fc23e5aa9f539b38e5de6f98b608a

              SHA512

              f6b78dddd8af710c455d896e4ffead5f32dcdb91b0e54068e3ae46633415701a35a2bba5a3e7ed15656b99b26ef8e70d308063824d6bca3e17704df253ae76ed

            • C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

              Filesize

              48B

              MD5

              537c53abcd3bbd6c24daad39f2078f29

              SHA1

              fc4782a91dc7ee9ec9ff39e9592866d53a799adf

              SHA256

              8fd90bad86f1cd3bd49e3faf5c9d0b1121c10425d2f5ac7fb4c2a3c873ec3684

              SHA512

              a7d4b9d567b2c3c843e9117bc8d6b0f4a1d024ae969e3749740b41ea545c25174f1132d0a2e1be78e9460c50027eead096cc3a768dc371b8d699c8e046be687a

            • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

              Filesize

              21KB

              MD5

              fec89e9d2784b4c015fed6f5ae558e08

              SHA1

              581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

              SHA256

              489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

              SHA512

              e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

            • memory/620-128-0x0000000074550000-0x0000000074D00000-memory.dmp

              Filesize

              7.7MB

            • memory/620-132-0x0000000074550000-0x0000000074D00000-memory.dmp

              Filesize

              7.7MB

            • memory/620-150-0x00000000061B0000-0x00000000061BE000-memory.dmp

              Filesize

              56KB

            • memory/620-149-0x0000000074550000-0x0000000074D00000-memory.dmp

              Filesize

              7.7MB

            • memory/620-148-0x000000007455E000-0x000000007455F000-memory.dmp

              Filesize

              4KB

            • memory/620-5-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-7-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-9-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-11-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-13-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-15-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-17-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-19-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-21-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-23-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-25-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-29-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-134-0x0000000074550000-0x0000000074D00000-memory.dmp

              Filesize

              7.7MB

            • memory/620-61-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-63-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-129-0x0000000004C00000-0x00000000051A4000-memory.dmp

              Filesize

              5.6MB

            • memory/620-130-0x00000000051B0000-0x0000000005242000-memory.dmp

              Filesize

              584KB

            • memory/620-133-0x0000000005370000-0x000000000537A000-memory.dmp

              Filesize

              40KB

            • memory/620-1-0x0000000002440000-0x0000000002472000-memory.dmp

              Filesize

              200KB

            • memory/620-131-0x0000000074550000-0x0000000074D00000-memory.dmp

              Filesize

              7.7MB

            • memory/620-0-0x000000007455E000-0x000000007455F000-memory.dmp

              Filesize

              4KB

            • memory/620-65-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-67-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-31-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-33-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-35-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-37-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-39-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-41-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-43-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-45-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-47-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-49-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-52-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-4-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-27-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-53-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-55-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-57-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-59-0x0000000004AD0000-0x0000000004AFB000-memory.dmp

              Filesize

              172KB

            • memory/620-3-0x0000000074550000-0x0000000074D00000-memory.dmp

              Filesize

              7.7MB

            • memory/620-2-0x0000000004AD0000-0x0000000004B02000-memory.dmp

              Filesize

              200KB

            • memory/4272-162-0x0000000000080000-0x000000000008C000-memory.dmp

              Filesize

              48KB