fantom | hxxps://github[.]com/Endermanch/MalwareDatabase/blob/5686c37347e2cb20cd08ba1ce7553ba30b0d0f4e/ransomwares/Fantom[.]zip

Resubmissions

10-08-2024 10:21

240810-mdx7qsvfqj 10

Analysis

max time kernel
150s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10-08-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/blob/5686c37347e2cb20cd08ba1ce7553ba30b0d0f4e/ransomwares/Fantom.zip

Score

10^/10

fantom discovery evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>SGlEn8u6ooNr0YMVrxqYz+K6pWluuwZyMT1hiTOLqSMHaVFzep1L5hG1HKv/UuJItV2LaSmW17aLddlJ/QH6D0YsEIsFgG5lG9GpvOqVa32rLZB1NiDx32xHhpMhRuncoe/a4m8SUpMum3SHyi7vpPByqnIi59UoAshkoWy9nGk0/NE+RoLlavye08PFLyYd5UPqE6AIK4K9BOHl44rJx0BO1l00cid4qKh8vFtbBo3Tg0IJV09WaBEAzlflyWBtDi0cwFuSxLSy0Z1OWwA2FK0GcV7rG3+Mrn2EN5qmd52jcpF/ehtFR8YhYLkr77zzuskyXrorMMsrVXmOMJi2mA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Ransom Note

Attention ! All your files have been encrypted. Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets. That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us. Getting a decryption of your files is - SIMPLY task. That all what you need: 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] 2. For test, decrypt 2 small files, to be sure that we can decrypt you files. 3. Pay our services. 4. GET software with passwords for decrypt you files. 5. Make measures to prevent this type situations again. IMPORTANT(1) Do not try restore files without our help, this is useless, and can destroy you data permanetly. IMPORTANT(2) We Cant hold you decryption passwords forever. ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. Your ID_KEY: BBjoIVgPZqwiyu6eYEDENCtpqN6jvJOzvDhjHQnzohw8rHz4oR+g9HTAoc7sliHEtwC35ortVJcQf3MOYm0vgt5/sEtN2VEj6slAvxdPXS0xarV7cJ28Jx8ZpIZdpetv/qHtoTyPZk96j4Lq7DoGC2HViAFUQJLBIIpFXZY9W1CSFA8789JZ1B/mVZ1AggGjV4ojdKPB9xTP4PFXTzr4WKwuZDzTp1ABDy8HOF7P7L6WCADgu8iYL9qeCkfZZjOoe47SEBOYXc6fvk2C539FaFs7gZO9p3LGuycUgP4uGjcRaGFPpdXRoCo/4TxDQvS5HOaHPQ9XalTirm/Q2OV4Fg==ZW4tVVM=

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1022) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion
Executes dropped EXE 1 IoCs

Processes:

WindowsUpdate.exe

pid process

900 WindowsUpdate.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

1 raw.githubusercontent.com
40 raw.githubusercontent.com

pid	process
900	WindowsUpdate.exe

flow	ioc
1	raw.githubusercontent.com
40	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

Processes:

Fantom.exeFantom.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CameraBadgeLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\NewsMedTile.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-256_altform-unplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-40.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-40_altform-lightunplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\PCHEALTH\ERRORREP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\NewsSplashScreen.scale-100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\256x256.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TipsMedTile.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\NewsMedTile.scale-100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-256_contrast-black.png	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-20_contrast-black.png	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-36_altform-lightunplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\GetHelpAppList.targetsize-256.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-30_altform-unplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsLargeTile.scale-200_contrast-white.png	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\NewsStoreLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\SnippingTool\Assets\SmallTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-40.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-black\GetHelpAppList.targetsize-60_altform-unplated_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-60_altform-lightunplated_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\TipsWideTile.scale-200_contrast-black.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-20_altform-lightunplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\CertOriginUntrusted.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsWideTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\NewsSplashScreen.scale-200_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml	Fantom.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Fantom.exeFantom.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeFantom.exemsedge.exeFantom.exe

pid	process
3588	msedge.exe
3588	msedge.exe
1764	msedge.exe
1764	msedge.exe
2480	identity_helper.exe
2480	identity_helper.exe
4348	msedge.exe
4348	msedge.exe
864	msedge.exe
864	msedge.exe
3264	Fantom.exe
3264	Fantom.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
2108	Fantom.exe
2108	Fantom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1764 msedge.exe
1764 msedge.exe
1764 msedge.exe
1764 msedge.exe
1764 msedge.exe
1764 msedge.exe
1764 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Fantom.exeFantom.exe

description pid process

Token: SeDebugPrivilege 3264 Fantom.exe
Token: SeDebugPrivilege 2108 Fantom.exe

description	pid	process
Token: SeDebugPrivilege	3264	Fantom.exe
Token: SeDebugPrivilege	2108	Fantom.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

3880 MiniSearchHost.exe

pid	process
3880	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1764 wrote to memory of 4384	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 4384	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3524	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3588	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3588	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe
PID 1764 wrote to memory of 3120	1764	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/blob/5686c37347e2cb20cd08ba1ce7553ba30b0d0f4e/ransomwares/Fantom.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdfde83cb8,0x7ffdfde83cc8,0x7ffdfde83cd8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14943085760464918461,5704700332443085789,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3264
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:900

C:\Users\Admin\Downloads\Fantom\Fantom.exe
"C:\Users\Admin\Downloads\Fantom\Fantom.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2108

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
1c3cf268fa25e5e2f6ecc333a4c953d8

SHA1
1f88ba338103f255cd9bf8797a10266537ae3810

SHA256
2eed14e5e77b99dcba38091cadc980613ceba52de18ac0ef699764ee32d8a8fd

SHA512
d81b3a3d0669f9196a52e831a602a76e69ed019214cb19d7e698531fe0d5882e0f8c20f1c2152603a97ab445fd94189cdd6ef7871b6b95dbbcaeb52985422171

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
a24bd09e38c16ac4160ecb99d049e4af

SHA1
13f6eb31d4a34dec34f24a968e374cab47491163

SHA256
b032848cf2ee5b7858d95294977431876f7e6d0f1c661f7c765470af9a3a05ea

SHA512
923e69764d896a83077d8e51a46c75a693e5e98ac9c0ec373dca54ccf025bc53e4c33d8c5f0d12039fcb11e95d0edd0b1d7ec3065b18741457e35a2a54ee7ee9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
fd7c92defac890faf2ae37b42513be93

SHA1
4024cf85582450939ef8fa1e24b580a9baab960a

SHA256
77146ca3b4c22506c8e707d7f380358946b1c9a361da303c667cb6ae2bc132a1

SHA512
c02ff3d347a695bb44e0af65e5e59a125d63a367f85858d146a334ea8858eaa15adbbab12ac06881deb973bb29bb878aa4fd43293b398ee039affcd00805af72

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
c561a8a2ff9da54155458fadaf22301a

SHA1
87f4277ed356ed249ae0fbf02afbf3be308e2ebe

SHA256
71706f5961dfc7449db24e9cf3340841fa2fd1c3473c9a2c9bf6636d5c84e0e5

SHA512
9b1172557c1b3017aefb762938b67b5b6470fdbca9ba678006f267b3ce61831a3b125e159fb4ee8701da5949fdd964bd6aeb9b6e0d3347f61b34803c73eead36

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
0cc1c0994849b4fa5d911b89676c2ad7

SHA1
1b924a9438efc49b0ff4c655252c86bf3b5c564e

SHA256
1257251f92d260a121d9d51912ab77cefd2d838514c5785fe19d00b849a4ec19

SHA512
3cc34c5b87acfba4b6ff516af3c1f11d9f37348655cd6ac3a9352d29a3fa2c139347c8f5431b2982fdbe9b4730f3d530e26f272f2fecb7920c9b6518bcc74aab

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
1dd8a652f037e9c2e393ce10712c6305

SHA1
94782e4e2861644608b35db71d3f809c96e1f93a

SHA256
dd32cf1d0a01c4b3662e10b470c94200320d1082e0d53fc999bd86cd24fc523f

SHA512
d5b4109ce72fa6ef538512a1d54640d17c0fa7fad8ee6306195239b34f69a1cd4e81ed9a3ee1d4a7a87c6d48a40b41b9fe54255ed6c731b3c39c297eceec659e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
118388012cd12897d2ee282fab1defbb

SHA1
f96593b67e7549cb1964d9998c22ecbc2a9a1fa2

SHA256
6b11463ebf98613d8bcdb700925a5258cebaafb5968ecccfb2ec3534f36ab20d

SHA512
6aa5d0199cd63e334fdd81470c9c14bc8adc20e24d9721ebb99c75f4038eb1c14fdd90f6f0a5b959ddd1197ae85d19a2d2f38917fd3c8b4197b3d98ad1ab21cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
8ffe42dfbf3a2224c410ae85f2e4a0d8

SHA1
984b79ce6f9280a25afc3678929bf17ddede1f37

SHA256
ef3db33aa76ab2b51d067d5ad93e0883f1285b6420fad0cc341ea73373104cdf

SHA512
c6e4ab9209a6fbef2e1061858f3931203e95874ec185509dc58ace31ef56a9c2ed026b28b024f44413f4b00b49d953a82634ab32e7127c48287a9445e2e09524

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
295e4f72f5b5c6475966c8103bee069b

SHA1
43a86c96fa668e9aaca7942fad888b1547a49a0e

SHA256
f7843688a92683eaaea77b2504561db45561a32312a9e830f60dc77a2339b9fa

SHA512
3043ea61cfcd62254e66dac92fdafd6508750ce20bb24075720910df6fdb276f9deead8733b52d147f927494f2fc25ec799dde6ffa6b42ce4c13c73f333d3ce9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
fa5445f9fa11b67a17efc3e9fcf9feb2

SHA1
76cceaeb9d3c2b29563c4b75d7c21af402926254

SHA256
5c12783d9f65045b73328a68e3a6ded9677c92374dcc5df581ee219d105e96a2

SHA512
3a5d98c856fc1601e595e29fadad31e64f19395918254b9949d49af1257342883bbfae2cf66a501bfcee002479e168b3f57d2eb979019667f8735fdec641f33f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
f602fce5ed9b15afa4c81082885557a5

SHA1
5ce1471391d732114617142e75a755621bb4ec36

SHA256
ae6f9711cbefb5ed1e590509d321fd3bd0155b5e4acf38248c1c201f04574665

SHA512
de0b559e74d9eabd9087555357499f4b6c2c705cb44f0af3564cef11e436ab605480fe365cd38d3af31bad48ffd4515bcfc246ad20c6430b3d277e116868c4bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
e209167b60b00e72e9a9b23755fbee83

SHA1
d99c9b6d87d1e0bdd8b232631f777e4a58bae1d3

SHA256
957e79cbf8e87cb70e983e408192dce6647b0959a3a58af32ebaf7dbaca5b507

SHA512
d28ea81ddaecb3a4d058134ed758553c4b777318927e2589d0a96bca6ca77810963e64573f104bf77ac04dccc215f04e4fa6a69abc6d354974c0947db7992747

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
7ad16d43a4032791b223652061a62ab5

SHA1
3c3eeca1d9c9aec0ce6a2810cb93644eac756c0c

SHA256
1459091bb62f37289a5388a85e1bb84f7203834b7f3e00a4144ce135ab3dac68

SHA512
92d7637bf9f7d16ba26bc783b6daa0081f0c3e829f26aa20d7f29e36452345b3de8b9d5c8de8e0d2755c7de791e792d1517ca5780f638fcaf167902a0791b375

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
941bd4143f4d74bb73a246e3a0488dd8

SHA1
3e3d6cb65b48f568e605e07a08928b4c8bb119bc

SHA256
bdd60f1624f15ebee52fd15e04713d180c81c89ff18da1a6a7b80455da6684c1

SHA512
4bbe3712ec302f596b58c7dd518832afa5bd033f236e64395224b01a0a470b17a052c6d5791d0b8d02b59009f57e72d9f36628e771ba10b110375d29278f5e73

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
538b77f2409d295c6839e523e185f828

SHA1
bb805d529bd82dbe9725fb485667dad3d6e76d97

SHA256
5cb59721d80f994e6405b4eca048112aaa2ba03c927d595ad41d68135995d216

SHA512
cb65b3352999fcd74c4d7dfad0b8f27a9c631cbcb99c85dbab563c0c98553828438fbc53de4b847ab865fea4e507daea0fd97426c455285cf69e3077679a3120

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
2462645b482adc2cc6ca7194e61b799b

SHA1
4eeb492d825fbca74fb0c61add0a865d85c7c536

SHA256
655f57ee9e352490cefabb0533de1d4889cb4f73f197a78c51657288fc52dea3

SHA512
928732629bc5035025288961f80f63e1d9d19464974870a8b817f7ab7bc789e350aef996d876b1c00c7b7be4f6ed422eed242a291b89d44e2764ad4c1d90ae4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
63b0f522a7991eb9e8bee61d73f45e83

SHA1
426d853eabd71c1dbcbba95df80e7d753fcc8036

SHA256
30b07bced6df12e2381dd67520b7ac428c3dfe8724d72b4f40cd66948106e71f

SHA512
8247e801441e00e4710af54189c0d370633af8f6f970a9bdefff3e9ec32672687db09fd0ebf51f2487b93c6fe926e202636e7416f6ef28ebaec0f9f3fd8fa8d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
552d1945a1249807825a21b82b8c15c3

SHA1
2a742b100e5cfa61d884c60245f9b2940d1b5380

SHA256
590c2c15437b577f54586d384ac20d6001c1217b3c7bf94fd0f8c0effacb78b3

SHA512
b53190008d05281589d876f71b25597db8d93c95f113e356024b94a1e4abab2c3d5a21813a7dbf2ec6592e668954291fc3a69305f937e5f944ddf15d800460ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
420a9f0e50990ea656f6e451b1bdcca5

SHA1
5b2bb3392e632b9f8b99e16466246d109854632b

SHA256
dd27e9bca30975ecc3537a071500d7b6dc10ab52735e968c984b0951bd7fbc3c

SHA512
f71a62e084ea1e1104a5769ae8e8895fcaa78b731dee8bac128fc1a8661e747e9023ad8eb74e3a3616ca13e8fa0c305f09cac3f6b26d0bacad5a02e4b6a90f18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
3b792c041c7dde004e8df843bd505212

SHA1
534de898ead39fb3e1e8e81d63d1a1f88d02918f

SHA256
13d0eaa0944d92cbdbf81cda006649ea2a1fcf7bf883c46fb9703060f4729210

SHA512
04cb31c061a2e2aa77bae90cc7bc49d0e9dfdcd90e32c723197f5e34dd012cb419dd0300c29fe9e60cb62763c4dcb1b5196fdf2d1ca8b8aa2fec7730613d4176

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
34ce02b23070e610fff14fdd7d48c278

SHA1
b124d7bdab07cfda334fc4303a028b217c6e5f6c

SHA256
b18c0ac8edb856fcb42027e8077b40a172a38a81014691ae88672055406b3ba5

SHA512
7f5dc9b9ee6885a32d15cd2a2b150f28f41a4d316393a63b59c028ea4786a48cfc2e9d68f2fa417b15d0d6f618087034e1cb6343da6f78e5b75b0ce1adfdd2a9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
de903e13d93951ddadb4658068148e31

SHA1
6f9c5f2dba00ee4feaced3f03ed6357b06c787da

SHA256
3237a594c2d778a419eb1e1e6fff33baf87a667a5a7f6a6494fe2ddc2849b02b

SHA512
8d755b312e1c64b16758d2b0587307d8e760c10786bedc13dc6129217808b64d55bd903e1c16d1ba0468af02b4fabde02fe30162a38b29b4b88d1ef73b2872af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
4cb694e6b63857321a7efedde2df3d5e

SHA1
5c9ca11b582aef28ca7dd09894db201dfcdce716

SHA256
96f3b5d440f47de148100b033850a24fa59ad3a565f7f070ad30105d4396717c

SHA512
e360c729609ecfd75a00b109b8c8f7235e8f41452623d79d92d295763ce4a1652f2dda7d0793ae95d7ae8267ee4f281698e7939c3ac1fbf13e013b09b2a2413f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
c5ba512103b66e0c17d6cae5e20dd149

SHA1
f66c65b24be5a37cdcd43ab3418e45e7a3611056

SHA256
43c27ca68fc59de7f1b591616251554a4972cb7caa512813686bdef8ad6c7755

SHA512
10d3093f3a2a9c0a668934c24d85735efc79a722ec1aab20f4be1b84378156419490c2fadff1fa548d0b69c34e14c9671cda8e4fe6fbbbdef978edf7fe1b41c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
6f1dfdd12adaa1e76c2ed6b66747ee1d

SHA1
b0108bac8012acd469bfde1ad9fb71c10808e9d5

SHA256
b2cf50f9d07581e8fb5c75c706eb786d0b7f69b5f5be7cf02c19abb2f716d5c9

SHA512
2898e938792175fab88485643327683737e2d94005c85927c3d34ed6e2b702228090db66482c7190576a17d624fc9ee9e3a576013e803094e616fbc96fa80efb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
edb6b2c7e8232ef49947554656fe3060

SHA1
174eba169e370a958207664215777752dda91370

SHA256
b084927a8c5b5f4cefedbbf02634bf81f5cc86d8f3f56fb202ccbea6d76528a2

SHA512
ea89149577a1c06e2580184f20f41d28a7b5777117616906df423165f7bcbb3f942bf2da4e378967de7cc666d8178def5fe1c56089e0879ae6984e2a21c75177

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
4875ca9c37693e2f8f94b44f61c1f772

SHA1
ad971d52b31f67f2f8c1a869bd38c6938912a31c

SHA256
ae216313b69eeca673334e52050aec67db3d44b4b14bc754c9a7a73752aa2127

SHA512
a827952d020d16d12991369cfe0d22e9e8f5e44557dac97e89d30ead170a91226da04fa50e58d715d25b884ae185896ae175a69d02e767990ea6343cffe33538

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
8e351041662f87321ea6bf7d36870ea8

SHA1
b18c3dec77e005a1776d6922759f34cfbf316075

SHA256
d514b8879660f402aac8f1d7fe94b6d0075ee5d523559c2bb170c034b429c98c

SHA512
ad5f5f1b8179757be285d1ad874acfbe82134de2d18d489cd9556c4cede4cd45277aeaa9b9ce1263e43403764ab2708e8a98f4beeff389d29b540e2a16a2edb0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f284cffb34ec82386decdf4427725018

SHA1
b7a21d8e2b29cd4794db13b963563d039ff57b0d

SHA256
835a522a71e6fa790e1862bf7015d6301ef55f33da9d6682bd7569bbf89752c3

SHA512
3eb6b7ba93fb9754883e7fce05d407bd599b0f605db27aa04f1d4fa04adaa47276e29bb94684df9b020725bd94fd99e7f55bb713bcf696965dc4d6104ffc719a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
3f57b0afc2efb4e42a51d944c3150caf

SHA1
b824cb7db63d866c894ba45b5bf4c84fb6291e8e

SHA256
c17a48a51d5b212ce62ed0cc03d153afaef5594883fa49141205ea1df473fbac

SHA512
dafa2d076d09d818377f5246389dae59b3508e1633579d7221ea3f6d428f54dace9ec187c52472c663c0b8db0d2e6943f6ffbb16083e0f40f46c0cba585705ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
55d2b6783a773c1b17c98cae958c9380

SHA1
873a86a04fdda7713b2853144b493b4af6964f21

SHA256
0ab8872ed6cf80b13aa7179fab6276d4e57f3f39cef4a26b70c2bb3ebaa2882c

SHA512
342c71cc948d00f63bac037e2bc7fbe435e086f26730dd24e462654ffeb27f39f3812f08f5738b596a184a3b5915a97de0efca5f6053b7d7cd77fdb79d36ebd3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
272ea16b92e965633373728734ef3b6d

SHA1
f1bb196c553b85353274ea2b2f6b8df280020419

SHA256
ed81f20f96acba8a3c96e09e2937e48a87322f14f487c5eb7618085a99f1c17c

SHA512
055c7e48ad2211d705b5f642213668cba9623dd546a8558fe2b0888e4aee052ce1da73b2a59c2eeef93524b894b23aa7100576d0e70d72adfb107e1d032ad132

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
8e644d34d4ffe68ebbe2de99fdc55b01

SHA1
406b0fcacda24be9b06384c85c82c4c709f97ad8

SHA256
7e4fd8156cf542d0f7ce16b3196b0ba50bf3a9c7d15930c5ba7c74ce2249eafd

SHA512
596e9b287166823e8904935cf43f5a3906eef8a7b1cce7afeec93dd056ca8a94835ce4b954d4530fc319868e5edaa463ed34989902d3dc770b050f9ef6735efd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
cf1553ef9eddc37925414a67eca61363

SHA1
7f1e625fa63d2a8e8883d0e8d9af5182d6d1e8b5

SHA256
fa114d4d63de0e244674c1b3be9f824de46daa4b18e500a592a0d2fc88d92868

SHA512
5225d70a92f1ea19ee417d8b09d16c4067b9b55d5c5372d110636b25d7101095b6ded49a83f63e2864daf274be6852f46f6f681d005232b61ca47312b8cf5111

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
d90caa7203212245f90266334125b989

SHA1
59343b16a192ad25dc649e406d6caba01c859211

SHA256
c88709737c00be054cc3fa1599c5873f61565c881b85c38d4f0647a5b15970a3

SHA512
f4274104e2ec6f00b40fd05e111721719ae46f5befe3c136f4f5a695ff9bda8671dc9897be09e25a75f6584a61984d40b5c7511460d66a0be458182f4891b387

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
1a00ef0a73facf1932a4cfb2bce0b97a

SHA1
07405499f1acb12521604399938ce4883f5350ca

SHA256
c5682abd982842a1de520370d269486a1e05f793fe0e6c332f4c913938523aa2

SHA512
98d26407141000211300802261c4c14f8dfd5b9ca94475a11adfe5fb0be7b64c7b9f00ca7a4fe214533553147e59a8212e0ad0a3cef609b0cbca6c743f90df63

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
d8fa1ab960d0f8a936f907ba2be552df

SHA1
c5a02aeab4478a1d74ef3ed1dd9745c4cabf9cea

SHA256
2424d618550c4dba169c7ba96b4f34d63402a6d1240120338fd0e439cc8713d5

SHA512
ed8401687cc4c68b229a9e3222fe19bfd75428a4e2799f670bccbc2cf002dad213834ed8db8937adbd8b3e15e763ad4bdf78d0d5e996b19f361a049b82af900a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
b3d0b009d18a90012fca5d0f76d583f2

SHA1
098836352b15bd647a129129beeb9d2289421bc0

SHA256
c3dc1e50cc71331492e2301d5366fcbafaddb58f6f4a007432caa95ac5457438

SHA512
ebbceeacbf2bfb8c3cbe2281d2e3aa95fe177ddb4a784824e07b20ed578777efcb195f5b2ed9039bdafc9205bc18aaa1e67aec5e43996b636318d870a6d8db3a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
7c9169c0f81254022d40cbf90aa5b0cf

SHA1
e0327bc7820faf7188ba83c9de89633c9950648f

SHA256
43608f520ef1dc132ae4ba42bebcce9e288a628fa89dfec024ba599cb4f99c76

SHA512
e2aade22ec3486b95fec5b135ec4540cab009ebe2ffb2d4db9f7a30e34b6db9e3605799badc4766125b48e5c03dabc6da8be48ca3f4a0dc533292d5f9b601bb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
8cf94e6cf48e9897d337d57dae5206fe

SHA1
a7290671aa021594ea38099456136258f9e883c4

SHA256
002ad00ee02bccf2c9a97153458279823dc051b69625d424eedf51f8a683d46e

SHA512
fcfaa5c5d12df26119d33d25ff5b18de4d9517009d3a6f58c180ca14dd25004b5fb6c28e205b82ccd64a79a085cef89beb654ad73fe48a507d7c9332e74a087f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
656b2bc808f5fb56085b0f10089afab0

SHA1
659ece0d7c756d676728744321bd88b34c744525

SHA256
5bad2b618250f5881db1766eb91f778360bb731e8d5ff6866d7a0c053936068b

SHA512
c2926f0442d9b2a642210975b02457be412fd6277ccdd6a70a351398c23f70727728e44fd9b553f7432db4587d68373a83cc2e6fed34daed91446bd26d62eda4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
6df94d6416d7743d112283dfbfe18c09

SHA1
868005ca3b56dd4df3c6430804f742baf51fe676

SHA256
eb99524c61195119782e5c0669025df743239865563a6a51674779b5fabb6e88

SHA512
90af1acb952563d23a61a0d2c717590a31d745505bee5c9a8cb82a0b8cc2b563b764880ec7da47cdd0c8e0f53ed3a9bf1b64af88528650616047c72d68d41feb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
c0a43951e67c257955adefb60780ed35

SHA1
372225dcbfda5b7b2ad914bb35672d44e952376f

SHA256
bc82f3711f68812c7700fd2b40188951bc15b69babc612bd7fdaa866adf4828e

SHA512
e418f5bf1bfa7695a4647742f7636a079379bf3b3110ee2cfb8befcd1cb9fee21ecb4ba70372d8b02872969b8c087ba067a23524df07ac89e0aeea99555eb379

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4d292f6dccfe2a86eff21b73b675d8ee

SHA1
709870a5525df3d5516d72154ff687976ce8c794

SHA256
d0e6462b1ffac476a74161107e40ce41aac62babe091be108c00fdcc927dc49e

SHA512
7de963da0c736b46ffad04fdd04c74a62258c6606f88c08900970f1fe0a76ac0fa620b9e51389a11671433fd3770bb840d13f162fe40b82f413aa92fc6b3b918

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
9e038fffc83680852d5102fc14f7a896

SHA1
679fb20d3f7ddc27e94127a9d30105f89ac68128

SHA256
c2e3ea14fe829422069be71336c9385d7a5349f94f5f79948bcacd22633240bc

SHA512
795367796439ff7de57299d6d2bd232cf8f05b4334ad82c8b8ca0042a260a8acc089f6018f2f3345fc0ac6bdbaad3ce3eabf0eea364173c1ff649458f3c5c168

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
3879f285c30b8cd0428eb175b1a308fb

SHA1
f6024219e9b5b3e860b8a6c464679ac06efbc7ff

SHA256
4b8444b06d98fc6aaaf7b2c46e0c5d6b9c1012a894bb64799c42d0f24511e668

SHA512
f81c3f0e1a2263ddb74431f8628d68ba9bd840d19038947e6b519ccac84713ba514c1b73653758b7acb9c87106073d61effe2e5d809bf3bb1567c2d9575ff7c9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
b35d9838a15d70be09f43a837a149006

SHA1
e56d712d221039d4d29a790487864230f09453c5

SHA256
6197a2f13c189cbe6ea9e505a4e2e8871c07f80982785b43ad238a9c5e143d4f

SHA512
6cbde45714df356563331b53404cc59c044ab0b2dcdcd0aeed4504543ae5a7ee5adf40c5bdcbf6d974d07870cc8ddf14c7c5e7b63a90ad9f8df39440a9db6356

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

Filesize
48B

MD5
29ff9be5863657e83932e3d48399a12d

SHA1
691e2f64d5e7a2d53d04107926a0595e15d9c4af

SHA256
9b2fdedc2fb90904ad2ca9cdd0099efe5c99f66add37b514d35c753eaca947a2

SHA512
0d07833676fddd5ecb8d95dd6d3bc774168e19cd641b33db3fa330bb12e4e3ae26c3bc2905242a2ab75d377bc4509e1c2feb3f6ce0a248d2ddc63fc55a4160b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ef65f28958749ca11c41d618ca31882

SHA1
7609658f1925b5e4a10bbef2804c542ea052948e

SHA256
cebb714d6ebd2c34f037c9c0172ded323afed1f854c7640443a45b16b23b7bc2

SHA512
ecfffb95bc227827051ba63f6a711a2fbc8b8a43c85bdc9cff967a0bae6db710e4d366331d1f4eddaa79a8aae9f3aba1d26a86f1f119b1995c82a8ec1f74266d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
acce71671c1d3a971928dc70fed64236

SHA1
51dfec0743ba17dde27293cd36f9d3ccf65dfacc

SHA256
7748eae619601aa3c10c92337bb073661f6b8826faad851f4457ad8dc03ef113

SHA512
84a1f29b446e02c6a670d43d4194b6a89189459db76d2589611952f23fbe983cd05184c9c7245217b5862e6fb78d15fae8e24b4d8636736cc22813c112879cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f212d723647ad127ed8d3bd84908940c

SHA1
77ea00ef54a80dd79efb81d5e578f8da13a6f0ae

SHA256
959d4f375993c488c371e869a29a4be97a16368d30f481a2db804802a239e50c

SHA512
fec50f32b10c567d1e1d388a88639535a493b0704958d52c0ed21ab86ade540d64e52cb04dee4a891adbe3d1b126a4d68ee910348dd00cd858ac6b89597d7b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f0d02ba9286aef11370a358c7580a28

SHA1
b014baeaf98c06d89266a7909ab07f37422d4309

SHA256
eac4ffd15ecd3b664e09284fa0adbd69b00ae7838c5e22f2bb28a57150e15485

SHA512
893f25c4e520aee3d84192994d4635f7c3bd86919e87ec63481d82fbc94f621e6822e23546a1c37a8ef25f4b68a35e02207395650f352b6ce6e12018ce9097d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b24a5f4642ce97be8eeda092a157be6

SHA1
21b65dd0dfd9a5fca9f3f04efaf5bc66c78ca33b

SHA256
0cebfc3a61a14e0a609a829c22039600937263b8744a47567f0f5ee3fd9e032c

SHA512
4c977764f4d3ad53480ab84b20c98a191846234a4ff60b8cf3b8f66d523d54dbc254f7330a4a13011252c473dfb6e502f45411afe3d907b8283df13485741ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69b0ddc186b7850d98d927f324d82f89

SHA1
e4e79caed2b8cf9e5a509eac4d13a7e2fce6e905

SHA256
a69c872632beeeefb60b4bbc20447533237fb926292c445cb5512f39d5797d1b

SHA512
297d053e05823c1cd2ee10c77edfee8b6eeb9174cafa24807256de1b8ec8cdfd9793dbb199cd4d8ae0262ddaf10352fcb37f9a0a837b7ffbabb93782d665ecc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7797cfeab402ebb9fdebcbfef52ab9fc

SHA1
d026a9005e22efe20d6325a5a5c4c8452c85eb3b

SHA256
26f0d2780138deef28fa5c6547c21f3b61f72eec4416cec53a9f97776a30dace

SHA512
6577e51202fa9d6ef8acdb3a8de87957b8d2ac234e2ee1100d953ecaa2d892a659b7c1a47ab735d5358aba6754efe24d28b87206792357456f97a62b9d07a303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1363347dc98522c1c9b2e50e0aa99542

SHA1
9c0e6a2c1a7f57ce64d9b19ed2489bfb7243e7b1

SHA256
c96c4745138152006308137ff7be2e9256d91ca31e204d015b6b70763f8fdd66

SHA512
ebd5aa482428d1e63b026f5dd2042ce9f8b3dd8f2fc3a5faebd13d9607e68f11253f2c909f07dfc551e7a2a947fb010989c2d8e3b61401422680d6316d549edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e436.TMP

Filesize
1KB

MD5
0b30157be3a80928e96991cebac68e15

SHA1
a3c34376f81a9f3d1d003eb20ec0398fe8942f97

SHA256
ba3fc86f12a23ce72c0f8dc408bb7c87cf0f74e2a91b36dd4d85fa8d6d9348ed

SHA512
f71b64570dc62be014b12c42e6a0b453c10ec9174b39546d7a9ce7a3a8a833c279070904f0752ee51d5324da492d2bc93daae85977bec07d6b0d6ef7be625c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0aabc99c9f905f3499bb85cecb43f6a

SHA1
ec95aca6d47a0b0c9f0b445657f562778f2e95f6

SHA256
a6f57cb1915b66882aaf91158b375eac76c76e7ed196b1fe0d117627f0f639e9

SHA512
f8cacc130468ff53db8c5d22a74af404353afd63657bc18f13fc0b6a5af98e6bc10fa376d5cc88f12c245938977e632df83518775353ac65a1e4631218d49fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e500896d6da00a7b20dbca1ecf51215

SHA1
3d0a51ed3659b55363ba96c8439c9dd7eeacc841

SHA256
28bf5dfb6b8ec46eb94ceab056fd2279872f9f9a386148c67895dfdbff9fd26c

SHA512
2447001a1f927dae3e269e788681938bbe4c295c296819bfe050fc94c049db6a9636483cb04a9ef2d1779d009e5e794a3dd6871db3fd9c5a343ae6213b19b2d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\Fantom.zip

Filesize
198KB

MD5
3500896b86e96031cf27527cb2bbce40

SHA1
77ad023a9ea211fa01413ecd3033773698168a9c

SHA256
7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

SHA512
3aaeeb40471a639619a6022d8cfc308ee5898e7ce0646b36dd21c3946feb3476b51ed8dfdf92e836d77c8e8f7214129c3283ad05c3d868e1027cb8ce8aa01884

Download Submit
C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
\??\pipe\LOCAL\crashpad_1764_GKRDPMASXQEJFPFV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/900-625-0x0000000000DE0000-0x0000000000DEC000-memory.dmp

Filesize
48KB

Download
memory/2108-488-0x00000000024D0000-0x0000000002502000-memory.dmp

Filesize
200KB

Download
memory/3264-458-0x0000000005420000-0x000000000542A000-memory.dmp

Filesize
40KB

Download
memory/3264-613-0x00000000056B0000-0x00000000056BE000-memory.dmp

Filesize
56KB

Download
memory/3264-332-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-343-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-333-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-335-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-337-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-369-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-339-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-377-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-341-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-387-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-345-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-393-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-395-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-347-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-349-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-351-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-353-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-355-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-357-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-359-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-361-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-363-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-365-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-367-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-375-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-379-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-381-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-383-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-385-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-389-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-456-0x0000000004CB0000-0x0000000005256000-memory.dmp

Filesize
5.6MB

Download
memory/3264-457-0x0000000005260000-0x00000000052F2000-memory.dmp

Filesize
584KB

Download
memory/3264-391-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-371-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-373-0x0000000004B70000-0x0000000004B9B000-memory.dmp

Filesize
172KB

Download
memory/3264-331-0x0000000004B70000-0x0000000004BA2000-memory.dmp

Filesize
200KB

Download
memory/3264-330-0x0000000002420000-0x0000000002452000-memory.dmp

Filesize
200KB

Download