fantom | hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

20-08-2024 19:03

240820-xqj6raybkf 10

20-08-2024 19:02

240820-xpw4xssbrj 3

20-08-2024 18:59

240820-xnkphayaqh 10

20-08-2024 18:53

240820-xj2r8asakj 6

Analysis

max time kernel
428s
max time network
429s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20-08-2024 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

fantom discovery evasion persistence ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>gT2R86S8Meq8lK+eWhAbiY9aOmyVJg24P10HtCE3euVKLD/z0/crL6FT7L/MwdbFwL0TqG6KBsu32qeKqcI2jmdsPJMtRPQwI1i2ikMR1yq6RLf/5nwnNSCt2M7dA5mJG9ZCBvNZ6AZJK3HLDsbuYZrWuPEG2ACf3O7fTAC5NknoBxvdI300WylzoNP+4Wvk9CqhB0GalR/g4vTfxzTije6bzmOutzhRXBg/yUrsQn8ZDyNFqagyZBibAJ5iXK0GOLrGZYta/uo4jm/Ayv65kHnZpo8KV3n7pmDnAjfDqOZZeH9reT14YKoRcXOmbr9AD/1u9nnsChaDEWYjYlT33w==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1034) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Executes dropped EXE 31 IoCs

pid	Process
2888	Free YouTube Downloader.exe
1912	Free YouTube Downloader.exe
4472	Free YouTube Downloader.exe
2412	Free YouTube Downloader.exe
1740	Free YouTube Downloader.exe
2512	Free YouTube Downloader.exe
1344	Free YouTube Downloader.exe
3176	Free YouTube Downloader.exe
2044	Free YouTube Downloader.exe
2360	Free YouTube Downloader.exe
5004	Box.exe
1904	Box.exe
5016	Box.exe
3916	Box.exe
3044	Box.exe
2724	Box.exe
2036	Box.exe
1352	Box.exe
2544	Box.exe
5128	Box.exe
5760	Box.exe
5036	Box.exe
72	Box.exe
6020	Box.exe
6072	Box.exe
3440	Box.exe
2408	Box.exe
4700	Box.exe
2972	Box.exe
1092	Box.exe
2424	WindowsUpdate.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
12	raw.githubusercontent.com
37	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_21.21030.25003.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TipsStoreLogo.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherSmallTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-60_contrast-black.png	Fantom.exe
File created	C:\Program Files\dotnet\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-30_altform-unplated.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PaintMedTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\contrast-black\CameraStoreLogo.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-96_altform-unplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TipsWideTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\SplashScreen.scale-400_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-16_altform-unplated.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\SplashScreen.scale-400.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SmallLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\KeywordSpotters\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsMedTile.scale-125_contrast-white.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png	Fantom.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\NotepadAppList.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\KeywordSpotters\es-MX\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-200.png	Fantom.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3316	3388	WerFault.exe	135
868	2400	WerFault.exe	139

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	msedge.exe

NTFS ADS 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Fantom (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Fantom (2).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Fantom (3).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Activation Security Warning.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\FakeActivation.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Illerka.C.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4432	vlc.exe
5380	WINWORD.EXE
5380	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
4220	msedge.exe
4220	msedge.exe
3344	msedge.exe
3344	msedge.exe
1180	identity_helper.exe
1180	identity_helper.exe
3088	msedge.exe
3088	msedge.exe
3116	msedge.exe
3116	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
200	msedge.exe
200	msedge.exe
4636	msedge.exe
4636	msedge.exe
5036	msedge.exe
5036	msedge.exe
6000	msedge.exe
6000	msedge.exe
2416	msedge.exe
2416	msedge.exe
4136	msedge.exe
4136	msedge.exe
5124	Fantom.exe
5124	Fantom.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4432	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	2988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2988	AUDIODG.EXE
Token: 33	4432	vlc.exe
Token: SeIncBasePriorityPrivilege	4432	vlc.exe
Token: SeDebugPrivilege	5124	Fantom.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
2888	Free YouTube Downloader.exe
2888	Free YouTube Downloader.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
1912	Free YouTube Downloader.exe
4472	Free YouTube Downloader.exe
2412	Free YouTube Downloader.exe
1740	Free YouTube Downloader.exe
2512	Free YouTube Downloader.exe
1344	Free YouTube Downloader.exe
3176	Free YouTube Downloader.exe
2044	Free YouTube Downloader.exe
2360	Free YouTube Downloader.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
2888	Free YouTube Downloader.exe
2888	Free YouTube Downloader.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
4432	vlc.exe
1912	Free YouTube Downloader.exe
4472	Free YouTube Downloader.exe
2412	Free YouTube Downloader.exe
1740	Free YouTube Downloader.exe
2512	Free YouTube Downloader.exe
1344	Free YouTube Downloader.exe
3176	Free YouTube Downloader.exe
2044	Free YouTube Downloader.exe
2360	Free YouTube Downloader.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2020	[email protected]
4432	vlc.exe
5380	WINWORD.EXE
5380	WINWORD.EXE
5380	WINWORD.EXE
5380	WINWORD.EXE
5380	WINWORD.EXE
5380	WINWORD.EXE
5380	WINWORD.EXE
5380	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 3844	4220	msedge.exe	81
PID 4220 wrote to memory of 3844	4220	msedge.exe	81
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 1044	4220	msedge.exe	82
PID 4220 wrote to memory of 2820	4220	msedge.exe	83
PID 4220 wrote to memory of 2820	4220	msedge.exe	83
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84
PID 4220 wrote to memory of 3944	4220	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3e6c3cb8,0x7fff3e6c3cc8,0x7fff3e6c3cd8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,2438003605413999665,9025906578461936736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_Activation Security Warning.zip\index.html
1⤵
PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3e6c3cb8,0x7fff3e6c3cc8,0x7fff3e6c3cd8
  2⤵
  PID:4104

C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2020
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2888
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5004
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5760

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_Activation Security Warning.zip\song.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1912
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1904
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5036

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4472
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5016
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:72

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2412
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3916
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6020

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1740
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3044
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6072

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2512
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2724
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3440

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1344
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2036
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2408

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3176
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1352
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4700

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2044
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2544
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2972

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2360
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5128
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1092

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 1232
  2⤵
  - Program crash
  PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3388 -ip 3388
1⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 1204
  2⤵
  - Program crash
  PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2400 -ip 2400
1⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom (1).zip\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom (1).zip\Fantom.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5124
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:2424

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\WatchUpdate.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
31ad8f53a125eadb63413c5a6e6485f1

SHA1
08d5052d80545ed0fc4065eea5b0827987988da1

SHA256
85c07656caa80ba807d530673b2c21e339ba2492ea0b9704a41e5906f6c0b499

SHA512
2b9a305fd9e2a800c8473473a7e1849362b9fb9dd84039804356abd5c9e4e9e46c8b2192cd0da91b83f5ac8abf3cb332ce7a79b2ed72896107cdacad4da4d310

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
33ffa9c49f16fd2c9a5b4dd7eecd49e6

SHA1
56dc02c4a507e2e6bef5ae00b68d3b2aa3658bfd

SHA256
5c71ab703d5da0c95b8050cba146498d0763cb974be62e0e7b758571822aa740

SHA512
f3b43e92ccfe43506461ba3901df144d352d9dca7baad566fb076669fe31d40f68a4a958e3ddd6d504bab15571bbb1e885ab4f81edd7599629f024c089481255

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
7bdae4bf539231084b73afad24eaa10e

SHA1
b79fbb05bfb570c3abb6ce459879a6e48438bb97

SHA256
82bfbf880fdaa34c4b513d250d321d8eee2967182e32ed1176e9f075627c15af

SHA512
8161dba9e29919d7cc8bb879b1f8b53f9cc44dc1de641d3212bf9d4b40a85fa15d83a0251d14399f7a2e7cd9f65eef4a5a7990eda4e431ebbd3c21d38cff27bd

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
11be6c4b192f169d71485999c2f52134

SHA1
95f25233461dd5d790d04559f4d13ad5a78bfb64

SHA256
3d47d5083f2c247577d40fbed3b5c8e1e67ab1e14c24e77e7795c79b39a6de15

SHA512
ee19e84938718d1fce9088dd8a7eb75128f74b9de42d6c907c5d3bf83b35374a80fbb8dca14e48971aaa1262d7e3b198a186999bf838be52ca003b91ca0ee502

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
7e2807d6b57263384395ae59f29959b0

SHA1
5feb168fd8b8cc96343dce08c73f82d0bf4d1fb3

SHA256
8ef1de54dfc15706537616fc9518925fadfa3d1440ab2c053198f6000dd3dc06

SHA512
aa67abb5de90d0ec95d3a16434eb3b726231a91bc344432d9dda5fd0b6d6ecbd513352db36b35e747701a8a4151cca57bae61527485c3be38dd270461f728efc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
0ae63151ba4ed04c59213e3ffb33f842

SHA1
133d53cd98c8c54419afd17424a52ec74d81e8ff

SHA256
7b6bbfe8aa2f6a48137d8a2e002774ba8e241edc35f991f1e7e57faf51510b56

SHA512
3e5bebb5fedbc67b50e5605f48c1f1b6ccb1bc78093ad00b6ed44b0d76914147812a965f23325cc6ac7ecf04d223cbc0cfb90a8c881de1d7ff54d34eb8b2b839

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
da9ad152e37f44752a854c2fbd44e496

SHA1
fd6e16eb80ef3af824999ab186bfe9a740d411e9

SHA256
cb5ffe87ca93a0be4acf08b8b190812c08be4a4999c03ac753e05e79fb5d636b

SHA512
b922a81c7082f1e7be3511980fdf2c6cd4402a54089b66d186c59c039f7e694cf0328cc92662b5eb8c2a1ef5b24456866d7aa0df25025d9845c31f1757d27ff5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
481c2831503e48cf35fde8e0570d999c

SHA1
7b1196ed439fda0f27fc812ea2889196b01bcad1

SHA256
00da626e520f883e1ce13ed9944f77ab49009e9a7e909b2234b1b84f8214bd03

SHA512
85e4bd82d7fd905028753f91b8ae589ea3edb58b4ac17af8aaf4c43d46624bf627908e79445eef781983fd15786ea3b5ab15e412dab87279fb9f6d6d86a4b131

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
63b5e85ca55ede7b2ca2896fd8d359eb

SHA1
aa552d7d01a59ed6df14a10e3ec2ed7a8e048574

SHA256
96b769ad9c075f01a1d33452a15355b9bff3885f10db283c8309286c62a120f2

SHA512
c6f487141ef00c5ea19658bda4dd83cfcea977ed7872d9db6c5d426b5af7dc5a2cf978bba3f47c33ad67071d4c39704ef2f7429e7b0d942ee8ea606260ce2139

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
9a5d893c65f6b397ea4d370d11ea4c8d

SHA1
ff79cda7a8206031610d83857a7c9bc43427a502

SHA256
23b5303b945f18a5674df11429b745029b5dd1de11e517d8405770471d41666a

SHA512
f78a0e94a7b5a8d20fca26fe968efc511f693f936752313a6ce6452a556ac95c52e47b4f47b0f79495558c65a6aa36067fa724ee9a577ee7014273ee01c618fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
b15fb8928c3719199b0451b13bcc717c

SHA1
2b78cad7fa41be9ee739f396021ca7c06e5189ed

SHA256
d390cfde8a609612231ae4f0fc16e24a7a5e302a139e93a04c4565688a477867

SHA512
7efb4127eb30fd35e2be699b06d4e8186121c0774d961754d9f6c6929d5ed5bf22ce1bc1e8353d1d87a4ce679c0063217523906345d4089a85d0ffd7087a9f0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
66e81fa9af6674f7f0d8ec8e55fb3736

SHA1
2e4de43ec2b130f4984e97bd7c92f85ff6f66841

SHA256
687279d3e32080a6b730a9b87b44a4b5d91c41199d4bde961a6b015b9aece85a

SHA512
09fa1f882c26020c69252f0beb2c95cfb52a950f071cb00a05e94f9d79be260e07aa6327ffa48bf7f5d976402c2b3450e14ad3bf9bd5c999c4195aeaa7cd3666

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
629026b8d06c447bbbd6ec0c2a80ce19

SHA1
efc2ef68ec9bd0b33270228d4dd328467e6edc39

SHA256
d0dbb55eb61fc4054ebdfe2421261d49bae8cdfbc3de22d7a3216a19f7a5f051

SHA512
7235ac4fc60dcab053a2b750e1b56fb51824af96834fc46d8f5331ecd47a1825db2bd13f3229efc022ae9c773ebc5654baa88c97ebb8b6e66569736193ccb027

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
39f09fdc70b4b89d9ca92d20c6693162

SHA1
e7687d3e6fab8705ee557e75e9342b97a04032a4

SHA256
fc4d7bbf432a26ef8febbb18af9433d5c82b154137fa92b4f0ca814168a730fe

SHA512
e0639154c9f4f9138f754214f2dec1dfb9bab959c81163dbe742f63e71a1e5ce842aa66c40e859e0eae15a8c17b6d86f71ab0e55d4679448032c5d76d1ddfa45

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
1b9ecf71f346e0cc1f88042e2857bb62

SHA1
c61f41bdb2cf0bdb4e58e1ee5524c4a6a9ba7a2b

SHA256
ac91a10a3c37c2abb82148e8745a0a2f301d0404bd92595a339769e705a41979

SHA512
6e0978f46feed9a4990119e4554ea02333b729b9570c974f6c56a5199ebe63f7075bb72a2c1bef5b3fda7f69b38817d221f50472039b505da0b6b2019dc3979c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
f52d4a5e320f52ce18d2b9e9761e12f1

SHA1
9c498f1dfe0eed56bc6e9f194ce4e5d98f6e1549

SHA256
4fe40675d85f5f40e654833636ffe7aca4230c3cc21e9207cdcc0120ce06f73e

SHA512
df745b9187e6797b0d3c5da35eaeaa7c2434fb96e02e2021d3eafb69394ab21da26f0d8ea57a88c9e23ff38ec3277beccaf4cd389854b4638cb8276fc5b94d37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
0b04db8e5edf776a187ccc9e2519f166

SHA1
cfefa6bc62fcf9918d90f0eafc8d771bb16bdfb8

SHA256
56642e0d8de3d5e21083f478a6d03bf0de778e366a637b641d6826d339fa3cb3

SHA512
d73ed23713546917ddc3f0f88d2ae7b2ec75bcdfaacea5a99b4bd37713591a240fe45380eb945ffda25c2fa342cff2ebd11f695ccf9cd61ffa91ed2738b1c613

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
5247da6a81a6f98bf11368453b8108f8

SHA1
ebbd34f508f6cbc92ce4510a559dcd2ee5b12249

SHA256
afb283c875931b32428ef91f18e08767b6df2bd741d07e32689fc8eb836a37e2

SHA512
1304c6ef4fc084f01d29915fb376f36893227e883043ee6bd0a5a927370a1d745d5430c396ff6b4ac0ca946b22f3e94b6f71d825ec9d86c0182e41b863aa2a92

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
7b0939911e193f576596200dd1146e3b

SHA1
25d6fe7fbc2b3361d5444cf757310507fef9a71f

SHA256
c1d262b285bd3c03143f6d4984eafd556f9af64e8274533c2d941308208df1ab

SHA512
ac2d95cc43344cb457ca8443ae70875083f87e5b500313e5c85c8b59a070e222ace137a4f4ca32c5afef6a9a6ccaabeac48517f35c570b9d05cc3248e600d9b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
27ef34369d0cd9a9bc81ed201cb700da

SHA1
b4b5d65da23389f1529e9b0cc38c56d2ff000808

SHA256
8b3c90f2f663cee44320cfeff264add978fbe4c839acc1a1639a9622577ff19b

SHA512
5bf22cc29c8654c4b5730c66d39518c04bca8fe659595b4235a2db546d05ee4c1ea83ccaa874dd93aaeb4e724b6c8d86f5242d46684dd3869e05dfc53dcf7d57

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
b57e423d99e88c7de58bcafcbd137a35

SHA1
be5eb6db342bab8e50b22a62aa7fc465e5ddd4e3

SHA256
e7adadef81b52a038cb975344d17dc7fe634aec6f616208c44c576838f81c964

SHA512
8dabbf534df60dcf138a1b373359a036f9339a8c2c1a75a3df5cb84c0d263fd2d784b48bfbe8e805db89d0efc2da36ea42e900822b54d967cada82fe882a426b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
f58a9138d1d7adc261a941a1c9fd67f4

SHA1
9b87bdeae92651c79da7f27fc6746772f9ad00f3

SHA256
54218b5bd174437f2e7adeaff96bf7ac751b5d756ab13b00f16fd4776917b54c

SHA512
b005b840ff0e9468c057b03432162abc9cd51476ab36103f1a0748d9a129a9ec8d9fdaf44ce63ef0661dcabef6f987045129d98a29ee74e66ebedac995f8c36c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
5f84aa04dfd81eae9fe15e5bda12971b

SHA1
b945c201e054dc62a142041f26c4af87f0d4fc93

SHA256
6c4e7901eebb6fbe7336259831412087f921c0e6e5a48a0d7e017fccb954fe85

SHA512
86cab7510f8671cf0b1e3f6c50e8a5deae8cd728117d66b37d5bf863f5c641546cd8f018638ed22ac5f1dadef1310e5b7be0fa538c17db9e1c29e35b01d8d0e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
eaee7ed32b68ed0d861e0b45cdcbddb1

SHA1
159cd6dfe8cc820dd227432f07cf5177fe345cf6

SHA256
20748c66421464a3c6d9c5f299431a1b91c2b4127a37f4c0eedb3046f39d50c5

SHA512
096ad056ea9eaf4e08743200ab3d99e2f976c5fa7a303987280067cb764bd5379610a7c65d4814b6747254b7f7c3de8741d43ee94bd9f735eacad8b64dcec293

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
105c1ed1d72816ee723173b91950abba

SHA1
097c9f7baef40b21eb7cb08bfc4af3138c24c260

SHA256
1305a6f56501a0fea9d5b73139a2844bf04358ea7a95637804ae3916be1ff67a

SHA512
f88733745a8565ee5355bcfce10ca1caedcd8e57548591133ed01558e910d69c98ecf224c942102309926adb351fec162d2b05150c8e20f51a7e84ef430d196d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
499d345613b3eedbd3652c41c322dc5e

SHA1
e06b84c1d445d24c0430b2abb120725fd6355994

SHA256
a6b35710a1b8e42da437266544a6db356fa3b63f314e51132fe6aed936fd4ba4

SHA512
111d8b55453c635b5ffbe9c4ee9c94bf2d2e1b67c04052c4a798b1e48f8ed505b588829fc87a6dff85441c7ecd52a8a8a1cb8ae3740b0753421a19a2dec93960

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
1b6fb467a5b2cc39ad9c1a95adcc8c8d

SHA1
1fc33f24125f0b7fdcaa05aad4cec5edf1274f37

SHA256
36d9de8a349ccfdc252b7b29cb3d5c2ce45d8b087f566ae035c384593d691d21

SHA512
58b1e76b641c1d0088de64eb07f30b4cb715eb9cb4cbc320f56e3edb05be387c83176f5d2356773b41fa1def59f2acd5b2aa2111b580ef2f381fd066f83f6e04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
1e0fecd83ac03a9a56f156e15b95003c

SHA1
8f9019f1bfe05656a165a123abd06daafbaa472e

SHA256
17a494b547f4e8243e407a55a2f8e0f6a173a28d55b5fef8437a51e5c8fe4cdc

SHA512
2e00abe16462ee96ecd02e93d843776216971063cb9ff0a391885d36e3e3c68e4f757d5b4f4f2edf021283773fd24b150f12ade6b65e7b6bfd7a0babb79035cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
cdec3dba4928bb38072a708df724cfc6

SHA1
0b755a94c72427040195fe06077e418541355138

SHA256
f681635407e971ff375067ff673d5d5c86909c8f46b0d7dd713bedfe6241718d

SHA512
f9380ceafafd6972363d6329e6e8bc62e2dafc70bf576fa7ad540b79a8548af8ae6525d660a2334ea2727f98ced7f1ffdd6693996ac29422c7fcbae0ad22b5c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
e2ba976c28ae8fbb981cfdbc0ff288c9

SHA1
8815d93f82f779a866b437777ce4ab4c9ab85272

SHA256
f67400fc6d62dc09004ce3370dea648adcac129c74395181685ff683ed302705

SHA512
677a3def8a7be07a06960fdaa1b961297bae9269a66a4d7314ae17946c83420e5e0f0c6b79c05062951e6420527686cc79248c1bf947e977b669ca80bedb4797

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
e7b3a5c824c11261538fb176bc02ed53

SHA1
2eda4127a0302ba29500a1844c37ddaf15484699

SHA256
b6e0b7fa8df6cbc8255464bd79596e7e13fad9c1e77a6291e5740a219f5e0178

SHA512
27d81f82d4ba6defbda2c104860e9699d0412649564402c8f13ddce408f8ff1b5aae8d8bd6eaa46a409cb0a2d9ac4a0aa85d3a40b074c1b306b82c8100179f77

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
66b81edee3c5a7914c7b453cb62c1e1f

SHA1
5760fd7816fd7bf04be6e83074281ff19156a536

SHA256
3415e073026ff2b89397de061f5d0fde5f2b8a599e1af7b185a0b0083fc2b88a

SHA512
e3808bf10bf55322324280bb59a4c07bccf1a293c40c349b2990f5da77e1c5c1563406ec58ca1d86bb6637063ac1f15d7265ac68558e0a812d86e4d5361dcf50

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
77882c800dd6ba7eca69e1141e52f930

SHA1
8db7a76f8e7ecce845f1ec483b11793c0ff6b6df

SHA256
b48fa9c00d10b7874fd8c13876c24e646867186a4be32c0e24d6efc27b167a3a

SHA512
6f86a6345d65679c945a3b3f5cb2d3dbe0771f935c0e4c4205e5e2e3d2f346e5b3a5bd41956e24be1ad14bebe66bd7abe8bc336723e0c15704386e01ef47b584

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
2957733ee77555a1ddf9c6c2b90a4562

SHA1
0c47361f9dc7099d428d2c9358ae44406df8023f

SHA256
60746ae004c6b32575dc3ece1d79eceed79c5b548efb1ad402921361c1e2e0fd

SHA512
85d3dc53b3cf962c8fea343709e55478dd1b604f857f172ab9274ab6913c9ba4cedf3022c197d8c5c9c32b847ec22eb3702494103cc5b366dbf4b15eb1e84869

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
d99ac09938605c2d50e2a1b6d3cf1df3

SHA1
6d2ecbc809eb3bb9bb38e4c8d801afc1cd216c1c

SHA256
c12be7752fdaedc8a57d2416dd50c4f17b30648a43c3c9b69ec24a63167b2cdd

SHA512
02feba188effddb99eb45e74215096213a37d380a2e580423757a9f70b7e57e8978f16f32678e15da0c80404f9b860b9239cdbc1a57d345284a66e7ea187edcc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8764f6bc9b8d831e3b3373e8fe850b2f

SHA1
e679c556ce103114ffe4c40b91556025d0c467b8

SHA256
a1b26af5c1214bef97c453ae9d81a11d0f8cc067097f39080e074b2de4baead2

SHA512
ce767901dc353472d36def5c8dadd2edb6824862d2f7a674ebf5eb2020ba10c127e8f91a5121534be4a93463d69c6cf0745d1517faa784e4320ccc5b53fe649e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
b9db0405cd715e6e0033bc335e2dde78

SHA1
6d8ae1b6250cec99ef52e93f0b9e34e499b3d4c9

SHA256
72f16fe3a25d3c7e67d75556781bbb00f7a1789ac5972abfa27950f33a3d224a

SHA512
81dfcd936712b0b82b6dedbde380251bd6e846752b5d6bf58895da7712dbfaf3ad648969f90538c5eb14b852232b0683a6af5799effa9f2b291aa1ba2ec55d36

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
e2dd5f9a4609f89253cad630ea9a742c

SHA1
ae0f5e5d406e9b10ff7b07d95db9de6c8cb73525

SHA256
f110b3c15078a1f884ee62dd209f5137602d26042d37c5e85deea604a67abc5a

SHA512
abfc28a43e6c8e66381c4fd850920c49942846265bcb2fc83b8c3b21979f2305c3137ea10eebd0a61a4b2b09d8b0af9646cb17a7b2c47ca3f8725dcc0137844e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
b722bfd289e645b7f5180e155a0375ba

SHA1
d56a368f2a9cbf681be3c001923d0ded27f479e1

SHA256
c108549bfb963c5eb2f68c3fd8a39a0eac45b7652f48b765124422797b2008bd

SHA512
2c938e6e906b3fe17c2dba3b5cc19d4a65e014858a5e0a536d8d5a396d3093a56ded7b62827b47a185a29669905198b5134e1b272dc9e04485c5f6e197398751

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
13e42ae18786ecdea7744b55c0848fc8

SHA1
db2754e74339ea3afc5c97bfc1054376439aa590

SHA256
82ccc55878ba181a94c910638765c9f89c7aa5a0ae33c8eeb59c5f4bc61e3de8

SHA512
b4e0c8583f575db3ad524be7d584bd25bc98fc2ddf3c6cb40fb70c6ee5010eeab9cf88506a4ac19530e9426c9e007862835206a974839def0c987aebf3eaefba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
2ca8c9aaa36f448f62134b8db3a9557e

SHA1
d1d6acc985786b41ca51bbff4ffce05dd1ddd06c

SHA256
401c69ce108c96a4139e60dcb625ff9b09c36b71935f6b3f0fb464935bc742c7

SHA512
80fbcdfc2236173fdc6fd1d5a01480c350d461e875b126b6c9a4d0eb3ba8b7a8a5c8cc31b31526abd0adb0f0ce7aa420d5999af12927e92c81e5d30b76761df7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
a4050f4b13b15037f54c0c3f2d754aff

SHA1
43b0ba7fce098eb0c5ad6751b36401d0e67c19cc

SHA256
eeb72a7e71f140e1f278dc53ca6c7503d1acab1b6d7fdef917b202b61a4a0cf8

SHA512
40bffa9852ca8c8953223a332ebf2c6804ea06270ffe093d0c9161a68a7d5f429cf726a4888317d3ced99362fd086dc0bbbefd054db4647c16e97b420336cb19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
71d7e2bb33a1d6ca2d3accf55ced5a56

SHA1
9b436fc84404b7cfccb894640229534a4b001493

SHA256
39e23777a4557baa8605e88e2547c99ea14511a5218c7c445e20aa5e4f769d21

SHA512
13cc75d708a4e4e56829840e1fc4105cd11815abf8d6df235a6f9520bcf2e50c705a0b2a114559a50a54aa07d1351553a4082a4ee27a9687c327a9f6593b7b52

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
09ec704d48446a4b764c12055e79706c

SHA1
b3f616e70d9d39267f0110da6221e1b7bd317054

SHA256
27b333df962e4e1eac8342669c3ed57f6cb2d0fee916c7639f4567e2066520f8

SHA512
9d405a4fedd5b4bf49ca506746e71932127301e7728958c42c315036df4e938f94339aad470d4162da954447bc1d6d9ebf536df0ca0ff409120ae2c2ba52733d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
c2e55540922eff4616f9ebd1fcd89a52

SHA1
8d89fcc9c5fc298923b28704d1f593e5195801aa

SHA256
22169ada66abd2910ff6d582be74defb62f08c941c3b9350c8464fa4f8827c25

SHA512
c3b21b52918ba7cdc25af544f5788835c65b447601ee73061cdff33c4c38aaa94a1af3adf2346a0d8602412b88833d9eb612d60307e958f1f50dc05835bd4d6e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
4e0b4e4e50a1fee354a3600aff255da6

SHA1
229bdb3c4247f6433842ea28d998c92773c66686

SHA256
0fc8186dc7f85b6c7f1dde144826cdd2643ee1e4ae6e2af591d9f241dfb67c77

SHA512
d08311e5d492ffa22a7dc8d2e9949b1071988b977669147468618c2aa654613e91242892a3b7a7b7d13ca52712a2b5ca0221cca0ad700584089c5cd5c6c86a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ea631fd-4363-4c00-872f-5840be703c80.tmp

Filesize
6KB

MD5
78a0bb66e093d47ed95d063ed189e634

SHA1
04a066b8aaa938e14dad03e2c58d190842ac8ad8

SHA256
7b27d9c8e80d7e8be9012dad0398daeca8f923d3ecb4121b64617f68daf2745d

SHA512
98438a457930d5fa96e1b78e904946e57a0a566efd035a45a227c4c023c13036ae052f9d3b71db83d8b80ad73f445e7d26d9b97fc145bcb9851597483b2142c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
106KB

MD5
99f7b59bb69d6870454d0e3b02b058fc

SHA1
e8a23b7f7d941b128e378895861c79d501b2e5d1

SHA256
9d0dbc4343e9201276b332eb7a0de1c3efd103f86547080a5e6162ffc5f21e0c

SHA512
16bce0bba157c0b45b28a90375075739ef702a3f2709708a4adf4e6af99ee343cc2b25d752968b6053cbf5317dc30fbd6713bdae825de58d9f06bd2192ef92db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e8a38c253e123594d24fc8a903d8842a

SHA1
4575d083518c2b0b6bd3d3020b99f5033673243d

SHA256
3a94b3e0e276267febb8f2970e9b0f6168f2ee58f1f9292e84e1cd668df1bd20

SHA512
36258be0be77b4531754ee2f79bac0c3a159319b112f47e88a11e333de05eec977fc3d8b7c2e4c6e0d1978c6ffad4fbc72c35f98425869db3906b0ebbc3ddddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
409924df9286ee1d0d38cf63e6b445b9

SHA1
a6e9742ff1a6091cf3d8b9315af635637a067a55

SHA256
046634ca3fe1d6a713d91d5585f3f410104f3c3cc47edc546053f8f19332edfb

SHA512
f4e78a63d47702b40497f41b7fb8b1490ab37939d89f72621494e73e96bc752f6a638eaf9950a0abc867d90a1a1db5a14c47cccedfdb1430e96f9d83eb0ce441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
81d46812dc0b4debbdf242a4acdf433b

SHA1
50977bc0a3cfd9f5d31b5da19c73c5c49d784590

SHA256
9153e2e63da91eb530034fbd6556c9efdac9ba8bd984131e8f79114397a3b243

SHA512
3f729a82cd865e305ef8edae9c23adbd9993e3a30b64401b8d32e6f7516621fb92877b369e59b945065233cfee6d10ef7ad072befd1397b2e493d118c6bc7ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2cc8c1dde9bff5c84dea32e1f880552

SHA1
4f81c336dae5455b2c3bd561a04bf03ee76e30c8

SHA256
24a95210b5d894c67cba2ca1079f23406e35db37657629f329f43cb916116860

SHA512
592909ef7bc871a5caed0769f97ff77a5f40c728cfd5b584c704b1f8524df188f9dd44253abd6febd2086f5ff56cb5ea357f6fa00cffa02a33a77d943b755201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9d31b822a027dde1a612354e4aa2d3bc

SHA1
147066efd9e094bb8ec5f2afa76292711bc362ea

SHA256
7c6cb50f90d72e1582a64778c23b3ef9266336e22cbd126a281cd6c7b178dcba

SHA512
d61a727ff85a90acf773fb7a0fa52ad1ec1cf225196dd7b8bbf0638108927d62af46c12470c633e09bc670a4519aafb493955169d50a5e0aa09c6beea67307d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82cd813361659453b097faec03727e7c

SHA1
81c216a4b24b7a76974e6ccd35aa85e07349b7c3

SHA256
1410f05cd98f2050730ea461abd782b3a2fd3e0d8200cee4be3cbc52c507d311

SHA512
e9e6764d9caf0b7788d73300666e41608042c52d1d2f328f904ddce17b298b68bd5f4a7e4a99ed2e288b33d63208cec9b786f2162310f9de80dac479ad6a6272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
020b1a03e642027d6cb0307111368de6

SHA1
cd7ead676891adf6d7c483801c7d1cae88192ce7

SHA256
ee1c75cb8537cd30534bb39725a5205d212368982bb89648dd2dea4956827ff3

SHA512
99ac88d54c300b404f2a2aff758540802dcfb9972603e7fdba2e9330bb4feaa77997f2cc1dac710e321713e8c6b72d1eeb8029e1a8deea94396493c45e22941d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a60753ca854acd176668fa496e51359

SHA1
273454d77a3ca150ff434611cf40d7316da47842

SHA256
f26fcf24aff44bf6da008602616c29f09169bb5b49d3880f064f15aaa6407787

SHA512
22e713dd60c8ae30ac03e30d7c290c4e720eacd082ef1c6c70a2e04f7413b9c34af0af80895a6c6ced50bce7cd9fdbff7ad59b6668f99004eaff3706e22e9d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abb5564162e7dd80320fa6d58e3cbe33

SHA1
9c2e4c027eef58030b58182d482103bc4fc95681

SHA256
e3db239782088d42ce642d18fb3c19ba42dcf027418320a64453b398f1bdd95c

SHA512
75a2e72b07a2ded9d7912ba4b3d80bdd8f13c3ccdb037658ad9dd587de12d1eeed76dd7ca3bce665928c46e8aacfede199ab97fd26e2f0fc559964b699de318e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9d1a32bbd5695e26449c1995c9bc444

SHA1
a0305395f049701771fa76d98f9f9c8b49f58e23

SHA256
5dc180838cc0e463dedeafb433ae3ceca93ded6c830b926431e7a7a4906afc43

SHA512
e9d7be9c28e0e6fd3e4eece1ca02f23bddd0b324fbc45cfd18977e8a13d180ef729df406ebde6291eb483e441a60df99e320260af4eca2ddafb479b82c399334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33f297ad9f7f2de6876aac9452a5ca76

SHA1
eeb48c3c70ccfaa4ace01c657afffe15c9178bdc

SHA256
ffb51bee610758c91263ac30fcaf998e4c983c9389b0a49232ddb9f24a98a3c2

SHA512
13d4cd32cd4e08fbada4712633cb71b9dd5370a4ddfec4e35d586b181d0057694e015bc532b0e6dbe1236c772212082ab29f47fed4b11e922a3938a3c5a37e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9149372d81244242bf1409d7543cbc6b

SHA1
8dbec10ceedf9223468751da870d4c20eb5632f3

SHA256
2b05939b888c6f25031402c00d22d24369445b9657ab22e2afd2afd2c03c50e0

SHA512
07b1eceb6652189a9c703890e5ef451e6b5925d0254e6d5084a39f5854f8f2224f8281aeb1f07497a68321e8663d48687c975170108130ce4011da294a5c8d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d3d76f46f792b533aa2dc0dcd6ce5e7

SHA1
543b55ee85034e9749288934a2d4f914bed0a2e1

SHA256
69b792a1ee3ab43604ab6274b4ed66e8619d80a3ca7aa4d5c0e7ab9e9110c63f

SHA512
8de8f526f55cc0b7cdea804644fb479ea899de56db466080f1e2161d5cb73d5b6719ba34fcd3bb0a0b2931c56a6190ae5c2dbbda624a2aed3a7ba3d52fee2af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
351215319fbe0926840e31fe6f3bb66f

SHA1
8c0781bac6441a5c6acccc218034a4c4ddbda3a6

SHA256
4cd2b29aaa97f4dfd331a13326a16268324c361ca60cb6fa67891cf3fa6b85e5

SHA512
d1b36d5170e3bb003776642fcff9045765f9c3bd4937a2f07c35a3c8c593093c3093ec230a94fe34c1c85400abf7544cb8f72ac6086e014be219f72f44308274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
110c376de2016be4d8676f8aeedd7a70

SHA1
618feb9253c62455bc820c93d2ef1fe7eb57dcd3

SHA256
320b66821f3d54d43df77b2db6ac2395e34156b41efe87ad7d6f5ea33f2f3713

SHA512
bbf5c846fff066edf950608fa9018ff71684683f304ce978d2aee579b3d9dafc7f52445a041d614bbd6d3951b896f5723f1b06315a8634be90ba31072041b7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d7088391e26b007a7bfa486d54e90e1

SHA1
f822a37bd305acb4feb972d6aa0ba25e65a550c7

SHA256
fc08052bbcf818d202865b1ee1942e7c270edf5b77ec3ed604a320880ba331c2

SHA512
8fcf65a7d911b7de46bd3a4683481306d16daab2fe8ca2e60fa064e533f365b6120ef32aa4a8fd83d891213cd3542bbba7a98dd2604431728c9461b553c3214b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21857c230dd4060bd8e56284da759663

SHA1
ba067cd358af4b3a3a71bbbb63b1a20833ff8c33

SHA256
6bae52046c7980848f53acaebc68f812c0517fa43d1b4dacc386606bdfeb327b

SHA512
ba6a95f6fb3226e2266b752810fed41cd1a2f386383e1a0cb562f9bc9c9de334ffcd923481a999600571fcbc65b893d63129b7bcf76cadf661a3edc9f8fbd513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f41e01f977f39d9817b47bf31e553a98

SHA1
f6479411f1a703a1dfe06ac426352cc131213e3c

SHA256
ff37da344bf56f22faecec9a35d90120a746fc0c3cf776b21c3000cab398ceda

SHA512
658e5d3e574538132c575df0f5df43179604cd0797867cdcb4054aa75fbe0d690c84b86e5e2cafe3e6d7a9368f933e40e4ca282feeafdce005a25377b623e597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6673a714ba95058898fcb81f85ffda28

SHA1
6dee4d13609626f3378e0e99dd9d6bd8c33f293c

SHA256
52b664b59f37760d5c3089e08be7e338f593168649c0dfb986e633b3149193e5

SHA512
8c0905aa428ac2fc06fa760b244c05d6a30daab250125d9a780e3b5e7716b3b4e2763dda920169f7adfde0361ab181d9e5baf1af0cc1b616607364466f2df1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
184d8c87e250b1a24f27b7974f464def

SHA1
7536900b7a87203097cf2ce1896315fbfd45bc97

SHA256
8c27281b530e40fe52d8f2980c99ecc605737d03e13f21d334b72a26903d8bda

SHA512
c0c7ea54e09c817e5dc9d3cd05e488129050f96c8cc1661758d22c1279dd1f8f088eec65a92c244c036567d50ac79f29de15337d6602516704b7482d513f8056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5737e92fd2f162b61ad68a687f38c446

SHA1
cfedd5f4c5cd1a3fa8081c784585bfbdce95324c

SHA256
25d58aaf6715b56b837b4879a3c6e7796d83da054a4e2ec33ddccd906f77c3d0

SHA512
b478b249b455e4971bcf6c4650e428123de399210a7a16740fcc633c70c4caa4e3f352474829f73ad990f15995a82f99effba2b8919bb6a9e80b002d32541e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac9dbf4f43d30116937f79797481063c

SHA1
c721be455333b9a975cf7d012244559d6579f317

SHA256
2e2fdc431288d8d72ec7b173d837013a5123f66f0829c5edf50f5ccc417aed73

SHA512
6cb9b10530c8a8d05d254dd7a5448fa4a8d4b182560fa6fa17b0430874621a6f7db037fbe862daabae4328cdad2c5b280e65c0ebd589b9f6487688b824cb7ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a917e7c39b94f30fa5ce3b2cebf732c

SHA1
98fa1cbdf430e1ceda81e1c423b63c9f86fc8273

SHA256
c86dccdaf564fcc6965d972e68bd85362879c67b4d7227a155d04143f52e9eab

SHA512
7af0316866a8bfd8ebe4b02f76df3b081d762a4c0f9e3bc4ee18a7dd4ec4579438f85b2d5fb6f31bb88eb0916aa8fa57ee7d05e3cf1c3febba420bea15227841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ee2c5e84ecabd4803b4aedeca855f57

SHA1
ab43957daa56a702c31578cf4b6ab4881fc6f302

SHA256
9398f978cc583ad8daa97d27899260ed59a397069556ce1694884ff174bf4ffc

SHA512
dd551e26fc812ab18a1131b96d68ee2f14c8fe7f0ce7f87f9c1bf52117064c08b66ff7dd27ace4d4c5dfa1d1ba0eb53581121b7bf15bbd1ff00a086bb476aafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c657b420ae4b7f5592bc37ddf4a4fa67

SHA1
537e01302c57958bd8cc7ef3a2cc569f4f55cf1f

SHA256
a1d52e0d1fbba8177c80723e82df769f76a60cbf5796177366823ac687a29359

SHA512
156fb2b036561536c256cfcd6b6be6c4dd633566101e8633de04ae2772c781758d9618bc1c0a0b667029799cb8425a599646b2cf86e3d80a200e470019bb7db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580134.TMP

Filesize
1KB

MD5
7681538f5fdf7ab23f9235b8cdd57f01

SHA1
76a3b28b64507d5b27e23c00ccd8ea42e1f00072

SHA256
e22812ffb7382561fd4588b9abf7d658a9eb2b2b3a0681f69ae8f0185b09824f

SHA512
9a8acc23779e32e890ea5d856d48382d30289d1805e2815b4685d5403cc8c937ef6016ff05cb2d2cb5058f3dc550fe3c54d2dbfa467bfc6d0ad9b8f4ab3c5723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee571198-6279-4198-965b-c6443250735f.tmp

Filesize
1KB

MD5
6ada03da3aaa8fe9afd75db323be595f

SHA1
d0db52f88480c1beb0b0d44afa5dc1e90702b14f

SHA256
85e5d20085cf44e10e97f8fa698ab026a440c9133d615d0d3ae2884807ca3a7f

SHA512
2aeea206b5376e12d34776bfd76438d93f2bff9dc2b58a1e95ea7bddd4a537c9adf414dcdf0e1d161586b5579fe3f34ac8c00f1fc78836abae65c0f3d7a2ff09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cbe727d8e0e31430841e578706f031a

SHA1
4952b5f2f45fef14528bf6e60efbda4e58301eba

SHA256
4407a57efc3bad501b4bc7b099e7cdf2661bb73e87fae66b67831085841b91fa

SHA512
1dceaf89b6a23cc7d1e5c0d33dcf913e627084e1dcb2931f195490d1999e8b758ccd28cca888ce66b848eac7cd930e9ec15446fed52643fd595a85fac8b28715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff957429dccf3568813a529736044636

SHA1
dab13a632886c5ede2da97c7c46ab0ce0308fea1

SHA256
484ad338f7c883e3d4f31189a2aa1f5403031c17fb772e91bf26416bf135a9b5

SHA512
20fe8abaeb20b7cd9d6fa568362d4a84fc6970980436518c84935cf5086ecc7348a4983b257bb19ab5266b0e32927597fd3667429704f3bb07974f8b55f8d34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fc80aaa1553ac62023ce8acce187869

SHA1
59916f14307de5eba0867a91b284c59e869ed88e

SHA256
137d3c369eeb731ba3cfe3080b8d64d7f88745dfb9a4dac51d8c718280d7cbfe

SHA512
128dc1e6d9e5d3fbe85d487c5df929772b838b4d3c7756c21ec21ab367ff6c4939ff36e2df27d644d1169a9b46ac6aa89ddbd09b66947befd19f51a761ecab11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6bb03ad7dde7d7d5c030b8b0cff8e1f1

SHA1
2e948aeaf31d04bef94ad64ab0958c5ba86bd902

SHA256
0cad4c0af8e87a5cf2a91a4c8eac5aa6972ed675ba00a46d805fb19c08efe641

SHA512
249f9c9f0df76904e0e31d7d61ed373a9525d65b9400ef2b92dcd6ee5961d3402b2293367eefd1ad893e43f237ba36ffe10e967a50bb6a8bffec8a53becab70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
382e831643a2a66877a65ce3d6110f95

SHA1
401651c7db9f733542c77591ecc9846c0e23cf86

SHA256
6c2a8fc574e37b93581cc9c0406a31cc3a4da0f0f92665442bd0a02d8e0b8f72

SHA512
9ac093fa7f1a6f38469f0652aa6c7c48a5be8009989ee8844e5642e0dc340a8f7b0959bb93dd81d242b30184c9d41b2abd4fd1b017459869d41c1024afb8058f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
939eb2eabd17c2311c2f7c64fd6d190f

SHA1
e940574898703a56ad3ab0c7fec012804bcda51c

SHA256
79429aaf57447618a2cb7728eba771012281575ac41ced8b4cef20a005e2c8de

SHA512
a45420b1a21350ef013fd9a00e3dfb19e387dc1c6f39cbe5800cbff51b24b13b339c242ff5f398634d56b6d866955e4699825a71e71a7d75ff13731a609e7ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd0699f65f0e572c182f95faa188fcf6

SHA1
0cadc5aa932513c3000580a30762137ab20a92ca

SHA256
4d498d24860cfd1220f5a5d29fde9f32fee7904e3e1bc42fa5239059d763ad25

SHA512
4b7358451c0a7fcd01108438dc32702f87bb5d9c20dd8ae9fb1da2d731713d03ce4699cabf7834c637df345ef1fa09841f430774808af3e47a7e676fd5e3cea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e5c0f75ed9ba0fbe4a84b566a8d3d74

SHA1
7ebdb1ee8bac96940b4c01964c2069d277a1ac19

SHA256
2e3ebd6b4b380df2a222197b5c3cea36185993a9adce3bf4e33e6b755718a20e

SHA512
10cb6671bf9a586ce0caa4d0e4fd47c7f27d64eaaba872f68bbe6c26f4fcd3ca9bbc08cf731a89f517d33405a215131744e5f695f1953c2358ce58d86bd09d3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
329B

MD5
c31e44657fe671f88273480bec7e33b5

SHA1
b6865b7ef7ad8082f18bb1d55d391fd0ca4a02fb

SHA256
7239899dbff872501ad2c984c64044ab3cf604f4852827fed8746ffef509f097

SHA512
4700f6f83101a04fdd7b7af3ef1f4f973c15dc9cede355e7f8f65276a58f78b57d821ea3c4e15992334c068fb9c9d7859b3559385a4557581d289a9564583e74

Download Submit
C:\Users\Admin\Downloads\Activation Security Warning.zip

Filesize
437KB

MD5
22c615e3ede5c9ce4b0e6b157d3cb5a8

SHA1
4ade6563786d60e20d7d9e004cbb669db2f61f96

SHA256
36652fe4c6d926fe6398d49a448b138fc4eca926341bc7feece230dcd540dca5

SHA512
0dfcf308be70663966625a23c5acd8763a0e2644da7d5965aef168764a44c4200d5116af8f27dee0b8da12783f50d3ece95ec29b53e690673d0a1b859e2b8328

Download Submit
C:\Users\Admin\Downloads\Activation Security Warning.zip:Zone.Identifier

Filesize
272B

MD5
15111bc92f6dd3184c8de12fdeeccd72

SHA1
a89adb0b9c0fac509be680e415556125807a5482

SHA256
8f9fa544fd621ef550a511ac573149ceeee63e2f0e44957b7ec2440d1e31d3f2

SHA512
0b7b5b009ee95c300fa229593900a41d7a50c892940f4bb7713d55fd07f7da62207e1e4db4b2538da17cbc19304825d2e6fd0b093b3d476cc1fa030a5ef0c7d0

Download Submit
C:\Users\Admin\Downloads\FakeActivation.zip

Filesize
275KB

MD5
6db8a7da4e8dc527d445b7a37d02d5d6

SHA1
4fcc7cff8b49a834858d8c6016c3c6f109c9c794

SHA256
7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

SHA512
b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

Download Submit
C:\Users\Admin\Downloads\FakeActivation.zip:Zone.Identifier

Filesize
124B

MD5
8ac7004bc626e733edd2e91400400dba

SHA1
fd323436005ed437b7d0e93d6dce46dab18f888a

SHA256
1a29345ce872a256525181c9f6a094f2be0bf1220c66b3cbcf9b35bbf6e8a3c7

SHA512
667cc3ac143dccc9ae669e35445b3c8a6c81fbd3b082967e9445be95138826e315d40674f62fb2e11ee7063384a36d2569f4906924ba954a24efaa47b6e83b7a

Download Submit
C:\Users\Admin\Downloads\Fantom (1).zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Fantom.zip

Filesize
198KB

MD5
3500896b86e96031cf27527cb2bbce40

SHA1
77ad023a9ea211fa01413ecd3033773698168a9c

SHA256
7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

SHA512
3aaeeb40471a639619a6022d8cfc308ee5898e7ce0646b36dd21c3946feb3476b51ed8dfdf92e836d77c8e8f7214129c3283ad05c3d868e1027cb8ce8aa01884

Download Submit
C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier

Filesize
220B

MD5
fe7ad9073b7a81714eb726d8027c598c

SHA1
f4834c8ad345b42c095a8fead5091afb99b1039a

SHA256
ac714e500242a953f23a493893ee527b2cbfe21311426eb79f0c8bfd19b71bf9

SHA512
b96c2f0a6bc3a327b5e388426cfe90eec09a2ab300fbca422b42a4718b75696d1ebb9bed7d9b9c3c441cb39c6ca4c9cdb9b8e150a44e87d8f4841c0195e756fc

Download Submit
C:\Users\Admin\Downloads\Illerka.C.zip

Filesize
64KB

MD5
9f7249077b949c96bfa3fbafc38e4ee2

SHA1
1fec3d58de9f782dfaabc323222f89adea6b7d05

SHA256
519fb20d9caba12bac93c363bb64d8bade4971fad49e8bf489d1e512784c28c0

SHA512
088ce74aee633ae25ef764555f1a2686f32efde5b28cb1afebad9926ab69f574506e3dc68b7b2d8f966bc19b96b50f9cbbd28beed0afd70cdad6d77581e072f6

Download Submit
C:\Users\Admin\Downloads\Illerka.C.zip:Zone.Identifier

Filesize
218B

MD5
81537b1c50296bfcc10c5915cd7c107f

SHA1
a0a8231ff85c81c684019f0937160ab63c6b2783

SHA256
560b098702b4437d8b44c8fad87c89078b400b8335a928268cd9b2ef7fd4e4dd

SHA512
8408819e449e42da612e8e84318dcdf00aaaedf14154faf8f21d26a3c7b12b398466e9b0588d216944e507a6f5369a72c5ecf5036a6d773bc7478f7267f7ccc1

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier

Filesize
226B

MD5
8f773a3326d6aa5ba29b49e5d985c5c6

SHA1
102956ddf08818dc66255608cb8602a247b61615

SHA256
fb82ab0a3b5d8831684da0b36cb666c5513c0ccc2ddba5bb35debc29e588dc19

SHA512
c399f6f17416e174e0eefe650415efaa41c20cc8b7ec3d548553284d4958cf406a4ab2ccbfd7d376b00fc79261fbd4dabde4416717e622b07fc96b41733bcd9d

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
memory/2020-503-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2424-1964-0x0000000000790000-0x000000000079C000-memory.dmp

Filesize
48KB

Download
memory/2888-504-0x0000018FF78C0000-0x0000018FF78EE000-memory.dmp

Filesize
184KB

Download
memory/3388-888-0x0000000004BC0000-0x0000000004C5C000-memory.dmp

Filesize
624KB

Download
memory/3388-919-0x0000000004E50000-0x0000000004EA6000-memory.dmp

Filesize
344KB

Download
memory/3388-887-0x0000000000060000-0x00000000000D2000-memory.dmp

Filesize
456KB

Download
memory/3388-889-0x0000000005210000-0x00000000057B6000-memory.dmp

Filesize
5.6MB

Download
memory/3388-890-0x0000000004C60000-0x0000000004CF2000-memory.dmp

Filesize
584KB

Download
memory/3388-918-0x0000000004B70000-0x0000000004B7A000-memory.dmp

Filesize
40KB

Download
memory/4432-579-0x00007FFF2C020000-0x00007FFF2C03B000-memory.dmp

Filesize
108KB

Download
memory/4432-584-0x00007FFF25DD0000-0x00007FFF25E4C000-memory.dmp

Filesize
496KB

Download
memory/4432-561-0x00007FF63FE40000-0x00007FF63FF38000-memory.dmp

Filesize
992KB

Download
memory/4432-562-0x00007FFF33710000-0x00007FFF33744000-memory.dmp

Filesize
208KB

Download
memory/4432-618-0x00007FFF20CE0000-0x00007FFF21D90000-memory.dmp

Filesize
16.7MB

Download
memory/4432-610-0x00007FFF248E0000-0x00007FFF24B96000-memory.dmp

Filesize
2.7MB

Download
memory/4432-572-0x00007FFF25930000-0x00007FFF25B3B000-memory.dmp

Filesize
2.0MB

Download
memory/4432-573-0x00007FFF33370000-0x00007FFF333B1000-memory.dmp

Filesize
260KB

Download
memory/4432-574-0x00007FFF32550000-0x00007FFF32571000-memory.dmp

Filesize
132KB

Download
memory/4432-575-0x00007FFF2C0A0000-0x00007FFF2C0B8000-memory.dmp

Filesize
96KB

Download
memory/4432-576-0x00007FFF2C080000-0x00007FFF2C091000-memory.dmp

Filesize
68KB

Download
memory/4432-577-0x00007FFF2C060000-0x00007FFF2C071000-memory.dmp

Filesize
68KB

Download
memory/4432-578-0x00007FFF2C040000-0x00007FFF2C051000-memory.dmp

Filesize
68KB

Download
memory/4432-570-0x00007FFF33420000-0x00007FFF33431000-memory.dmp

Filesize
68KB

Download
memory/4432-581-0x00007FFF26940000-0x00007FFF26958000-memory.dmp

Filesize
96KB

Download
memory/4432-582-0x00007FFF26910000-0x00007FFF26940000-memory.dmp

Filesize
192KB

Download
memory/4432-583-0x00007FFF25E50000-0x00007FFF25EB7000-memory.dmp

Filesize
412KB

Download
memory/4432-569-0x00007FFF33440000-0x00007FFF3345D000-memory.dmp

Filesize
116KB

Download
memory/4432-585-0x00007FFF25DB0000-0x00007FFF25DC1000-memory.dmp

Filesize
68KB

Download
memory/4432-586-0x00007FFF25D90000-0x00007FFF25DA8000-memory.dmp

Filesize
96KB

Download
memory/4432-571-0x00007FFF20CE0000-0x00007FFF21D90000-memory.dmp

Filesize
16.7MB

Download
memory/4432-587-0x00007FFF24760000-0x00007FFF248E0000-memory.dmp

Filesize
1.5MB

Download
memory/4432-580-0x00007FFF2BC60000-0x00007FFF2BC71000-memory.dmp

Filesize
68KB

Download
memory/4432-564-0x00007FFF42660000-0x00007FFF42678000-memory.dmp

Filesize
96KB

Download
memory/4432-565-0x00007FFF3F160000-0x00007FFF3F177000-memory.dmp

Filesize
92KB

Download
memory/4432-566-0x00007FFF3E9C0000-0x00007FFF3E9D1000-memory.dmp

Filesize
68KB

Download
memory/4432-563-0x00007FFF248E0000-0x00007FFF24B96000-memory.dmp

Filesize
2.7MB

Download
memory/4432-567-0x00007FFF346E0000-0x00007FFF346F7000-memory.dmp

Filesize
92KB

Download
memory/4432-568-0x00007FFF33460000-0x00007FFF33471000-memory.dmp

Filesize
68KB

Download
memory/5004-970-0x00000000006C0000-0x0000000000734000-memory.dmp

Filesize
464KB

Download
memory/5124-1954-0x0000000006070000-0x000000000607E000-memory.dmp

Filesize
56KB

Download
memory/5124-1619-0x0000000004A90000-0x0000000004AC2000-memory.dmp

Filesize
200KB

Download
memory/5124-1618-0x00000000023E0000-0x0000000002412000-memory.dmp

Filesize
200KB

Download