fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Analysis

max time kernel
77s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom discovery evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>U7SIgIcor9INH9kKbYNkmKu3VfhBdZmQZkE1clQHp6Q9d1S9+HpZboV2YyNvyaPnTTZps/pJwlu6PqUi+cm6w0tgnUfx9slPMbw/FwDYPpT+g8CZwAlONwcccM95LGuQjbqQphr0qIh+gVgAUjkswBYTwzhXwCzMKdNqQXJxUiOXdPE+WmQZPTu0jCQPIyr5C4SrlkKCZUj0B5h9jtv/rLcS3nrl1ek5USsJasT5jOUkBeUPSIlzZfHeiLduUHWzhV1cST+masyEjPIOabXfnpnSeloqT0WIbwbaDKwe2ZTtOM8mD4NpgXfG14VfpKwcsTVhNRsMTCTUbhICkzo0fw==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (901) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Fantom.exe

Executes dropped EXE 1 IoCs

pid	Process
4556	WindowsUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png	Fantom.exe
File created	C:\Program Files\Common Files\System\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Internet Explorer\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sl.pak	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\de.pak	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\th.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\README.txt	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\include\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\legal\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\System\ado\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\swidtag\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\uk.pak	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\System\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png	Fantom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3060	Fantom.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3060	Fantom.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 4556	3060	Fantom.exe	101
PID 3060 wrote to memory of 4556	3060	Fantom.exe	101

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
141022bd4931bc4466714194b4904abe

SHA1
4c4af9490322991734f9968eefcb8be1f05669dc

SHA256
b80d2bdfd7056cb53253ad9f7cce68e1d5165a9eafd2eb16faebcc190693088c

SHA512
3c5941c6b9b6b2aae55471228e5e8292b07d1ed780b33af7e958c6ccf9500ae7d91fa69416f1a7844dbf9624a13744291f1ae8d1b1757cc55b6bb2db6baf24f8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
1d64c64418b918bfddbf5008b8a79aa9

SHA1
9c58b7c8d6183acd0fe934d416acfbc0af8d4dcf

SHA256
337114efbc0c8a7bdd0962a2669b2306117803445d4ecc92fe75db95f2a33be4

SHA512
e26f7918ff07b881a9dc8ce1d5038c3158231c4b1a0fa60467da173c47136c6285988bc3e41d8e0ae083a1c68a7b3b080666896b646f82057c8cf5a6a39672f0

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
3cf5fdf3d646688a4bfbb1b69d78176d

SHA1
a9a61ce5e6f2ed665d1256187b177d6a69a8a90c

SHA256
88dbd348d1c10490c003da3b82f3e78a447f4bd43aad7089b18de36d97a46db1

SHA512
3c30147dd205102afc75b7eabff9cbee84460e8eb3e9cf43479811d896babad36dafe0e7458f4bff5b604bf9c95502453f7163c6f39a9b6bcd4f0170ce626a11

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
dd0d1c87b09d32a4fa79268e8e748573

SHA1
217e6268c6d78b98288c604135aaba15e8db417b

SHA256
c3c95c47c1fa8e642d74229487fce1a98683fe04a247814d919cebec88c17937

SHA512
59024ef4422d778426236f2db4b625125d8c9b7cc9d64584c321c51336bf7647b7a286e37c6e4c7c29e7ad20b3a41f3da2386de3fc707bc778b19bf61ce162e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
aecee07e865d9a7fb04ddc2f2623bbc2

SHA1
95e0231e4c4d34d9c102001568b15b71390d8560

SHA256
c5e1e07eb4a5096ae926b84464abb88731448614f84f4e71bc09431f1bcb45ac

SHA512
bc7e207f92448d4fa7aece8848f1cd3d2639fa7250c10c77b14545908facac9e7c62a67641475833d67ece86942953dc09b126289f658144c0137cd09d2036a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
38a7422c6d3fe774b083570dec18e4b1

SHA1
3a9dec80c7000b7ffc61e3678eae3d1a7864fd4c

SHA256
d2c830e5e17c35ccc10ea6f19acf3f9689d7c33b213b607a4515398876886f37

SHA512
a156466c3aa1bcb11a3ffb2078de96ce4defe87fa24e83198921cf9e87e916cd0ffe1763c730ff43ba8ae2cb1207c6898ef2bee4724596f4196f069dd26580bf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
2f8b2247ecc2c7027698cba228b61fc4

SHA1
73d7b1226843a6eeda7900c224eec3501191c082

SHA256
a2e325aea2f413b54ae00828eeccb6caf51d3c87ea8752ae5c3b4aef028bbe6a

SHA512
6906402d11898e89b5a4e45c8e744d64f27ea86fbfea28fbb5bf930f0944b737e89353b3f8297649120fb678c76579e1279c5f6c4a7e678aba5410b5657ef08c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
aac002e3a211d2cc42b5cb786fc0fd7d

SHA1
7b64568cdf7a3e882712890a174295ddf003ddd5

SHA256
ae6df4e45a7596f4ca482152f1bce3fd98dc25cf5c27429f9b64bb2a3310862a

SHA512
3fe9c0a4069770caf7233438ac1f21118c9822b1287adc0333dd22d9c25ac7f40b35d27a7d1e3cc996d30637994c58f66cbf3c147ad333b233c32b8ca547f59d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
01e99b5c118f463def0b76145bb108e3

SHA1
513f85405b5d91d76e45a69b2d405b29ece00196

SHA256
cfa00f05274ab97642d2881da75811bbda189a7a63d5d40779ac808259150bf0

SHA512
ce6526a9ce11aca8ca0c5de806f806bfa0c2ab2700803cb60a8cf6e4c5e8779b16e1ca298b0200e20e9d74eba0a346ef961b1a84779b2d134db0a9f248b5ed2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
3a73b4065c667948e0f50384c8b3d929

SHA1
5c43d267188829d204944bb6c8725b85c772c777

SHA256
7aed5170da7cef4cbb8bdeefb104fc6fc91e35bc48d6be0374f55a49a057ceb7

SHA512
7e4031a44f4abb2153e4550be1691b73f5619a844781aa9c8ddce17b716c8c775785c6440b3b56ad4edc97863cafb65b46e60f54929136072bd39d5868bd035e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
a1be10f5748e3d5eff471f8e6de43864

SHA1
d1dc39ca4649345621b5faa62c001fd9431debd0

SHA256
a257e8a85a0d2b43476f6626d550fc7781b1d3ff82a7e22bdadfa326c89022eb

SHA512
09034b5bafe8a9a8a82615acbf6fcac37efb8d8f999c9631a5de9237736769ea6437e54e6fbbe73ca4b5c7492c518bdd7b294250199e51fa69e0ea9269527e4f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
4c98f8f660090b20987a9fd2ecf50156

SHA1
d3f1f593101e5cef7b0bf2116ae084d5242e91f3

SHA256
1d3cb6c6f5df03d7eec8203dc2e467f7de8c54e280829231fcc06f4a17f09926

SHA512
e15298e525b36256372e8dc8301a5816f7a877f61b650a1c3921dd7940da7feb4fa19a68fb6198aae567b1501029a4235772e5e295922f878051d57ed3e2b67e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
1925921364405bf8a64a69063315983e

SHA1
bfab84755f1f6cc8991a7b42590a2da05610dba1

SHA256
71bb026dacd672b7a87305cc6431bc32d5cdfa58b78958ce8d7feefcfd7d3488

SHA512
280cdddc06d5eb64e0baede60fb54c64ce8a702c8bfc9a7ba36ce5d2231b02b42c89d7c28b696c498cf889d2148670b0a9b018bf45193506261995226cdbd066

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
7f5555f53a12cb4b1610a5eeeefb6a3d

SHA1
a5b00456b2696a134cd3001ea018a7db1e9dc4cc

SHA256
a84e2cdba8b73c2ce4b95be131aefbdea945d5e7ac2542e2e1129bc10d3dcabe

SHA512
5c61437031fa053e23d33a35b76bfaf85e90bbd15129412764721623a34262b36e248a443fdcb9902f242f4dd398ea89bac8d1969b25ebd383b869a220a8911f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
724372763f61174eaf7779a646f14680

SHA1
db6451cc01f826d15b0385781df53e9344e094e2

SHA256
354239b2aa1dab322e7ac939404893ab368295ee34e041126628cd4e7e0280af

SHA512
52786e89d7087f3200123ede8b5326f02276f2e8a9405252448a83d73c436c66a3435fc5ca47346f51c28b4fda18114d872190251066cc262089c8d634471083

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
16eb83a7cf8dc67ffce33a16e812f7ab

SHA1
e8d6d6b76f12ef947f3501452377485da6b991b1

SHA256
e49a5e8d644f547ba51cd644c0b1bbe9551c2feba65e9849fd6fb3bb4fdccba2

SHA512
361f046405570d1a884edae6220e9800fa909dd76bda6ef2b6d6dea9f31061e5d21bf9fb7ce1042164c9ab9d43ba38193bd5d9eed4b7e5f8e4dcd41d62012039

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
9c3de1586fb51d42c150d5de26be376c

SHA1
13048ebbc33797c27239f38fbdcb5f0346189841

SHA256
1fb9e9870e198724490b30fa0df89eb8c1571e55a0d41b6693c4d953641e8530

SHA512
233277dbbcf8261dcbb2a69dd0ef8a758a4ccd433e7d8a28f5fa13354b8e22775c9ebc5dc7ba2dabc3291a2f2df165de237415ee81686c874dbc2ff3b8d96ff1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
2f93b0f4de8041fa7a6df253b1907a66

SHA1
e122b8abea59c5f0d1086445f6ddd5c0bd44af03

SHA256
35e06ba8cdb80f4dd252f3c2aa6a715b769846ba0e20725c2a384a790a78961b

SHA512
ca7b5c1d37c065face1b6202910e7c5685ef806f8737727b87245b68d2cf36b00916869e077a41aefb4957e89e9e930c1899990bd18cf4a005534ba54329ebf5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
87e25223745989719469bb97cc2bc860

SHA1
54476d75a2b418e846462a8c3108b43fa4b5e335

SHA256
25d44d2eb00b35cefdef5ffc6d0ecd4fc1124063f8c7698032c4d98b1ca50644

SHA512
51be682625a55670a26c2cd30214a22e3f054f4eb3dbc29c5d884bbc1e49c99c3882eb0f208b8695ec979173af9c774cb5c59e1fdcdb1b1f56dfbb9f7397fb46

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
b8d31edb538a26e04622c42a11e64328

SHA1
8da8a13deb85e452dc0fb44f0e780ff8404b365e

SHA256
c1339f3aa6460bc4c36904975a2df561fa16746dccaa498980bd9c4676ba7bc4

SHA512
398c02ae9df262362b5f66b7378c929f6e3bac81f05905bf1ec4f2dcac7f268345bccfe85ef64e4edd6f77058faac17349544e3cbd92162d0617236e4c5c0ba6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
ae54e5a491123dc431ac565e0d24db06

SHA1
b8d7532e275d4a6947d912f0341718934d0de7c2

SHA256
6fc237269bdecacc2e900e2ddd8535d443936aa1f715c39fb4fbde253aebcf4e

SHA512
02fbc2eccf66137a31d340b411c94d3dd2df314cddf25f57f463ace2f633b6f13d15b52c8dacc9b567d0e4306d73200b1d4ea4c5dc23cc1ed6c216e260f2d052

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
9a13dafaeea71c67d38a953d8b2bf83e

SHA1
b8c23ab300e87f366aba1f33812ff11cb8ad7b73

SHA256
2fcfbd8f2f7b24debec2057f04a4b40ac87698bc0bef6dfcb615d47acc19d097

SHA512
a06120b0ffb3fdc9cf4c9f31112c81fbdc26ef308d59a227395860e2178ff19366beef663b605de37879e2d2b309336455433a514cf9a3066f2cb240158b085b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
bb8888e22bc90320b86d3e78763719aa

SHA1
b77f62bf9fcb37a57584c2b7ed1194628345a1d8

SHA256
9e85493ba2d1883071100f7f8d327305a4872ea11ea741b12313ffc17d3666e4

SHA512
65e00e4729503129849ce3ebc71df11a6bef9b6aee1978722621f3fae733ae78b240e338281019d629391729be060f4681fad1b83df6d1c8c53ba47271072654

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
d5a4c54827c5d0e044610860c9b9fc1e

SHA1
b6ac9ae1e0ac7ce20a0d5dbed5b5b1786b2e0dc2

SHA256
cbf2d3c04d75ea0aaf01ce638afc1905d5f654c28ab378b14dbe68f195908954

SHA512
64566664761b2e71d38d77b569fb27e3168b926037717ff5eb9942986e3b8636b859c7541043319ee1ac53a56361bde8fd07274c0a781c8096b9913966fd46fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
e3000bcfb86b0b91f9f49ce9b8103139

SHA1
3d9747eed6ed903fd10a640b9741b76704463eb9

SHA256
356628b1ddd38c11fbd9d2a200af7842156454c8e2f6087a03a8c87d0bdd25a8

SHA512
dea630796024cd0ab1532e1833460571a7ca50aa5cdc3e7dc8b4d7eb214d275d2c15e5a612b14310d641d77517addba8bab4e2f8ee1b7a48e05393025deaa766

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
010392b026e8cefb831b18445e01027f

SHA1
464f9cee76f6f55ffd3901b309c02a23f406103d

SHA256
37522955668b932a5f069e6569b2e0ff8a0c0a16aef1796870a471e0ab09e0a3

SHA512
a5f4e063b3f1dde863327321ede6da1a8c39eb0e099771c9becf92252720003b32b65f36802e390519b55e5981a80e7a5fbb1f2f15480e35da20545c4004d802

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
7a1ad128d98836eb18776422a53e9cdf

SHA1
042262cdd3ab7d627b0967f11389926ae580840c

SHA256
336b382eeb3c576016ae5bdabd1f157e23124412929848b7678acb419d855cb8

SHA512
98b7029a3f32ce7846e64445051a373a24ab5363c205e5dc58983a0362a414020a021d9bae85da69d4e0bc981f2a17c0f96f74e2c6d86e35731613091378d74a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
a6665da1d3568a5c70e0db7db5b7f16f

SHA1
339782caae1a6df554305661c45249586ad1ece5

SHA256
d3cb5ab0d75e7ba9ede8417f354574984758f7128f931e3653f08ee91d866b9c

SHA512
8e50e26aa30bdeeeb2d2525147ec38e3530bfa49054efd0b8d58d9346e133a3c42d6e6c8b832d985981efbcf7b1ce163d07d655f425ba2d83c45398ff70c923a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
5cada72fe63ff3a8f0cc3986e229579a

SHA1
a54304d4f444466ea9bdeba9060429811b105be6

SHA256
8475bb1cce4a4f195436d8ab0d8d89b6f8126fcca3a5e3246b88f9c09a40d65c

SHA512
ef9050c6d5fb7ef460675378b74c97f34d62be6882a194aef6ecd08cb91fd51f01a8eaaa81ac5f64b4aab7cc552adb23179760f0b89a8d4d0a610647bf13c297

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
799ddb856d40c5442db4cc5a9f32b8d1

SHA1
fae554c9b639cf19ff8be7d2a95279a6fe489536

SHA256
af6f6b252989dd6fe1fdcb61cadcfdedd448b76cf0f1e7d2655341fabfb8c361

SHA512
12bfc2ecbe915bf34b3fcdb14760492120a704dc65c05577172c99c6eee300694462fa70b2b9226271d3a7a63911a39ed2f29c00b0336d57e32377d3d59c8798

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
5ef8a97ad376d4dce4badf6e7c97d63e

SHA1
d3a79bfae84d76e9e386e30c1c7d2393d461b2a2

SHA256
3a3381470c69d7d4f64e8d8c147af867ccbc9862a9122af7cbdd72f0377abf5c

SHA512
7a01f65c0da2f763e2afa1ecb9147714037a251d8bb42de7b442d06a62c81e4e28721422c44cec94744b52b0a5b029c1aa6812bab661b48729c4edc2c79ac11b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
ab61234963c02447f927702e551d0f80

SHA1
e69751a7aadad1d667e6592ea84cfdcae136c716

SHA256
92b58bcce41d7ab5049f1dcafe1029f708cf06e808fea1c179f6388a4fa712ea

SHA512
aaa0ab0f5426908da3655f4d32e82feaca1cbcdd1a7843b45e6923eddacfb86e65529bcdafe29acda05fa1f51504e42d0a62b0d5f0a9f32a2b0418219802511c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
f13377426546b0c0e7521e80c7401bb1

SHA1
74aeb95ab7469e7488f2fe7d2784ede7c64ca8fb

SHA256
1f26b1bbffad3600f5659e48da568931b2ae0f54171ef5b62aa562306ef2c3ed

SHA512
d4b63681ad3bad2583a77d4cf3de15534027961f90e37bf26b3167e3824bd8b1060fad4cf7f78901d8ce99eb0b7368df178be1df08df4e88bc0ac405eee1d0ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
be96270bfd5b1de62d3717bfd4f39b50

SHA1
ae7179e9485925f4e370ea61c8e23c3f7b5901a6

SHA256
34d9ba59065d54d0c389b8be41e15d1213cd7ef232d432dd986836af9ee1ca54

SHA512
9e2d3d90d1b418c57f1fa90a15572afb3edcc9f00702917b0f59978b518912273df7502c00f43c87a2a8953e20f174f1350199331ab67cecff832ed253dee856

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
7a9783e4f78344b4cf61a59de2ef8359

SHA1
397bad2a86ef4f1c691c92f32f4441c762b2eeb4

SHA256
55abe94e048c4a7cc6990265758282486caa798b7a4de55e5c862f12db6de191

SHA512
40f72392c1d69c8afcc5cd84862bd48429cf11eee81ceff43d1ec1bf852abfa3d4211ac64aae3ef0919f5b19caa6bbf43ce7668dfc8745eef955a036be7e8ad8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
53c2b7b991cbb246db8afaab37e9326d

SHA1
d68fcd960b3935f934d67220fdefed9e467fa8a6

SHA256
0a2ad5e045a6398984d32b5c7670c63330a35a0969e1711e4e6c11f48518321f

SHA512
d565fd12a695ac7538085eee0361313d44176cc71277b649ef6d6752c7eb8eaf568ad62fe7006b9e9e78e5fe20f648831cff1429a654571668239fbe0936111d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
a8e00c3d08c92296f4085660facbcd07

SHA1
ccdd57df8a493bc62b6a64416b34794b48ac47cd

SHA256
74a3d7d13c6034258715982f3fdb0079e47e0f1b7fa2791cce1b96385ecd7700

SHA512
8ec7bcc23b3b8245e25fc6cd33e7aa97e77ecf6a5848c678bea9dc8574d03bfbaed39a403878044aed2c2d54210cadb0d2bfe7ba13847ed78e51d484b59a0f85

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
a6735517b8a4a3f9371f3a0a1b181f74

SHA1
667d04fe7c30bc54252dc8b217b251c17b405f73

SHA256
0406292ec0781746e7bf5fdb577adec8962289cedacd18b03ae279bfa0bf5790

SHA512
0ebe6c73aa35178217a11ed34fb9c4f85059d67fb280d827a0167367875c80b88d726c052529e79adf243c25aa3c67ce329e2cd381363824cff9ad8e56f5694f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
7d46bc22220a6157c0b62f8245a5056c

SHA1
cf5ce7b3516a7b925644433ead2bc7daac68d889

SHA256
d26c2a5256e1cd040a9fd692332543cb8038edf8a8cba17c15375de5ee9c8a52

SHA512
8f881bb990924857d6e562c86fd53b122408c1bd7219ef22660abf5aa9e6198159f81d37521d2565c03a3cd18ac9fd06c939f82d6131b5050707b7bc6cda02e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
c57978e9e3ed6f48fd45ef17011c0d33

SHA1
a2d82b79d48c5b412f8b1ad596d8062cfb146835

SHA256
2be02ce69645675e3ab376bfb09d3deef1dcbc41a335df973a27026256891668

SHA512
695ee71dd9a3e722f321c341dc86c2b523584126395908e95cfb60d9351840a50b3910a1012c22e690e20ba47f19c8f03f93e489f8fe717545013d0153ff9f6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
f355ad389ccef41f8def8b8e033b63ac

SHA1
f4040923cd7dde1e6dc3c4a509c96bf551e1d389

SHA256
d698c97d61197abd73a1e55f668cce041e68d528d599bf017824cf243882904d

SHA512
4eb2891c59b89a121af86c34a0dce43035d78cd3b7322b40347dd445f51fee271aa71bcf35edacfb71f0388414a4a986b3d82c1285d6d485325d0c1b7e576c88

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
16fa016c9e5410d8bb9fc0bd343de419

SHA1
9390ee592e8799364aae21b1e249b131f8848046

SHA256
029de46222c1094ab4a33e4c91636917433252e2ab6afe556638ad5a877eec0b

SHA512
7bf95ee118d68e0459fa3c8acbc41466340697cd0a46b4ac8e0de2009399d3cdf086f185c05a570daf7efe6f278155438baae5a6b9ca22e987e00e79dbddea19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
528f97a6515cebe2fedb7ebccf03064b

SHA1
74a064b5ab060dae4309562ad0ec0c15ed87b292

SHA256
39174cf2e024bce56e61897eb88f7846c626a3c148dc25c74b35bb7272d5975d

SHA512
360a25fe09dc376a337896c70374b5a5921c4599331eb348c1e4e600a2364463c46743ece3649da3116b32df222258c4bc2146349203f94817afd449b45d26b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
f6b5b581d31dcc10fc328bb8cde634d5

SHA1
966c28c2314aaaced2734c603112cf6894280113

SHA256
eeeada3b4faa04e895ea705976a535fb0dea05b599d563c179011be590d60c76

SHA512
c1371b08d20d2c9f5e0464e32969e445de5e38336ef640f420a976a5c3a8901115e0349404f84c31317df383b717bca4536dd763858b50c8fa9b2a77417697bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
5e16282dcb7e2ad3a89ebf9755e82e15

SHA1
e503d1f00a9053733955fb0a19c210a719af8aa5

SHA256
521715a004afff093873d5a52974c2d1ec776a00a37f088ca75ada4244540849

SHA512
e128dcd6519fe4b0b62698b0ed18c78da2d9fe2fecb70806af7808f7229f6c170e25800fa4894df48a320641da6667631311d0ba5b7adbd411e9f17f487b9f5d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
6e44f2dfe8379688755fd85274c0aad8

SHA1
ff5d25ed2d65da36f0742dfa377cb61148929a0f

SHA256
8707195451fde8e8634c174f920f0b806f21708659e8b1eae7ec1c060ac2cbaf

SHA512
ec98337dcdd802b007182c781e4247facaaf15219fcd90aa8ce3e2c5573b77eba37f346540e5c615b75dc821b68fa26e1c65c7c801258448b0d9a9c979f779e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
memory/3060-24-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-14-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-1-0x00000000024D0000-0x0000000002502000-memory.dmp

Filesize
200KB

Download
memory/3060-2-0x0000000002540000-0x0000000002572000-memory.dmp

Filesize
200KB

Download
memory/3060-3-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3060-58-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-136-0x00000000061E0000-0x00000000061EE000-memory.dmp

Filesize
56KB

Download
memory/3060-135-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3060-134-0x00000000750CE000-0x00000000750CF000-memory.dmp

Filesize
4KB

Download
memory/3060-8-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-133-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3060-16-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-18-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-20-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-28-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-30-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-32-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-41-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-52-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-54-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-4-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3060-5-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-6-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-10-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-12-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-68-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-22-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-0-0x00000000750CE000-0x00000000750CF000-memory.dmp

Filesize
4KB

Download
memory/3060-26-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-34-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-36-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-38-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-42-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-44-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-46-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-48-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-50-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-56-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-60-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-129-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3060-132-0x0000000005370000-0x000000000537A000-memory.dmp

Filesize
40KB

Download
memory/3060-130-0x0000000004BB0000-0x0000000005154000-memory.dmp

Filesize
5.6MB

Download
memory/3060-131-0x0000000005160000-0x00000000051F2000-memory.dmp

Filesize
584KB

Download
memory/3060-62-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-64-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/3060-66-0x0000000002540000-0x000000000256B000-memory.dmp

Filesize
172KB

Download
memory/4556-149-0x0000000000190000-0x000000000019C000-memory.dmp

Filesize
48KB

Download
memory/4556-623-0x00007FFD63850000-0x00007FFD64311000-memory.dmp

Filesize
10.8MB

Download
memory/4556-622-0x00007FFD63853000-0x00007FFD63855000-memory.dmp

Filesize
8KB

Download
memory/4556-148-0x00007FFD63853000-0x00007FFD63855000-memory.dmp

Filesize
8KB

Download
memory/4556-150-0x00007FFD63850000-0x00007FFD64311000-memory.dmp

Filesize
10.8MB

Download