Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 00:24

General

  • Target

    Tear.exe

  • Size

    261KB

  • MD5

    7d80230df68ccba871815d68f016c282

  • SHA1

    e10874c6108a26ceedfc84f50881824462b5b6b6

  • SHA256

    f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

  • SHA512

    64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

  • SSDEEP

    3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note
<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>XIjtWDVWi2c6crYVjwP6hJMJtIM00sZGPOFWj2pCR6pn4NdCcM3x/mqVGunM4Jdd2UVdI35BwsPT/yCeYyAxnjVARLd+nXdSVIm0PzW97zYO0Mwhhd4upgA8IpUpSIN3o7wvqWTOKz4udmBuUNC3m8AQIPnI/MvYgEttXgAoyjOULALIj1sAveOQ62aDciMyhtrC2+GL+O9/huj15knXu6W4dsUkFm1AV65edMAeX2/I0P9PtyyKAdMDnc/0K9Wrutgc55f5+9LARQNrsVu/eSKNrJxqyJdc3xaH45UVDFvpqaK7fTpMdgWKuYZffitDtqsrDBUVlP/k/dRyqNL8bQ==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Signatures

  • Fantom

    Ransomware which hides encryption process behind fake Windows Update screen.

  • Fantom family
  • Renames multiple (1019) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Disables Task Manager via registry modification
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tear.exe
    "C:\Users\Admin\AppData\Local\Temp\Tear.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
      "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
      2⤵
      • Executes dropped EXE
      PID:764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

    Filesize

    1KB

    MD5

    4519c59858255be72bbae802382db664

    SHA1

    d487a14a49c4a307c77f3d40d275a6dffc0b30e5

    SHA256

    4e7aba93b2643f751fec8ede5d8cc664b91250ee3b8286b22825782098e0de79

    SHA512

    53a301e1833572c9d7d5a8562397192fec2e98ee9cee84c38970b0fa0ab21efe6bf55b57bbd36ca1937b3b9b807d2e3088742110afd4148f677e07e0bb10a783

  • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

    Filesize

    160B

    MD5

    81872862d6f092b25d440c6559a80fb0

    SHA1

    1a98991739fb06232f407c1b56092aaed24d43b0

    SHA256

    2d88cfceed2a232dcd0c511cccd433e835287b8503b02d74973c70bdeac9d467

    SHA512

    953c658bb82c2f98b1b3f0b9c7df65fb48e8b5da937268014dd01f55a20fb016c31e9eb81522763b0c3b6f8c5b3c548a343c2c079471f17ea758971786343484

  • C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    192B

    MD5

    bb670e849331c999857ca068263c3da2

    SHA1

    0fc9989c8ac0acd6476e18e66983e66551c7ea5c

    SHA256

    01e1b1ed77ab8fa891c1c232d9f1d55ecb28175b33fa18ccb7f1673a4d418e18

    SHA512

    8764bfcbdc8dab03f81444c8bf935c906479d46df322b57f7257a7897452d1f0c3731dcf7f3240fbbc2ba1dca272a92138fbe3d4a203c4c49bedb485d059e6e0

  • C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

    Filesize

    192B

    MD5

    da7f089483e67f2ee7f282ebbd28dbbe

    SHA1

    8251a8b0860b3a343e78aa8aa97d5efca64908a1

    SHA256

    2e9bd40b4ae3877d74b43e93625c33e31b75449c9e0be2762c2bd0db29b2826d

    SHA512

    2a9713c3fca60441cef019bea966ae6fc5d1a94826371e8e70c1db785ec15e855f9ce998a0e310b7cf2d1180e19c8eaf75362a0cbb19b9c54b888e1d408dbfdc

  • C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

    Filesize

    1KB

    MD5

    148d32e61f81d78bc2accfc7845506d4

    SHA1

    567d7e3c7336423bc87f5e2a376f479ca100ef22

    SHA256

    f37c28ea31c090da42ae123bc82bbc1dc8d8406c4ad4df8124039102e8a2c20e

    SHA512

    69f5a16509574ca2bbd8321f48aef35440aed4d68e85b8dce8c661aabac87458734a14c5732df12c2d6557a05029d5e41fc67c340a8aa8a8faf4f212456d0d0f

  • C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

    Filesize

    31KB

    MD5

    dd2831902c3e2b2d8e575901d001abb1

    SHA1

    38bd4d4a37765105eb7c9a8d255cd750bad1158a

    SHA256

    98a3aca26530ce744e22084281749449aac03ecfe1fca3207e6009f773cf3df8

    SHA512

    0cc3e4554cc4fd58e4d8748458b8cd5e3ed63606e072ca7da629dedc72d752130d4ffdd45a3d1e1948db28185f49071f243d57956ac286fe2d83129ad6205c2b

  • C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

    Filesize

    34KB

    MD5

    7e79a7e429430ad86703d8642314326d

    SHA1

    e5f445e259bac1b82c232a607c96d176504a1457

    SHA256

    fc6b756100484038df1b50de686a509286ba521121b192601feca183736a5aa5

    SHA512

    b5638a68ca1995eeba7804e9f2291d215882d068841b92826bc88b93ea26140d595b7f8da0026fd3a6d035fc2ae1bfed7d68d4e7c1b9b23bebf9cb4567dc618a

  • C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

    Filesize

    23KB

    MD5

    c38c25ba6afd88716e82f1df21239b9c

    SHA1

    5fb3e6cd1389ce20e4c53cf770e7f53eddfaf98b

    SHA256

    16671c0387d83bfe3fcb3ac15d15c115de07fc5096b4ad81e585e948ae15d628

    SHA512

    d4d8acd594607517ef5447fcb703a93581479af8e923c3e82e51ab8bb1b07cff07d6c03b2cdd96c2e5259457fe62f3ba3cc4751b170a9d8c30b8782245c6ce83

  • C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

    Filesize

    2KB

    MD5

    00e4c3097d42d56776147b08b2652d2a

    SHA1

    29d71359334db7a685d13526b1fdd5448b1b58ec

    SHA256

    a9279bf09a58c9347fec3857d7a22e379f0c855d5c5a8d3964f78c49f99bce8f

    SHA512

    672efb05cb6c026da489819189df8d2c84f60feb212b3f98b98ef7b57038dbb6d61cce91b1eb35a56c174357b581c403633658ec95add3865a0e02e2511b5008

  • C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

    Filesize

    1KB

    MD5

    e9c7562c348052ab36430b65f5439cda

    SHA1

    61e113a88ebf45c88120a1cf699944e413dad512

    SHA256

    4c81c7aac9e3fce9386b91f9c4dcbab6a631b3e1f2264b9d78bfb97facd49bae

    SHA512

    91873abd6eda0f9bd79ca74b9ff70ab89cedda9955665ba6bbc3c821e2f867fc0c5d4fbfa76b94f1fb2f36bc2b68a16aed716caa7b912ac26cb94b5953348f50

  • C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

    Filesize

    3KB

    MD5

    0a072961e4a61f513b6782ce12fcab89

    SHA1

    c28ee84d036320902e77d0ddd854e7185dc3936e

    SHA256

    c61a30b5f11cad4427815a97d7b1a2ed45f82fe473d824184d450c8fd28f7afa

    SHA512

    e8c941ea4e47c5ac3430aca5b6923a539df7a49958446b4aa6820786fcd5cc6baac2ac2aa646cc57d8e2b4d2fa8f9c11bc1ef02346ea691af0f1e9d971f1e00b

  • C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

    Filesize

    2KB

    MD5

    dc69ea4edf8e04f6eeb7da5da5891587

    SHA1

    de4f348713c2202b97be4e00251e5abf7dcc1fb8

    SHA256

    59f27686435a1b5edeb2398843e59c99031f90a08fd0eed626428683c5e773a4

    SHA512

    2aec1a179bb9405706408e271c9a3d5a5868320b84962f867e44b96fd05786cabd0fd6efa3f38feac5d67fddaa51a744220788cfee392071a1bbc63952f96e6d

  • C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

    Filesize

    5KB

    MD5

    5e2ea65dcf3632ab0dc32f377c9ccfab

    SHA1

    1d98e1026bd4ce930c8b2d60dff1cee0b510689d

    SHA256

    a5d5c133bf705fbb30644fa4c8f72e2f4baf12a7f9db80a9447927fa38011a7e

    SHA512

    5df6e23be64944fef6d7904d61407e6386ad363234055753d9791fce9c7ee6b57bf53e7f5c25c0fe8d21d2cdd9d91ca81ccc08bd596a6c3d22aebff5a37411df

  • C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

    Filesize

    17KB

    MD5

    be799fafed1952b4a94ec6e7c7cde672

    SHA1

    c4d575e12b37eb16058f6f6f9f9b8af98c2a62f5

    SHA256

    7e0000984ab314ec66212699d375c345e4cf039547a6ee06b7aac52930fc1ca9

    SHA512

    e7c600217b7e89be9223cd6e555f52f8d541a9530056daff36da022f7163253b8b72947cf46f1653a5d55b830644852307329202e042f7f12079bf50c8ef7633

  • C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

    Filesize

    320KB

    MD5

    584fe83dc7b740ecb500164e9625a653

    SHA1

    18e1dd72b1e8d91aeced080f0ca47bd18a8947e3

    SHA256

    db55412c0b9b697c1d5190d7b09a0c0bdac77d22e21ac02232738020d42b8ed2

    SHA512

    f66960884369846e2bec62154844f0b1d749c180a5a626ef0c2b6bc83f6cf068e2a2ead0bed923c6abb513e0f435df8d289fae34a676f4ccce0651493f024303

  • C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

    Filesize

    1KB

    MD5

    9480c8bc6f4e7538d0b01cf9de91891c

    SHA1

    b7c8cae0ad48c6a7a83f725857da4d4bda8ba147

    SHA256

    2e67592c9889530bda0fbd7900f01c23cca90f753b9af4108e18a6f3fcf3a026

    SHA512

    7cd6bfca7a6367fd325270fd881fddd16da23816680932ba1d4e93ee9079f3ac2b76cae4403482fa66d38cfbeca45ff118058baed8b229dadf996d23d75e7907

  • C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

    Filesize

    10KB

    MD5

    cd117e1ab73f532515aba8bab95c3e68

    SHA1

    8a8a68d8602421560cc93a0b501391cbd4d40f39

    SHA256

    26530d02e42c83505fda5ccea4ba0925908a08e74f608633fe750fc0cfa809c0

    SHA512

    4ec57c98df5dc561d81323d505c3102230b12bbca540c4193a2b1342fd4346f9cbeaa5dd55bf520c61625dddd88d879072d494208bf3cb5f0f384f70866e3d9b

  • C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

    Filesize

    3KB

    MD5

    dff2da2c640a2ae3f844753cfd6ee716

    SHA1

    2ce65ba285c193b66885282697f04193d5632865

    SHA256

    b3b5c8a631829eb688b5f825f0134493596d48f336d5193078cc7d0ec3401d31

    SHA512

    80d748a4082d433120f9f271141d85f7b9f5666cc8abb360fb4142e4503bfe7f1d1c2a9664a43760ab3aaa8c6add72c49e8f97cb5f0ca3324153da90c52188b4

  • C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

    Filesize

    176B

    MD5

    bc12177e8a10626cba76a71ce271ca0c

    SHA1

    3ee50ba4c2e249e617604296488806730a48f52f

    SHA256

    b69584fd07e34cbc93cba48f6d838d949e86dabdf6af440e801149254cccf997

    SHA512

    96b9e87918dcaa09c21a023e584b7e5fc84914753b641efa645d8b28db5f7a2fb173fbe99fecbac2dfc583da551defb2848aa78a37b1aee90850ee2885520ae8

  • C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

    Filesize

    1KB

    MD5

    5532c9097f84c782bac28d6e6f6e883f

    SHA1

    b3bfad30d3b7536af06f9abf81e0c3128c1f05e2

    SHA256

    f21be3f128a31e528fa86f51396275946a5fd4f5059e5a40d2238ffacd9e25ec

    SHA512

    c4e7e7863d93df3cea9cf2424711234c40bfd89ff6843742c7b63d3503329c01262d119bb573ab2bdc0f8b81f6dc583f55edc5bf576f93dc5f2e95a48e0f5acd

  • C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

    Filesize

    3KB

    MD5

    fe2dfdb2e5d16529119cf5fe610f949d

    SHA1

    eaee9741e103d23c407b797dd7bc5d0f52d28854

    SHA256

    6a0824300ea8791e12e708d2f4bf18cb2b3a0bffe1289574a7d5e78af633a576

    SHA512

    cfef25e9ae9960c3f24fbdf766d4f7feaca6fb1f78ad3d4605c4ca0d5daa73297bef05a8a1ab359e70d5cd85968bbfaa2dea0dd266cb4b19a0477606f2ec6410

  • C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

    Filesize

    1KB

    MD5

    04a880934683de3791daf8ea273484b2

    SHA1

    c7406528c2a11d2feced50bd3dbb0814c1b89215

    SHA256

    7379bfc4bf7dbd94b5ee724e2b100d3e4cfe0f3dd5e4e8bd88cc0619dc2e461f

    SHA512

    2a7ba11bbb5fb63e198ce9f360b42d5849a7bfdd011a7e453d3252d2373f0cc49bb43f49ed88da8682422da3babcb496c228d4863714be2a1cca977adf2f4dfd

  • C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

    Filesize

    28KB

    MD5

    9ec01ec30b0bcc28a1d0d7bd77bd5803

    SHA1

    9519735810587da8bc774b9209e9438b313124fe

    SHA256

    e2a02252adf018dc17b12e1e3b231b6c15544f2667d9cb6e3d94ceb3155f251a

    SHA512

    398f27e4df350b13239cc29809523059a57171dc560087168db8d30b0d7eae3ba575e4d3815c8a6646293d4e53defa76c6b1564a638c2bb80d3a6253b517909e

  • C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

    Filesize

    2KB

    MD5

    c772aca4111655cac5c30071e0341176

    SHA1

    f7a6cd6e33a1cf6af32285f0fdc08cd350b822e3

    SHA256

    2606114ffeec0e0f1c8ce66ca572c67150731d9861571b47180d696c7e117c16

    SHA512

    484b8cd23c329a3f43b323fd50be9d03343d5b27e76f089a21b150f1df44867a5fa831c4e16fb94cae2fd1c776d71aa3d7def529d4b13e234c00d7c8efb7d041

  • C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

    Filesize

    1KB

    MD5

    3609ca6d3f16e23573c277eb02181fcc

    SHA1

    86caff32d95aa98d0f0d07d8de1f029e3777da9e

    SHA256

    85a73fd6bf51d6235a08fea14845d743d90804955e22ff8af60d7f5f6e1ba756

    SHA512

    55e81f675b5281668d8d7a310c7904759e8ba443aa44e4062e874b5d93f5395c591d605c0499eba0755bad7ced7507da32cdce7198fdbf45962a953f5601c7e5

  • C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

    Filesize

    2KB

    MD5

    28270c1540b5a8095288a37fdafc5d91

    SHA1

    3dd58babca5859bd8ff31da74cebaa7ca608a276

    SHA256

    73c56a77069ed8cf3f52e54e64bb5b79ac07c148de8e8949929edf632ead92b8

    SHA512

    086c373ccb8e5e0c97b39afa14a7f4427e32ae0dfd1a31eded2a926730e3d7b08b81bc97111d95efa22718a702bcfc86770991d6a724595c9b15b924ea9dc115

  • C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

    Filesize

    1KB

    MD5

    f6c4c28e5548c32e0f39daf385743192

    SHA1

    5a9061172955547fa1bb4a4779f8bafec9d5cbab

    SHA256

    09ebb3d68a41e794051174881a4ac6d831768d28e206f399fabd820634c7798a

    SHA512

    75d2c2ea73500d29b31f612162181064f387997d309e1bd9145e0ba61fdb9146e4ee3d4c509334451772f0840224e375eff83e0f0c39ec5fab2358046c9ea5ab

  • C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

    Filesize

    1KB

    MD5

    f9867c26ba7361567a18a6735686b22c

    SHA1

    dc6150d3d2ca5a6c60fbbd4233fe61b6e5fde039

    SHA256

    523c4ebb9c3b68656a829126e78c0a4ad1712e55603fb69ca7d14492fe4dda08

    SHA512

    c9e910bd5f1d5c70a7d64564215ca5728c51af079cbaac1f24e85db7fd51f438d6105663e3f57a0c654ee0d1024e55711957b9eb1a344c2138426400efbffca2

  • C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

    Filesize

    1KB

    MD5

    0196078978d8d28c3f37bddd82d6a7dd

    SHA1

    9ef5eb4a3fb96d603206661ebbc6ad102f4eff01

    SHA256

    01e5eec7d2c523ea4f66e8648ef5627552a14961a6ea86fc0a01dfb10d040a36

    SHA512

    8db377272aad8cd5fb548d6bbd853398c905742e05066956a3d255e789eb956a50d1719d5b4f754c3ac22bd82d43bca60c56b8a380e63dd09827fb05d76e0cdd

  • C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

    Filesize

    3KB

    MD5

    d86f348506c1713a768038e1c6de52ae

    SHA1

    4757ba419cf535e0ac1a2f3c1594beaac555c7fb

    SHA256

    05525244c297b34ac5cdce607e0ac5b248377c24f101fecadbd95450be7e5f11

    SHA512

    2ca33132229ebd3bb6bf248608b3d0738f11ce060da5b5065055bd6f872f81325891ad96bb5386c75e0cb7a2a07913ec0878143ae8005b064b547e2bd1cb161d

  • C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

    Filesize

    2KB

    MD5

    d69c69653d5af7b546d24750b9039543

    SHA1

    1d824ff39f2095d9c547e567b54a51895ee49ff7

    SHA256

    b3b2525e38bef49207687c8b5a5a958502cb6f16526a24e7364bc65230377cd6

    SHA512

    ad774582c5abdb3849dd55bc8539ef87761cb262fa8093c7d4759f2ea67aef78652e13d72ffdaf1b5713c165cafdd8c70ad66868a25efa1118dfd901e15096fc

  • C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

    Filesize

    6KB

    MD5

    da1b842a7e4992bc4f09e80b2c38b935

    SHA1

    d0284e41fd433a8d2d50df1e50fcf449db05e66b

    SHA256

    b87bf86f20b70e09b7e5faa48b93fc8f2c6ad76819c04acecceecad9135feb67

    SHA512

    c2571ac5e74d02a7543980d85bf55533a45e684c418899447a9dabb5d24d609b03fee032c357b7968edb5bc14c079eee23cd388016e1812768e06605bd4aefd3

  • C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

    Filesize

    5KB

    MD5

    4bb177f7635410af8ba4f5f890379e26

    SHA1

    6e2692c95242fef8ed8e79ceb5c5313924af0fb5

    SHA256

    3064f36169a5031ee4380080b1bb19e4149f673d3e038871acb31fb847e6f930

    SHA512

    1a73c4862768f7f96d9d1c5f912331d0a3cea29d26b5539b11081cfee4b0e383c381ee19d2cacab0f4fc9750d1a9ace248c7b6702843e672c155dde699d8cd47

  • C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

    Filesize

    3KB

    MD5

    1c2d522e5df31c9dd51cc26acf13fddd

    SHA1

    5b0bbfe9d4996e4ccc053d996bc596d2bf771c01

    SHA256

    7c793170e58705a290dbb726283d5cc350e63a61db5c0cf3000c260fb569f43f

    SHA512

    faa245d3b64cb2167be50df35536db03c410e19ec04c4c4e50f74968938cb2a5586d9ee3697b91d7da6a36b15353d27cb75496006a549b385ba9eb97ee341625

  • C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

    Filesize

    2KB

    MD5

    9ac31788f1da58d7d4ff002b0546c0c5

    SHA1

    4fbdf7037bf29da474d528abf9da295e9c14c39f

    SHA256

    a4a2d53919b3c5679bdfb10cd7ae036a55784d29cb18759e71cdc201b54320fa

    SHA512

    fa827d2f257f7afd2ca2778946b6b4916c3195c09b3e1d61841f93e787ecaf2805cf00168893f754cf2ed951b298658c8ed78e56bad258510bda3dfc281224b8

  • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

    Filesize

    2KB

    MD5

    69f74014d65bba4b85631ebf799f8627

    SHA1

    c92305b8362c067be92f8b98d8e16467b04edf62

    SHA256

    b7319e2aa4e5d112f3eba9a6cdb0a6d908a08429ab695eeb95fadeffb4a4ce06

    SHA512

    3e8ba309955559b97f46b6a4296d67ae969ea470b78aff93093d08467e0b39c01ec286b9187405759d0b7476c84d901a7e30987756894dd22b11888549f232c9

  • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

    Filesize

    1KB

    MD5

    29b82fe031d3b070aa3eec6cf373a8c3

    SHA1

    3b3abf0856c98ea717b7897d4ecd15b32a66b03e

    SHA256

    71acde30277c72572666906bc0827f15a584ce3be14bca88d98231885dc85894

    SHA512

    910645e58844bcd955c673fbcc03c260533a0adbede981738ae458c0afcadb1f0b4f897e1f0334a68a095a6e9514ee03956c41fdf49994b4ec51dfb4c31278a0

  • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

    Filesize

    1KB

    MD5

    05a8b706bd1295575d8e819e98bf549f

    SHA1

    a0a5fbd236862af8b2d601208e4bd1e750e1e724

    SHA256

    996a9db8226c683df98d9bc4bd476ba9014b35e953ec9419409fd8c8e39619e1

    SHA512

    0202f722c091b3703424c586cea799dc7b2228147c18f0185a55ba8feb72aa04cb2acaa0b81f925f72fde0c1b35c6ed2c61b1b4997da2d066e16274545121ff7

  • C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

    Filesize

    11KB

    MD5

    55c2d96fbf9ef3093175f45650903cca

    SHA1

    df6ea8df8e7cf885f360f69fa696f1bb06a93aec

    SHA256

    3b93d351ed13b2dfa7b07d388bb2cec2370724cf41f1cf399eff7b250a9e1998

    SHA512

    08a2bc19ba710f40457578c7761b291db5cc2b3f88193bf8e8f51fdbdb57badfb20fb6d19a6e20b244b47a74466e902b36301ea40b9920b087b428f563d44a6e

  • C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

    Filesize

    1KB

    MD5

    9a3a7160d554a52140d314e4980366c3

    SHA1

    b1179c8e6585a310bf5a5e8a66d1f5c256682de3

    SHA256

    347fffc031f878951c8fe182e1b5c506e8a367920641b4010c01dff99f7aa843

    SHA512

    4c1c5ac376bcb3e4d5b8365310bd62def4ad5a13a95f9f0f38648e359c3bf19e8cb549091b176a95ac6ab2b33b5b97e2e132201e90bdb5b1ccf948778544183f

  • C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.fantom

    Filesize

    2KB

    MD5

    34f6ab3e5abf4122235619247598e88f

    SHA1

    7c040e8961b120c9bcb97c2923b07b852f4b2c9d

    SHA256

    f8832f2f18c1d421f7cc79d46c7a9da9ea216149adf937ec945dd89c2bf78b21

    SHA512

    53b203ad5e3fe79522507fbf597746e7620c46b1a2164722ee79931e888440de4680abcb9f1392b09dccee8284dfd69c01ad274980d9f1239ff3956e079450f2

  • C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

    Filesize

    11KB

    MD5

    cbfd911138b012d3400e52c0f169f38b

    SHA1

    4d827c36b5d4611a96167b98fb5ec39f28e6d797

    SHA256

    ca7f19c153bf30e20e31e73edcd479b812744ea1966f605f25b5de498ebb931e

    SHA512

    30b5b243bcc454dce57e5d5e8dd47af3190f1e4eb78d7363596c7f59340197a00ee95294535d79d7707db1d10ca3a60fd4034b742cc0c87893271b7e6e179f44

  • C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

    Filesize

    11KB

    MD5

    728d375043c5636cf0095cddd0917b52

    SHA1

    e65e663512111470bab2e1b1b5222f3d9ac7dc94

    SHA256

    3eea677361dc999863a7bc8f6d9a3ca79ad5586793d66991ebdfcc4b7ddb2544

    SHA512

    caa3a3efade0daefc9aa649c021e26d5d80f4f7cd370c46cdc468794c1eb1c499db2fa409fe107c433b80450a742d0e7fcf5cec390ce9324748c740663d2955d

  • C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

    Filesize

    11KB

    MD5

    b463eaa11b69e0804197c493325d8123

    SHA1

    6428ca01f16caf5f1ecce516a37382108547867e

    SHA256

    02f955485b8d559a98a1a033b436db73c230bbc49dea0dcc49aceff09b2bae13

    SHA512

    961f189249c3e4678657e8887581106b9424dbed7ea2ec0544965bf8f83255af710875215f1b93cb4a849faf03c186bad9b6d4b435203c9ed3c32343625f4da3

  • C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

    Filesize

    1024B

    MD5

    ba41a96e25648d1123a0f958f48b7996

    SHA1

    ab1cd534a479f3f333330605b8d48f07a423746e

    SHA256

    6b1b3a2efedf492f0221bb7afb262796f2bf810bf84a82d797cc2a0e41da022d

    SHA512

    372a988d58824e8ae2da29492e3f858a4da21b341372950df087ea59fc4a8ebad48f0e14b51bd51e5bec0d41ff537804f5dccab888ec4d06bb317b93afb4f189

  • C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

    Filesize

    48B

    MD5

    fe3d7373bcd52259a6942efbe9457c25

    SHA1

    18a193b38cfb94d58ebf8d0b98e6fdc0b21408eb

    SHA256

    2d83c27e45c60113e789abb0606f87e5c840bdf73e26d45b5d1943ae10930d3b

    SHA512

    e0ecb9d8039aee7f72413b061187ed81688cb1865df50a7de9a3cc8efbb74571585ab96f7712047151ed67211c48e78c3fd272be049e0dbf267b9bed96bfc543

  • C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

    Filesize

    21KB

    MD5

    fec89e9d2784b4c015fed6f5ae558e08

    SHA1

    581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

    SHA256

    489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

    SHA512

    e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

  • memory/764-149-0x00000000009E0000-0x00000000009EC000-memory.dmp

    Filesize

    48KB

  • memory/764-619-0x00007FFF46DE0000-0x00007FFF478A1000-memory.dmp

    Filesize

    10.8MB

  • memory/764-150-0x00007FFF46DE0000-0x00007FFF478A1000-memory.dmp

    Filesize

    10.8MB

  • memory/764-148-0x00007FFF46DE3000-0x00007FFF46DE5000-memory.dmp

    Filesize

    8KB

  • memory/764-618-0x00007FFF46DE3000-0x00007FFF46DE5000-memory.dmp

    Filesize

    8KB

  • memory/3092-25-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-2-0x0000000004AB0000-0x0000000004AE2000-memory.dmp

    Filesize

    200KB

  • memory/3092-135-0x0000000074D80000-0x0000000075530000-memory.dmp

    Filesize

    7.7MB

  • memory/3092-134-0x0000000074D8E000-0x0000000074D8F000-memory.dmp

    Filesize

    4KB

  • memory/3092-133-0x0000000074D80000-0x0000000075530000-memory.dmp

    Filesize

    7.7MB

  • memory/3092-132-0x0000000005360000-0x000000000536A000-memory.dmp

    Filesize

    40KB

  • memory/3092-7-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-9-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-15-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-19-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-39-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-47-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-58-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-4-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-5-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-11-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-29-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-17-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-22-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-23-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-0-0x0000000074D8E000-0x0000000074D8F000-memory.dmp

    Filesize

    4KB

  • memory/3092-27-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-33-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-136-0x0000000005770000-0x000000000577E000-memory.dmp

    Filesize

    56KB

  • memory/3092-13-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-35-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-37-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-41-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-43-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-45-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-49-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-51-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-53-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-55-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-59-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-62-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-65-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-130-0x0000000004B10000-0x00000000050B4000-memory.dmp

    Filesize

    5.6MB

  • memory/3092-131-0x0000000005130000-0x00000000051C2000-memory.dmp

    Filesize

    584KB

  • memory/3092-129-0x0000000074D80000-0x0000000075530000-memory.dmp

    Filesize

    7.7MB

  • memory/3092-67-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-112-0x0000000074D80000-0x0000000075530000-memory.dmp

    Filesize

    7.7MB

  • memory/3092-63-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-3-0x0000000074D80000-0x0000000075530000-memory.dmp

    Filesize

    7.7MB

  • memory/3092-31-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

    Filesize

    172KB

  • memory/3092-1-0x0000000002430000-0x0000000002462000-memory.dmp

    Filesize

    200KB