fantom | hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

04-09-2024 22:43

240904-2ng1tsygkh 7

04-09-2024 22:39

240904-2legxsxgmn 3

04-09-2024 22:32

240904-2f7lhsyfjf 10

Analysis

max time kernel
346s
max time network
320s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

fantom discovery evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>PE8lH4wu1j3gCZPi4aYcfqNQdAhgPC3aUA7d+TmlP7GNvLsgiSYMfZfSzULoJyK4GTr/tRgMICNiUYbL8UuWJIa9I5QCqh/iSgrUBiqS4SPViqJBGpN/gbRk6dZn1MPFdo/MKHcJfCxarBjsMEqstPOsStmxiWYnZF5jNn1o2VfQgkaA1DL1QEcrw+U3Tza2WEtSiGnO0YV1QYODJsWh/FNjDZeBoSRrvZ1lSA4tuw0rgxFGKM20WpcJY6R56xsKhD/wbqwnk1/4lcPRscPiZvyHawy7yl/U3s0ctW/XRp3Zv6yKkR57wWiS25aYeoX8OqCUPOomkBCILR9KIxjIIw==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1018) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

Processes:

WindowsUpdate.exe

pid	Process
3360	WindowsUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

Fantom.exe

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\AgentPlaceholder.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\contrast-white\MicrosoftSolitaireAppList.targetsize-36_altform-unplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Icons\StickyNotesAppList.scale-100_contrast-white.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\x86\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Xbox_UnplatedLargeTile.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-white\GetHelpAppList.targetsize-40_altform-unplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsBadgeLogo.scale-100_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\x64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CameraMedTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-24_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherAppList.targetsize-32_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-100.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-96_altform-unplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-400_contrast-white.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WideLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-black\Settings.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\PaintAppList.scale-150.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-100.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLargeTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-black\GetHelpAppList.targetsize-64_altform-unplated_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-200.png	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_21.21030.25003.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_x64__8wekyb3d8bbwe\Assets\Icons\StickyNotesAppList.targetsize-256_altform-unplated_contrast-black.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\PCHEALTH\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\NotepadStoreLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreBadgeLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_21.21030.25003.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSplashScreen.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-white\Settings.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherSplashScreen.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-black\GetHelpAppList.targetsize-30_altform-lightunplated_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Icons\StickyNotesStoreLogo.scale-100_contrast-white.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\AppxMetadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\archives\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Fantom.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MalwareDatabase-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid	Process
1132	vlc.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeFantom.exe

pid	Process
1488	msedge.exe
1488	msedge.exe
1476	msedge.exe
1476	msedge.exe
4752	msedge.exe
4752	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe
4508	msedge.exe
4508	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
1264	Fantom.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exevlc.exe

pid	Process
2920	OpenWith.exe
1132	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Fantom.exe

description	pid	Process
Token: SeDebugPrivilege	1264	Fantom.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

msedge.exevlc.exe

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1132	vlc.exe
1132	vlc.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

OpenWith.exevlc.exe

pid	Process
2920	OpenWith.exe
2920	OpenWith.exe
2920	OpenWith.exe
2920	OpenWith.exe
2920	OpenWith.exe
1132	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 1476 wrote to memory of 1528	1476	msedge.exe	78
PID 1476 wrote to memory of 1528	1476	msedge.exe	78
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 4208	1476	msedge.exe	79
PID 1476 wrote to memory of 1488	1476	msedge.exe	80
PID 1476 wrote to memory of 1488	1476	msedge.exe	80
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81
PID 1476 wrote to memory of 2456	1476	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe39983cb8,0x7ffe39983cc8,0x7ffe39983cd8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14447222324879164419,12419449807789641058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1264
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:3360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2920
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitHide.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
fc499bd0c07baa355a293b0b0e4dd1df

SHA1
c5fb82c098de09201be9ef7c105fceeedfd6f2c0

SHA256
cb7e85d2b6dab4e6ec9df4099365698ab614d9b6f4a655bab40b4b883af3d55c

SHA512
0284b8ef4fd8e9e91f46fc8e1b7c2903c8638e628669b0a47517d401b98105a33b86068dc3b617884618636e6d8bf016f663ec5a01efd1068818027097678634

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
bda3da2f1b9eccad782772bf4aaf8f5a

SHA1
7d6ef087cadb2c0e43e900d53ba8a8f9a480232e

SHA256
a8ddd41104445213f88519601995a5fd891e77502b85d47eeadc8f8c001337e6

SHA512
5e74550417f7975f6183b604186843bb04a9215ee50a6cbc12f2f029c5bd2c1125b869446da5320d5fe6c9d2c9752fe0a5149be2f5193524efd85cca01c1b125

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
8f2dece4dee709fbde6d0f4e1a798a31

SHA1
8a0bfac74594cc712638b4d63c6914f243bbe5ce

SHA256
e519d031ea662d4ab05f23a7077441b3b141ea6c1ae2477c56b9de6a3548cd32

SHA512
12db95e0469281414c6bbea8648ebe269caaf5a5d8eb2ee5e2215ba07233d05f9aadab393066da8a7a1146a015074547ffb542c2102365b81c54b0ad35f1003f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
f636fc137bbcfac31ef3a1356a08449b

SHA1
6cc149aabef641329e59777af0b6511d37223e2a

SHA256
3d45417a313cf64e952ea00ba10a917f01e1da4ac40adc40c27fade7c120b0c5

SHA512
1870faecca74c5ffd926399b4df3cfd5343e33958b0ce9857fe288a61d00f4b88cb11f76b8bf3f8bbb392dddc003feb45c0962039186473cf153e065c58b7ddc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
bfe679398868fefaee583701dcc7651b

SHA1
93bad33b2ee997fd6cc9677dd0c3cfb0030c059d

SHA256
278922bf1f42ff782ecbadfb3b6627cab39e147044e9074f712cb9bb051bd4e9

SHA512
ffc97535fee90486249413cbd17422c12995f27b11641042bdbb8dd130a751930d624cbf8a33890449a203829ef51cc4c1bc6addd7b896462216cdea2579bdef

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
687c0b2ea4e2a2a329221055dddef82a

SHA1
b30ff7f053fa82b1f0d308b2ccb99b71fb81e88b

SHA256
d7051a9d9b11bca1350b99a13cc7f7e5830be6540162ced81f96913c1d011f01

SHA512
771f389f2c67e30eb3bb58ab1c49cbc4bd63dbdb3757dc9caf82aa9ef78fa6a0f82bb1a37f27c1d6ce1800888e76c5767284c6b9c0760b9e45d3304d8a460835

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
44ab4692fa679495aa12ff52ddb37cc3

SHA1
2e7724d6f853139fc0b6fb5ffb579c47ee3c6458

SHA256
0f095dd7a210cbfd1b05359996806667f48094f18d5c8851973a9985fbe97011

SHA512
dfb3ba03f694af53216b274bb24003dbe17f5dbacfd6f69f6043700f4e67a539d3865a492647283fd6f83a848d6ac97a061c629553fecc483e1694e361d7d173

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
2f0c877eace0f660a9bc6606733344a0

SHA1
f5e2c0311ee11587459a2a0c0f6a098b55b73178

SHA256
dce9007cafa2062df8c7845cf81ddf7c01c35c1c6cfeaa81b945ca4c321a0db7

SHA512
4b6c15690a7ae85464d3e0991c9e6badfea479651f32b27dfb5cb82d6013c401dd3908df837e15f94deeb142c670ec70ae129ed5a17e4bcba29636e9b024c3d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
6700174420514207d3bd85364bbe096b

SHA1
547a8b23bfc7555ff6477ca7b59b8264b9fd9dc7

SHA256
fd6677b99b40ad564f2e67cf49ce4e6d5392e6854b0ca02f46e863ee18a155a2

SHA512
92ec3fb6be7a9b2d35ba28e3b590da6abc16294ec306b65e6b52c71585e4c7e035b7fd091b341ee08008a5ddda97a3e417bd13cc3eeaf9b3298d8290b2cda5eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
5b38ab074fbd44f652d335fe8fadd8e9

SHA1
5001d5e4d8299e9084634c3596cca45c4b91f6bf

SHA256
726bd10ef0d76239bfc857358304e17eeb419066bcc9ed6e6fff2ae0c8202ae3

SHA512
bacb21a22f7b7ac93bb443019ba328fce738cf0e30cd076ff1178017ebd8628418acce964cf7732e8a8640e911582b455d49ba5e69c8e6ed046187f874e069b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
4e84ff42182d8ded2faf888412920499

SHA1
1a290caed18cd4c93cdf4a97ccf74a5754286c9b

SHA256
37611232bda2343337f21411a706e2b15ad509f5133d047321efde2b313a7604

SHA512
c9a3c61effcce83c4ca3bf0d919839cc57e2910b8cdd24963c5a9e64f50e90b95c204b2fadd226cb95bc2796fea61e90402ae17ec427ddc27d3144ea665f50e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
0a1312c606d6c5abb807421bccc80b5b

SHA1
95fa6a25b7de6faaae7329a21c0cd0922e865656

SHA256
5847fe025b9c68088ba4ea1a90abfe9733b0d0b9dcee00fe5d75f458c7e44c82

SHA512
217d66a1a5bd07b8ab216d58682cc94ee2ac0cf3e57398ea25e0193a5e0ceb0d7d94f292d847ea2993931c9eb9c0245e58257cb429ed89cb1c2132171a0609a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
b1ddaf79d56303465a44da869c630248

SHA1
c868ff48c22341c44971e651e3e1da4bc21d4962

SHA256
af0b63bad0a15c9f9a7d814b9d1f98eaa26ddecc33e219a1eea2930937832065

SHA512
6258d12a2e88526cad7c5400646c1e22762aa9b6cb815be03e74ed2ac0e65bd49633ac188d83e152f66e9016f01dacfb6f6326f916637f86b47929a5e4e218b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
5f8f738e46770da027d36938ed93778c

SHA1
95dee65c39864d64e48cbd75a76c4031dfa52e85

SHA256
daf1c1e72c4aa37cb291f7c4fec91109fe6d9b6f0b50ba8e46fa294615348cfd

SHA512
14adce1c122080d8ad605beeeed25df9b3a3c520a15cc406b31ed343432ae636408b18e94bce68bbe64be17b8e08d87c29280e96e56c7f64e48c014ef2eb3188

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
4e8f90506035ed191c9408769ffc060a

SHA1
bc2c71c4a793d9d653b55ba000016f52fa0bb6a2

SHA256
258be3343786eed3d0572343eb28f27dfecd2e248e6508961b3740ce8e909b85

SHA512
7cca695f58e2998c0e900dc7f0c3ffdcf79de13e5888f5d3ffa90b052bdd5fe0e0b9d067884cd5863e3ef3fa022e4f0450b5ae969aaca80d021a470f604e90de

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
402c5426f80c326ba8c48d476230e6a9

SHA1
1f0000ebb46f0c74ab2bbea3ebad4ebdbd509703

SHA256
4640cf959823c3110ce1dd2bacebb920a1a53dfcd436857928e4b4304adf1657

SHA512
b0814f65318a74a4e28864843179a8edc97d7c21b2967173866d551558921a496ceb98e2a8bc58e8e917c502424f9ac20295603fbb558ab8d9ea37c51e676153

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
7d2418a555f75b2ca4473f8290f88808

SHA1
9f7d895247aac620c4e8f3017862376f680bf5ab

SHA256
c3f40f59f11492ec00506f090dcc14c1657352eaf0825749b1782684640069b3

SHA512
d294d42e87fca2a7031d9b86371ad388a0a479d68e983f2014e8be605855846affc2940085eac645ae16013d5ad2142910ddf9fbecd23a2ef879c3a0e4cb01e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
cf0797966d1fc666afa751f921773b55

SHA1
9d3e46fcfa6ff541672609277b0b5f43519e5e43

SHA256
6911a395745fbc3aacfb3327331d1bfa12fbb087f4fa0005ae676a29b874d658

SHA512
d31979b1b636e81c092730ed0808e8f4078d7ce8e37931793a975c6bea061e797e5d5f48744264dbe88cc535c75da352c8037c4d180dcd28ebc7d44bf02beb63

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
8da232522ff3d2f58755d335474e3211

SHA1
6bd1a1fe8361c5c589be536addfb601f4a3863ba

SHA256
3661fbc8bca1e9ff85f44d18e6f2dbca0198646705cb437e59edc01414743b6d

SHA512
fc74d3f936a4e6f8dbdd39cc3a933e010a34ddbeb75549d553d5c1b05038798a1b75cb2337a27e684f5dbe0dc0e45f0e3af1b4757be01b86ec7eb83b6ab6ea18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
59f25732ae6ccd8a3726783a8ae622cc

SHA1
1df82d790539755c5ad4df788f9d25dbc0ee9a8c

SHA256
209a23ce0151e5a0ec79fe230fc164f312f8821b38618b705fe7c9cee4b2a8e1

SHA512
dd0e2c962ee4319349df55a769e388fd9fc5b8b03f41adc68f861a4bac58139a728ff6272a0681f1f1ebf39eaca3a9d6b89fd17e993ce74d9db04de059ec045f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
b83ecd797eaa3de9a86f872c46623015

SHA1
ba100730909a07941ca83fb953f07d111347e668

SHA256
4251d5b393977d94125e849d647f95f49c72babf0cd07dbce6778635fcad1481

SHA512
aab2baed068db5750754a244f236e5b843430fc32aa620614a4ae586ef732a58de613d183ddc148579b23c8b90457f32a0d8b88bec02a72983c62605b2c67540

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
d51cd4cb65ca23e586be39efec9c00bc

SHA1
d136a103663e973c95ef6dffba7f15d444d754bc

SHA256
2dacdcb2224b281b548e28c41debada825562fa06ad75001be7d79ac1ebc1485

SHA512
c1161a1711f41b60631cc4aad040bdc13761eec5157ee5cdd0338be2114fb652cd8f50f9c5bb3d962d454305298b18febf84ed95a4c49073dbd392ff9836efe8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
453c2126fb3a8ed168f7bb7b2a0c9eb4

SHA1
c3b9815226e995765c18abf56332e81f73b622be

SHA256
92321c94b8017b9d1e8f3f2a5bc5a504b9579d7e21bf37a052ac6efa07f3acdc

SHA512
7d7dbe104e46b7675d8a3b53166c7c91f965696e89330e2b94e2a811f6de0f3e1fb59b9423ce3c1d58f3219405d951b523c80d2932d7dcad699768ae0bc9bf1a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
e6b77dbc67111e0de7177f8696f13f0a

SHA1
4b1b4bcda05886ccbfa6216cde62f490e6bb53f9

SHA256
40f2fcf244feafd649756cd7b693a6770c3f29e3f9f46be1e581adb6c3a922a0

SHA512
c6b8a1a678bca36d43ecfff2db661e5f37be88d075e41f3b3bbe4fe9deafe4b5f23550aca110d53a4fbad8960ecd9d9f086ab10783f2b1c399f441e4eb3e9e6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
aabae7be4a4c4adc5c2f1a0fa2a21b46

SHA1
7533c8a035e3afceeaeba906b504a485e9352c63

SHA256
383944c9781eae4cb9a5d515710f676a09af44b2b9131bab887de488530da0ca

SHA512
31206f9032a8190304fb34571209e92ef3b6fb4c0ed230cc540cc981c16b595276368203124376806a81e3f0e65b5ec4fe23807661a32d8e27b8f2866febb0a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
1510c6bfd5d4fa3a34105ca9639c8da4

SHA1
47ff178f7997641a9552d541a541aff29af1e054

SHA256
04b4b679992c4737f790541b4561c0c024c9fa20d2e996c0faef782832211357

SHA512
20fde32c79415d09613024802a5b4dd8c62d66ff24277eca6113c52bf6c75106a6d81c20f912a90c957b8b3b71a093fba3c8933cf712ec63a9b0c284c2ef63c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ca6ada9a05015f0b2e4c2adf3d1a1abb

SHA1
7c4a3467a076537a0b6d8a5bc3147121a9404217

SHA256
b9b57d921e7f42f2cc9fb70ec8e633b7c8c2b85bbaf8f3bf197b186432085f3e

SHA512
6340c600485246137f22cf4ddd20ea44928774e708193fdd786690f9b33c4711ef7940058c76291f67c5bf0e7a92fe4a7f5f2b22ee642d7ae3f60f2edddb0404

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5102fa24e0c46e2996bb45738148d7de

SHA1
760b59c827a9ccd155a5d8c170ba81b596f81ab9

SHA256
1341f712487017d7b49046c02e090cee4da89ad6e9fc40569e692f961f363ef5

SHA512
b0cbd28ae21ebe5a42c3893debc9e786fbe540c1eb0e3201daf4321b90fdd153111682060bf5471fa62f03812e2ec714db4b4e0a108f2d37426dd9ba85391d5f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
fdae091252fda048a8c27199bb371cfb

SHA1
b076622fe8d375e6692d4cc79aefef95180adb50

SHA256
0fee89781bbe5588941b6181fa46d9dbb96ede289eb5a746776fb2515fb80285

SHA512
0ee243e6761edb3a73581fb4eb1af8eddd15c790b7c26c53cb153366bff5be02bb1d77997a869a77cf48393c71d788a2a82d817cdcf3b781b8c4e0c2874c715e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
80e37ba12bf3e1f7a72ad00394722b22

SHA1
b600b417c64d65ece6eb0b5a2bcc485d0b1469ef

SHA256
999c5f46e468eae2858c4c534797a101cbf18c06b4553e2f7da1e3fbeb55c177

SHA512
6659ea94c05637908a371e3d59afdcd625a78496590fc32fed15b3fb10df5c6b22e41a70ffe2114ac086a4632378d11387fc5d30c7935101a2ed38756d2cd43e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
28d05cc43484d18b85bc8d8ec837f834

SHA1
7c520eec5ab103f35d8871b3ee46a93ccf11c118

SHA256
35e2a9fbe7542aa8581a11adc6381265b4a3b86aafee2e980071e80c9b5baa69

SHA512
54158f1863f2371b3b5161d42a04172b00ee69625de95897376d904801e704964d8e17090bed765b1d744be84cd89b6eeb7f9e11be4ef3c9bda976c410c15a6d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
42c2d97bf1ed94a69b9daa1437297c97

SHA1
c78b84be5b0b01e0c8c37633d52659477f1e6fce

SHA256
ebe7e8fdd380ebd7355a797efffe1545bbd3fb2c850ae05dc4e98b6e0d6e0f73

SHA512
eb4e54d4ff9857ae76c1240994bd60b700adaa77e66951704cf5294ba110c2093fb781ee3abfa73625c566f08493da387131b18c2b6cf21e7d393ff910774c6a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
b594562d38141edca0a8080ac00e0784

SHA1
03da3fc64dc9b6e250cf2575b873227222bf9658

SHA256
8d0164ccbfd390ee2be1f2a65c47afb9be820d56becbb6b93cdc580edf91c716

SHA512
c3d2debcf6792ef3d19844eeea8a3d76bfa39d54c0ba3382cbc875cdbe43473ba21d6229999a827fcf06c9e0c346f8d401d28759782a6263a909b20af82d1906

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
13f7da37fb16dc1f3ef22f68b1a7b90c

SHA1
12ce46a255804386dba5de3f34ec4de1ca5e6615

SHA256
5b6dcd77db8575b1384d40c66830105241227f88d9b6b4811124793fdec1f8de

SHA512
ff7f443403528d7523ddf5a669431c19805607a3e92598d7d22382bf088618ce9f909e780ca75ed93b8a45629869a00982102fae96bfaf03a8dbb16dc47b113b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
5f105a69d1afc31258fa36f3da6f3075

SHA1
a3aef3f48710c98351c78da33909fa4e0150c36d

SHA256
74ad64c62269eaaabcef8f1ba89a637f8690bc3259f8156d155fe613e8c58a36

SHA512
408d4fc998193177312fecb0afc8f89868f8675f94338d22d918eb4abd34e4d67bc9c5a539a1111c0b832b649c41b77fd90af44cc58f85776dc172e8420fdb62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
b654476099b2f369111f34791e99c8f4

SHA1
01408338c4ef370974e1c00a1785cc94bda17f79

SHA256
a1920e67c0d5a230bbefda4b0993aca58f7a9787bb2b72a4fdc5df8fcbf0b911

SHA512
a46d0a07b37030e1c5477ea92e31bad9d8460b7f800271f5c76fff5a63512855e3c538fb1f1a0f662a51fff0ad33bab095c5590c91fa14c61ef07e40ef19cf69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
6fe8949f282984e0c72e9f14fcb058dc

SHA1
4974cea70724dfccfd3333cee95bb7b5c74d3b71

SHA256
da141cf8e8a95f59cca908176907edf95e39623125719bb7d7d61865624016ac

SHA512
b1d4fd350bd72bffdcefe70f7e36c0800e6ca855c6b737310cf9489b883755f20dc433edadbc2cd1adf29541befd8b7c663ab7303605707941ad3ba98509923b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
db1a86ff08bc83300e5935e7e27305be

SHA1
e4130ef112203dc666b76087051270cd9bfb66f7

SHA256
ec5d05d8afaf2d7583dbbd45dcd13fde503d5ec129c1dd38be372e340eb29f17

SHA512
23a228b69daa50e2f301b01e5e2f465525b5c383934d91056f9db696be0a252c9aa701c9498d07361ee2fd2427aa10f97263a17e0e2ecaafb78bcd7639a10788

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
05797f2779b15914a65259bbe4e056f7

SHA1
2008a01a63274bd7939a532b8f5c46c59dd5aad4

SHA256
510260f7b4cd575d84fff416850dde0be658849355c317c359147469626dbffa

SHA512
50151bf1b46232efe8f22c0aaefb174e962f8c8a2a3fde82834993ae966d00ba8bea18c3334ecaec33aae12bee26ad5e0d3b0773bcf7ba369c1ffea0b132cc3c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
3eba4940f71494fc1359971e1e698b50

SHA1
70f3b88e4835a4321407c55341212caaef61d6e9

SHA256
e1e41e5d3ef19bc5d2725042f54b0b508e8a58e03369dbad2fc5646cf1b10b3e

SHA512
32c30e7bcd6a54455db399d8f043ba95bac95ff86ce23d8a58efc63c5c701b3bcf94b770f75b13cb0fd3ec38736ba69ac6689f12d6b5398940aae1ef509993f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
3d83887b99166e0f27b22743f62d5315

SHA1
7c5e6a81dc863a556fa22b1f02aabaf803985efe

SHA256
a5a414e7aa3135787a0bc361672a0eaf438e7f1d66bdcbd94ccd6dbbd4e780d6

SHA512
7237831d12d5f0453b0ad130c6439960dcb14d5a406d8c8d050266292d6b46646df37142a2aa63183880b8ca0b9497f7e0711e4671b9d8f50bd383a3a4f8f4ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
52a424fc927e2ec263f6b5c782734346

SHA1
f3c04456443d4cb4003172d3ad91c405d852c979

SHA256
1b81d07314e993b60873e45f13ac590f1934ad24c54e84072cb8d047714ddc07

SHA512
2ab30767953385aa5e30e60a05c3f9379b4173122b23db573bb2ae376c44a3de812df67a003cce22e6c1fed1dc18021b36d1d8a8eada6aca55606c0070797ee7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
9d128ef4e610ec16144c3b20b0453748

SHA1
430ce95b4dd2c887d7884b39d2c61c47f2c9d1ce

SHA256
48481754cdc9354231e2456fd3ba33319606834567a1e7e6be2251e312649762

SHA512
387bf20546ba0109432099b7d6476bf2ded24ad0c5746a4816eb0abbc5348a8e1e0e5a9c1487f4c12c795416216d8809618e479ad428a345446a62a0ae4c97f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
200c2fe153f7e5834f44135192e25294

SHA1
6ca914a47f9b6ab23c790ab22d92c5761d5bda57

SHA256
8bc44bd2c34295f0794caa1b43e3f38e8b68b2ec2abb73038f321c44ba6f6bc4

SHA512
f479d5810c41cde22a9efc0ad64872ed595307de8ed154aeefb4e39d75a99eaa9d672f412159f002d0e1c6131fa8b8ada1b6bd1e19132b915fd4b931053b1cc0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
ead2423a9b638cabb60e93434fce0cc8

SHA1
d850ae5f9a18c9edb285065a37b90af7db1d1200

SHA256
358080702be4cd9bed67395987a611939c27dd3dcecaff2125d8fdc2a44172c8

SHA512
8467a87e73843da137aa1bfde6d9f29bb755066ab47fc09fead333294d1eb610cdeb9099b95c624cde0647f50b7c00e1f4f1d248f78fafc9a924b1e599f5e70c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
94a6beb7c1c14cba966910be513a9d53

SHA1
2b4bc22093d0be6a8e2ca3a4fece9d319aa54104

SHA256
b0734a341b6e3b1b935fde9907e638d817d4effa109a4036ce367dbcde1eb035

SHA512
6473dd1668e33dcef2ad6466dcbcd34722b01af15a3a6461c4ea64a530e55e768a45a7b9543b314a81f272e35f894c73bbc5de0e0706a2455011b34de297abc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2ec7c31b3a3cf0279fc06727db15d6ed

SHA1
63a556474ae7bb3f9bab76d28cd12940ff2c6e13

SHA256
62ff4eb6420525bf8b2f984ab565a0555e865c02c853c5d8981d33f9d24a2227

SHA512
3427759ff6b85fa90c257205642f1d8d6cee8d28d38546eabd2fd856f38a1afbd2c24c2fe51e985ff70f2c5647213554c99b2f4ca0eff57646d8b55369f8a604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
672B

MD5
11495c7e82f1eae263412572560ddfa3

SHA1
335fce52bc97bd449d892adff810a815c499e3f6

SHA256
c528d4c3ff971608ac296729c21a4fd6953852a79c10040a92bc58fed86ff277

SHA512
4a3a561da517a1d7288b99af05e3e82e7ebc2e27b4d74645e4827806f9332bb47ec97fd5bb3fb54f7a4fb1b2469a94c625811f1b71b49435a75f279527e2ae09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a11aacb3438b6c1ffb8a63442785ee48

SHA1
475e1af2add89dd8486cadd2d66b60605f9d343b

SHA256
6f4c9c38a71cfc381db01ac79b08db70980063c09e2e28087533ce6f218ef048

SHA512
de7f0a4895a84de54ed6491681d36673414df8a7af4d61d5a99939bd9b472937a853ab59db19363312de8b359b5550cf7b627c19bd7cbfef3fb42aa00ba02653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
105edac9c3a5182d4e2ce61b541cae3c

SHA1
ddd152f55ae04656e0bcdb03b10e5978018ef735

SHA256
e8c28de097337ce683926774e2252bae73fd34f7271a70560a6e860ee536df22

SHA512
a6b3269df1ef00b27a26bb03e8f00989237998dd5a196198331194751d08870e742ce0559473098d58c294c582650e5c7ecb5dfba27b7798b0c686f8d026118e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c814c887b9ea8ea3e2898d211e0c0496

SHA1
31393df3136b157ed0536d35932ddda8b8967d4d

SHA256
58a9bdfb88b014f9385aa69ded5e8ef5ea90f429acb6e19c9b081398306320b7

SHA512
7211f9a9c6b0bcfc7a9ef02e5d072e6443bcfb1565d74bb93cc6d7749b5f160056559b6f96115eb0ec81624d6c0f4196944248db26c8eba9247574baf051d69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d39b5d8153b2204f339876e5d7febeb

SHA1
6ef82ec67607b59ae33e091c3c93a4d1fbb38318

SHA256
5ef8382d50e78bea53fbe6b6d2ba1cb557f56f980089c33e440bb0a2a5ad9a13

SHA512
9798155fb6a06f13453db46a58e349dcce85145bb127f58284a386f1a484029a4e7983f0aba3dcf2f47bc3a358199511adb40b706d9b4734a294494795e5167d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63f68c6106eadf5183955cc07d2bf020

SHA1
bd96151535b2828b69dd7d400e33dfd6a92fd4d6

SHA256
bbd5164fe710748b3947cd1bc2c898ba0adf943e63f4400fea5260dd02626f17

SHA512
1d0cc21cdccaf0891b22fe12ef8b8ee1632a7158ba544229b0fcc40da6d5d2f4279a8639421b0248d0bc3cf433f5befddb7f80639b7f8973f325a39c9c764e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed2f.TMP

Filesize
1KB

MD5
ced458554c1c3c8504cb13d74762d8ff

SHA1
35edcbbec3bf627a24d2a46d51b5fa07d3e5af0d

SHA256
63d17e12281e0629c4b750ea6d59df199b4e8d51d0856b34dda4c0c408bad7c8

SHA512
2c4d6ebb13442f960f2e7090e991de57c152236a8de447b94f67312c06d40f5c594389b9819e03eb5ba628d7b4e9c8501830edc35cd902aa295ac79024258cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9f4228f57291adfb56f94de72ac57b67

SHA1
f1d08554f6b5cc8cf40df68452ff1c26cd7fc3d2

SHA256
fc9e4ee8df5d620f97b0bf3106f99d777ec8d62b1543cd272a4756eb2eb6a466

SHA512
8c66187c5e3fe71aa49541d16f892e8971278a05574712f85658d54f400764603d148664852d76c76dda34fe8f08663d9d030e5d610782b18def1f930c5818a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a150069eaec3666722514f5229986adf

SHA1
359f4f59e3b81ad98619242a85ba18ae365e9174

SHA256
269653f584be1b52b4853a0592e5938772a30a3366b2ae0481d2a668674a9086

SHA512
d6a656502bd28f0926d45a516aab64e39d85620c6850aa2bcc9fb7ee57b20948b8dadec34e1bea63249ea2685ce4cebbc6376f2b8b047d7e63ebcdd002393902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd93fd65a1571e76d98404755baf6be7

SHA1
c1afa757e15694b20bd6eb2377b6d524e10c0e56

SHA256
98172d7875d97c35a813fe7986e5cc937f53d9ea9dbca82dcdf24608edc37fb7

SHA512
f5a860a79fe959bf52cfa5efef57ba5600253b095b7ceed3b899aed61eb34b0f3ec5f3f23e64ad8d04036d5623fc3c817a8c6bee4acf019c5048826e8dbd05c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e485348c-6bb7-40e2-9c20-b1b357ff6fc9.tmp

Filesize
11KB

MD5
bd99c9fe5464fbe3132b7f6c8c40c7e8

SHA1
dfbaa4f57638f02ce2184016c88ef3e5140d2cc1

SHA256
a2f097bdb72e593e39509332c0b2e8f3e2172eebca5dbdbf29bc6ca69ef89410

SHA512
0acb9c11264ca3ef7f873ee8cbbd2b3ebb4fd968b38808d5c2bcf144c955f994358ed391ab118b9664bf89ff54632d8705e5e3605248a0577139d287a989bd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_1476_JKEZFYBDOSJITZEJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1264-426-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-432-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-585-0x00000000055A0000-0x00000000055AE000-memory.dmp

Filesize
56KB

Download
memory/1264-372-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-374-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-369-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-370-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-386-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-393-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-398-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-404-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-408-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-410-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-412-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-415-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-416-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-418-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-420-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-428-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-367-0x00000000025E0000-0x0000000002612000-memory.dmp

Filesize
200KB

Download
memory/1264-380-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-382-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-384-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-388-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-390-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-394-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-396-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-400-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-402-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-406-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-495-0x0000000004D70000-0x0000000004D7A000-memory.dmp

Filesize
40KB

Download
memory/1264-422-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-424-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-493-0x0000000004DF0000-0x0000000005396000-memory.dmp

Filesize
5.6MB

Download
memory/1264-494-0x0000000004C30000-0x0000000004CC2000-memory.dmp

Filesize
584KB

Download
memory/1264-430-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-378-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-376-0x0000000002610000-0x000000000263B000-memory.dmp

Filesize
172KB

Download
memory/1264-368-0x0000000002610000-0x0000000002642000-memory.dmp

Filesize
200KB

Download
memory/3360-597-0x0000000000590000-0x000000000059C000-memory.dmp

Filesize
48KB

Download