fantom | hxxps://github[.]com/enginestein/Virus-Collection/releases/tag/v2[.]1[.]1

Analysis

max time kernel
297s
max time network
348s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29-09-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/enginestein/Virus-Collection/releases/tag/v2.1.1

Score

10^/10

fantom defense_evasion discovery evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>LVmM2YZmFsZbgUApXw3GJBzrKAkUXugnB7dDyaljyKbd/Ps/TirvrYcnpAzrhtebyLN2NTJ/S2ZelelrV6xqA+q/MHARMDNjcAV/XaojME40eAPAqZ/SKGheR+HODrNnwAG3//OfvSExJZn/qHLa+pBy+3YfsJmuAeZTdtHAqTj02xi0eA5LA8tF0/WRzzYN40mFam5K+q8pWPW8v6CSh6Ux5CfXE/vOVWbeEZHrFzbP+I2Q9Ff2NRpHXIRw20FE5a2oiTbaAk7Ced7fVMNySEsFN86XpztAC3i54TX7450dwTgs70tKYh1wFmjlcmpmSEZ7/scbS4AlpvndBZMgZA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-1735401866-3802634615-1355934272-1000\DECRYPT_YOUR_FILES.HTML

Ransom Note

Attention ! All your files have been encrypted. Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets. That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us. Getting a decryption of your files is - SIMPLY task. That all what you need: 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] 2. For test, decrypt 2 small files, to be sure that we can decrypt you files. 3. Pay our services. 4. GET software with passwords for decrypt you files. 5. Make measures to prevent this type situations again. IMPORTANT(1) Do not try restore files without our help, this is useless, and can destroy you data permanetly. IMPORTANT(2) We Cant hold you decryption passwords forever. ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. Your ID_KEY: Gg3A5BmTeON9pu2AnRpH69m91XjBSbPoDRzGlR9RlWqXwtF9///kGwLKyCMTnj2g7xOp3tRC+Ds/ECXRhQbg3HC9fQaIDWALi6dDdzw8MIn7lJpCU9xdt5ozRYiBqwRtnftIHHdMlIKjtkdfKKOKozFyTbTMqz/M4v7ARq5YaslIW8FqUlyVkOKowsb7yI0oMuS1rV0vNg+vdG0jUlu75tMBQiC24qzC3jl2X2L+uveXcBFm2Yq+nWKmK3A83m65iHS7CYBM7tcPZdmj5VIWrCczxkMZ3AsfovvoA8Eg9bamMQqlhbnxY8oZgdYaxO9HifauaUiKK0/xFEN8DaC+og==ZW4tVVM=

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>TQe7DqPEOsNNrTWpchqogSThcHCgwKrUY19LL9GPO3EQMndXY9q7X63mLP4b/yC2+GCbyZfjca/kFkweQ73RlAvlfsIxrMu2zMIpgKBt8w3MBuIfxR9gupzy8tXhhVRh8fOZSBrLZm48/WCbGnDv9DTElsu87oQCPQSkLTfIsKBVJNq2R80iGI1IAnpXgre1BSN4CJZlH/MpmHioRugRyBMtVHizV1isgts8/YsyzKPxrJW/Ht6cHECi/jWndrrz9jg+JMjPiRqh6VbNeXg/kkeYuiDUF7Er9vqWpbilEqUv/mAIiSuwrgzv4Xa+JknGYYoakJ+V33AEUtLWSNUMYQ==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (1034) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4644	Fantom.exe
2428	Fantom.exe
4776	Fantom.exe
4104	WindowsUpdate.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	camo.githubusercontent.com
2	raw.githubusercontent.com
38	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_x64__8wekyb3d8bbwe\Assets\Icons\StickyNotesMedTile.scale-200_altform-colorful_theme-light.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\contrast-white\MicrosoftSolitaireSplashScreen.scale-100_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png	Fantom.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-100_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\contrast-white\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\id-ID\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-200_contrast-white.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-256.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\CameraBadgeLogo.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-black\GetHelpWideTile.scale-200_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\SnipSketchAppList.targetsize-20_altform-lightunplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-16_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PaintLargeTile.scale-125.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsWideTile.scale-100_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleMedTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-125_altform-colorful_theme-light.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\AppxManifest.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_x64__8wekyb3d8bbwe\Assets\Icons\StickyNotesAppList.targetsize-16_altform-unplated_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PaintLargeTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\CameraSmallTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_altform-unplated_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\NewsAppList.targetsize-36_altform-unplated_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.29231.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PeopleBadgeLogo.scale-100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\SnippingTool\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-96_altform-unplated.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.scale-200.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-96_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\AdCloseButton.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\NotepadMedTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\PaintAppList.scale-400.png	Fantom.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fantom.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 727216.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Fantom.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
4936	msedge.exe
4936	msedge.exe
3708	msedge.exe
3708	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
3848	msedge.exe
3848	msedge.exe
4644	Fantom.exe
2428	Fantom.exe
2428	Fantom.exe
4776	Fantom.exe
4776	Fantom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4644	Fantom.exe
Token: SeDebugPrivilege	2428	Fantom.exe
Token: SeDebugPrivilege	4776	Fantom.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2196	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4536	4936	msedge.exe	78
PID 4936 wrote to memory of 4536	4936	msedge.exe	78
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 4068	4936	msedge.exe	79
PID 4936 wrote to memory of 2244	4936	msedge.exe	80
PID 4936 wrote to memory of 2244	4936	msedge.exe	80
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81
PID 4936 wrote to memory of 1972	4936	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/enginestein/Virus-Collection/releases/tag/v2.1.1
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5cf63cb8,0x7fff5cf63cc8,0x7fff5cf63cd8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4644
- - C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
    3⤵
    - Executes dropped EXE
    PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16431881924774119115,16316909101608986969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1072

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2428

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4776

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1735401866-3802634615-1355934272-1000\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
a3b54086fb6f074a98e05cb1c12820dd

SHA1
3489cfdebf9ab5d4d6de61f3c63e45675a401d9e

SHA256
c3873aea9b1c24c6c3c958657f123d2fa803134fe809d3a4f08b8ab9fe5bc072

SHA512
f9bf6b079380feb6f4c27b63a26a576aa7978a3ff716afa4aace64c8d562ab1ca0544354972d16aafbc66b87104972f0a4b0b43c26c3611d02c0c6585a250a65

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
f3a7fb2c1b274bb96b1356c4e3b4076e

SHA1
217eac7e5577d88a7556a96c0cc4fc2b6dd15e18

SHA256
79611ddf9e11fb645a7ec8269cb6bdf2a5ed4f1230e5beeebe30c8a93496ad66

SHA512
aa2912dd7d56e94d396fe8daad07de91759d8aedca72be059fb9b0954e2d7c727e386a8c56e97ad68e7bf07129ab89db92dddbf40719831a70786ed5878170e9

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
c9cd11524c8678514cbaf0364a6494b7

SHA1
e4fec60da12c4d5058bdee6894393e679d2882b6

SHA256
7199d66e3fb34ae11914c3e3bcccc01321d7ead9c95450dd307dda88af6613e8

SHA512
1056340bcf1e79f2ce54d992bc06ea7cf6e169f8a8ac3667d22bee41bb0e238c79c9708a21f23d816f75d9dfca3efcdf3b7225a7398fd1142ecee1546dd7741d

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
cbfa8966853dfc0c21edb8d479a6e503

SHA1
6c3c07066d6d59d514cab9e517793a78aa59b3c5

SHA256
018bec19b0a3caf944495efe11529b40f74512f7398251171c51f5ffd3236fcf

SHA512
db2bd08f522d47b4c26946d6298dd823d93085efc9c15914686ac47f2c4b6bda64959b4c5e3669c3783420e150e3e477918574584c0afa2a4e4aad62cfb78c23

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
81861cff126a07026040c15539ce95c0

SHA1
304a889ef7a4273f42d0ccfcaec13e2cb2567331

SHA256
05ce9caafd504d91154f197751e74c25fce2827448b0f94b441f341b17f54945

SHA512
d63be6cbec99cdd1056f85b87f36050d9ecd4f1fdfb6512c10db3a4e3f056bc0e9e2ee9cefa8d087711be7ab4844b49ebfb9b11da5e9a965a6cbda53815529fc

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
628685f908da19c45998be76eda4c1cc

SHA1
8799ccf3f24cfd776a359d479c784bf4b1fa27e0

SHA256
317a88d5981c0b011352fce3544a168311eeefaf9b3604c67f9e689977f9aa4d

SHA512
2191029cc1123f9ee8936545ffd3905f390b92d70b91659cc27fbf6c464a34d4898c062677212c487da051f127a41648b89918980737abe5ca4ba16c6d287635

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
f3095646b09449a8e2e7b17a9a502772

SHA1
214081716d7889ce0945b1c9d097c172fafe6f2c

SHA256
6025ec0e36239d0e7d46cb2ab230df29bbe744a920fc6dcc6a6fd9d682a1d728

SHA512
3dd8df84f28748092d7fb8dd0637e7908fc6fc4b661289ec6a4d3eaa1b19cc25b8464139c8659bd6ddc34a207db9b224a30fddfad9bc67e7775ddb61c183dd80

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
f874732a17c40018ba18e4acf4c25ce4

SHA1
cd8cec33277163f918c00b3c3313f6bfc25b3a6b

SHA256
2abea3804038789c1ba91a992b74f6918c13286e501596bbd7d678d3e7f5c7e2

SHA512
35665da9c76142ce15fea8cb7db5145a573fee8067bbda9aa6c0dd17f201acb8d8c97c168b3e5f5861833570eb457bc062e79e64697398ebf9f97ebd419282bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
80123ec2bccc5aac2e6de043d534aaad

SHA1
acf5e3a8a20346e58704edf4a5810d515afecbb9

SHA256
50dcd06b57294b35e51ac07fc68bff6f2c1bce6cc7297f4a2295823b6b7b99a2

SHA512
43ffa827f37980047f17e95242e64542f10c42dea79d99f65460a17e01e6d78b39ff8bb69dfc01f2b1a942c260e55049c3c9a07a310beb080aed18d223b862a0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
2e120a692f6338e51776b39d8f5d8a07

SHA1
d4449c76b46c052586d94bb7f7b411f4ebda19a3

SHA256
24ce1ca29e5e78af3c5da15def00fc241096ed8663a0f3f7a1baf670c53e2b8d

SHA512
87d81810f4850eadb436f73755489d1fe711c5b334ad1e846db9f66493c3dfb65f32f9efe70170913337f630ba5bc9083e41f3998c7a52445dd3a2c23b8a8acf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
890363ca07c3c95e8f25995d18b7bf5f

SHA1
81ed106386ff15270da038a5db40b77b9e250f9a

SHA256
618b924132044e1f5ee525dc767e77ff7db371a90c98c83b1f70f104d203e856

SHA512
e1cce7f569fac2c0d325fb416cae37cdbee9b237777dd09275347219873241ebb01c3cb41499e54a9d82a2e12ec334f0d8ea08cf62be6b496280c63977c3b2a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
143652df47aa96b79719fe186f705218

SHA1
1d0450261370cb09c97b5a3cef1147dd04734b54

SHA256
9e606f758dd30a05c3dbaeb183d50c230d51883d6246e44ef6ce55b34a944de0

SHA512
8d3c9a65616d0286cd63c2ee90087fb26d1f14160b6d8eaca21bd740fe3459be5632b38ea51b287a4f39da418aa302caf044e791c1dfb666689f3040fff13784

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
870e1a3b5ec3f84e6b54729fdcb85d31

SHA1
5e771d47dedc94477a5468d61d1ff5a4533163ff

SHA256
9f2475a878f0d052be99a446af0f90a0528d36f890eb4b9c5e1468b002e8175a

SHA512
5bfeff1fe5e4f97d81c1050fae7e648c74828bf393acd785a3ce8f4048e691ef47d883b53e51927c261587a04905a0071e44cff51ff93c37f75278b314034662

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
f142f36681d257a055724b6547e75440

SHA1
34e8e333235100c1155ddef44ffd72884b868aa6

SHA256
bfb505a2b45f1c5cd3acf598e7ee0c64f5554c00364f7fa6ef8d49fafed51037

SHA512
50de03c006f818fba168286f4226d033e4701bc1b927bb44cb1c43873389d75d36d89bd7df0fe940443b4f3604af9b9943f85787ff36f72e0dcf1d098fe470df

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d07871ac164a23a5550ea655ed4a3006

SHA1
bf6302b6dd6501055d329d79fdc050683c337018

SHA256
62739765aefe5b4ebb6af629624766d42b3c15274a0462ef6e68c5d2137085bf

SHA512
6fa51ac86d520bcdc7a4c1620b068a0e4600fc0c05a23b9309b492f72176ccc5d1ef3c0c3fa851470373b124de65af5ec4b2b175dce2e721331d4bd632f89bd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
a2261d9968c9dfcb47512d2f17ef3da7

SHA1
469359a1f3f763b393fbb1ddc6668823933628e9

SHA256
06e6799d28ce2bcf03b80b384a2339872114f3df260577165d616a81b30936cd

SHA512
95092081ff22fd478e78b90cb4b8e72d087e9a950c5e77bbedfbaff4c49b52575fce553f07967f0198f84b19dcbbd2990f190a050c73e64bde7e7cf9292e3e59

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
3336f745c9aedc78a4a33da730d6b35b

SHA1
55ae0455207f44676663136183d84f6b6706b767

SHA256
977e3bc507789ae7b92be8ff6d06b91daf39d78510ca8fd3878a2b780fbe6c04

SHA512
f7cb45f3f1fd108f952888e7044acb6c7c30f12a6f164c19f0f143b357de084c5fdf8e4bf90558e2391a61b7bd59e795bde79faaa5199fd414293768028a02a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
69f9d9e87b07a992385c478a0b167852

SHA1
b422d98f0fa159dfbd195cdb68fe844394dae052

SHA256
72c627bd34a7ee118fc16c218c60bbe941e3033caa5d2d3742750c6c2b37262f

SHA512
dd13a209cbee34aa10f0231d5c75c6ad6ddd30bd76fd8596dbf22364d7fe7713992d19a13a358ccb40df238889eb5b4c4573e62e08060123edc37d2287cc40f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
24c6c57b0c89a6bbf3f5fc9ae9a5dbb0

SHA1
3253c1267422ef24fef207fcec48972479905e82

SHA256
52a4009347cfc51d6ffdcf67d764c31724e35676c6540173b96dc625cda522e5

SHA512
822bd710a86bd55d7919681e6a0ff9b0a278ab9eeefd89cab10ea27479ce3f454a50d5cdb21e9df5ffda3dc56058e9df7eb19d292d0080376f3f5df703ae3f0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.fantom

Filesize
3KB

MD5
513ad56552b92ae6b050a053a80d2319

SHA1
1bf23122ee4477ebbdd601ec18927fef5c3aedf0

SHA256
17be894598fcf0624c1ebe16bc2f0467b032a8270503978897ffacd5dd587367

SHA512
a525fd1250b967627ec933f88e0096a48ba296b817ba71a240ef8951ee37dc5cdd711b0620987d376b13c7231aca46a5aaf122573fcefa17c6ed891bc541ce4c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
676278cedbce0364792a52e0b3b4274b

SHA1
b1403bfcb911f95bedaf9e590eb60d2faa35a7bb

SHA256
5dca1ee9b762ae1ef75e2e3355faa1f78283a1751aaf32e80a91a7809f8c6bf4

SHA512
6278b9d335d4f2e3391a3ecb338813032563655e0abdd64ec1171041f4b7c1d18feda2ad28e0d98e2c67666a1aa819074cc6d830efe7db56cb86b8da8c667498

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8709d4d9f5af51e48f0cabf94d51d745

SHA1
8dfe60e4fef9f75e9985234188306cb577d45e2e

SHA256
871fd0e2339af23776aa3f2ba42cf81fb11405c12eeeea4ff32534e1c1ad9f30

SHA512
bb270ebda97b18ffaf94ec54e8cec51ddb2c2036b98f72d9a98009637a897b7c07e4533bb18a9e65d0594212736b1ae9e75dc291909ea20f5531fc6bee1334ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
f0a187b8feeef9cd39319da17d45413c

SHA1
79aa6f92ba503b33ab20a67e766ae80025d4e50d

SHA256
6929d4222fe56e3daad36cba5ee8176741281f90a77d124b6b4d98d6b8d87fdc

SHA512
dfe3566049ec7010e2b4729f3fc3c5e3f661fa815ad3a719b6b28781d4ce2218f0d30e0826b72268a97b5f10d89a405a3edc284bb361820d0af6d6a82518643d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
45aaa1a76b27c01969a0b21381a8256b

SHA1
5c0ac4beff43823cc15a07305952b8e1a69a01e0

SHA256
7384fee60e1e09fa75e163a6133da15e2e0c2cb7f87e046f63fad5ce79141070

SHA512
642fb7d80f6609f3614fb366490fe91de7600bd1d0313c747a47e52469606a871461dda9cae1f21983a35926f81247b1ca996c9acac711bc7b457af3b2ee2512

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
667d75382b348c1676a460f4a4441003

SHA1
94f1c1ed0be22641d23092a130a446a46a80753f

SHA256
4d05f866f906ddbbeae42426625e30e6dd3060a5db53dbb8eb8821a402536892

SHA512
c4400acc4711201d0d94a655d4d87b4270afa015530736bf5ed9a4b2b5143342c42ba80b529156e28cdf6a67ac724e2131229a9fdc277c967f0980e2ce2d80ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
db09877511e21122155bf4736ced00f6

SHA1
45785b3edaeac9f0bdbcaed57aeb057e141643f8

SHA256
276ecc54a4556b4de2276f3d233add706f82050e45c18cba0d90b422579bd525

SHA512
6ddd09cca7b4dda841e6469204d34e3fa74152eac98cbc79c199df8f36d6c233454451eedd1db35e0d168aaafe6db2090926c3969bddcbea72aac5007736c8b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
953d651e6dba220f06f6ee44eadfd4cd

SHA1
46b4d78db1fee2a88b0564637420af597da7c978

SHA256
41b7bb1958e893bba49183aff096b62880d4cadd35e449d1e379b24193c6a279

SHA512
430c05d3296c80813b13c560c08e872dd6377fa29baa1e2514cf90ab585856e8e03ccce3975d61efe69c6612b0f8c81a8d657627e3772cbf6d04a29e69aed06e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
42b8f41d04d58beb32ebc72112b1e51a

SHA1
2ad0b993dc732e31ff00ea5c221ecc8262b7074c

SHA256
2f101d8098a8d7d072ea08bbdf3c9e3181e9c3c5846519e0aff40cda1a12e00f

SHA512
bf196a03851975bdccf2f1bf062b8b41eeff4d5e907d4f6701279894e335c82be9fe361461ddad37d3fc70f800deedabe95ea8e3ba87eef52e1c5fb78533ea84

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
9d8a5231d86e3e06e7f9b8562172b9e7

SHA1
cb03a8a9a09b8ce4685956608ee96700ff022235

SHA256
e5ebf904cff9038719740de7a9d5c209c3a90d888dfabe0579281276cfcdadd7

SHA512
46539e92bb0e9af8c9015cd75f7e4e578aa7a23cfea52f5398b80e144b2216ab1580ced8d9c823305d37b6b163564aeec63fa4d3661fe63e1abada70ab09e353

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
4f4da3f2d05a59979915fc7c6bf8d49b

SHA1
4fc9422b615c605cdecf47ca53e539865af854be

SHA256
73f62a68de408f9f930823315752087340a79d3775398e7e470eb25f0e67f8b6

SHA512
6f0b34dca76a4b20d20681077a315bc7108c57110212497e844e19e949437f537ad061e0c573d11ac25acfa4a91705e031ffe7c43f6fbc767154c2ea54687612

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
4ff365641063dc44c99931f32c956586

SHA1
91d045a4c521a27a5efeb9807f60972e7f555c53

SHA256
b2b49311c62cce130ef6ccd0a98da2f0c8f96ec1722c5648f447a465b1fe96e9

SHA512
b97a4ddb123a3b31e881c4d278f6a3f7b8cbdcf8f0b72cb5f98fa012225d154dba658a3d3a368d064b51e9fc95c60077ac4c646bd28a5df32e0f25c8b7627b20

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
3144badd16ce358565cf586800dd2ca3

SHA1
78020df3c3dc15d67b05b54de142907e9e6828d9

SHA256
6cd6b6adc589f7fb57b90acf9695c79bb20c55a5f20fae97a03f2d7cad0ce09d

SHA512
a9b62569accd9cf5689d196d19dcf6ebe9d5d74271f52686aa44ae54862e581f194ea517c105f12b338c24bdfd91500861a1de8b901da818c8a045a6505cfb24

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
00d8b8243815df8967ab6108edb9502e

SHA1
8f688169cad61939ed232d1201627c84b2ff0e5e

SHA256
58e17763cf5c76995456f00384a06e54667bc36d4cd92db6c4a4596f236f59ea

SHA512
dfd16af7340dcf466fa2174f5c19977bf6dc4734f65befbcc8fcb6533add8d4ccb801c95ca750a98d9dfe6b86c1aed957fb8c4b3660e6f2d36fd7cc4bcfca4ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
21b783df425c2776a070163d3719827c

SHA1
5746580524efb05b22981043f2d1598181d5b44e

SHA256
5fa2f95f7030470e3338ec1dc86829e74e75ca6738dcd5720f34b68eeb864c7d

SHA512
6bd486f7ef6ed345c5ed2febf3b065a7769c2b764af524fc1085815f4f1527328c4222f7acccd3671a233dcf24196c79d96f2d945fc34fdefc05e792b3986fbf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
1144828fad9e3702d8d423946074fa6d

SHA1
2e1c445c6755afb8c60f1f014a9348f1afc5f54a

SHA256
645b3b61f5a8d7fa43afc1adba1d47e0ec231b4ef7c25db348d1b7a976ced448

SHA512
43ea621cc20a15a59e3c358d643ec6c62c230a7402a8a3925ea5637c3242164e971bdc9c6f7413d2e3a99c67677656138dabcbfb2cc636577e5c93e45e8567bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
cc5829cc6f0cdcc92de3902e43ec7109

SHA1
3a84e7d623b56388fe73cb0321933ed197b020a9

SHA256
ebe1ce7321aef95ba126cb8d84a1a652eb57a42fee511f9d8a3f39dfdb6027bf

SHA512
d094d96d6a8c0a79f6073970e5daa2e1ff035037520daf364ef14be486c303fcec3138cefdcd027134b992ec0f8162c6c71b9a7af3eeb168cbd192b32e31dfec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
12ba2c285c28ec70534177c49fc9b021

SHA1
9967cd5be94d7d03d4430d1bdca0332e65681935

SHA256
bd00915e7524e07defba0e20a5bb30149cb3413ddbcb5f39732d1a88e5d478d3

SHA512
16bf5658d26f74c4fdd668eaddfa19cbededba9a9b0cb169108c9783f9eb4be7dff93cfe83136ce7246eb61bab28bc58c3df332e0f887997401a495ea63a2647

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
d1677a78284b791d9ca64dd64fed9553

SHA1
a77703fb16846d1d41d0829c23288e0193408753

SHA256
5913f0e3d818870878e852c5a6b612eadd02f77ac3684e40b22cb210c39444d8

SHA512
07eaf8d6c986cb9d9b0f9950776d32b7df455ec4e96cdea1ee129333c3d47542ae2699740697eb873f93b5e619ec8b340304036230394a85d464f00226bab740

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
90862175cd6f1d8c508780435a05b6d5

SHA1
9e9ddaf822faf5297b016b006868a5178a1e704e

SHA256
4cfe4633615ce85df764df4c930418a16f62f75e76baee3473b97fbf31b47e59

SHA512
58b0adc25b18cbbb40da706d6bda469f8ed078666f9b6eb42e7b1847bfe9fcbc4acd0de706fa57db7e080c3e0dc0c8a42891079c5f757a60b977280437a3c7c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
9c8bf72543711fd750d3981b4f0b48b2

SHA1
3af271175b44c6c9947f858235ea05871bcac5fb

SHA256
04c7b70e1e20615a74511e9e59ee61f37681e5c8291f5d1aff0c066d509f54ae

SHA512
a97d8ef6294affc0b1804f5879fb4e7eda5aa7e6970b165d75e4b98f6003997fa6b9b9f140ac0c8cb9f4566264146ef9e13876d136a60a332325600c6208aecf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.fantom

Filesize
11KB

MD5
e982904689a075c0e36697826b9a1e51

SHA1
5d3898c57ab3d0ee17c55890fc61ea3ed2333b8f

SHA256
733b1a0d130d0fec47b2005b90f7d84aae13e6c7ba399ce9ceceb411b7ae742d

SHA512
5d9a214941bf629b7c5d0604b6b140dc794d984f6e5141bf3007e08d4bea1e23c34e910db3ee3c7917f8342db1c032d34d0fd853b1657f505a6575aa3181d8fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
6423beb94f506fc85ea15cd032999e8c

SHA1
074904880760cb90faf466e508e6f4db270abf8d

SHA256
6fe7fc7ec67652d46e09400ecded8eacb7c67494b18983537b18623dd588904b

SHA512
cada37fc4b89de8214d3348901ae0a1a0a3dc20ef52267331feaaf884bde821061073ee57d32f5676b1fdc5d3c31387303b52cd5392e72c5eae72f62944500e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
38b44b6e3b8a5fb844b801b8552dabd6

SHA1
5b257c988ac88e26e0e00086396ea929782f18b8

SHA256
8cabdd30ff10f34381318d2612faf8b73b25edcf48a4fc0736d69500dcf57acb

SHA512
4f74b42c8cb9a14e1b9615187b589fa7d8177a2380d6bd552b955bc0babdd8fc56de155fdc85b556420e68ceb566973956727653d691f72026fdb1c6138fdcc9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
36d3bf3373542bf5a08c247de3e46eaf

SHA1
2938a25c6f47102e2626bd61b515c6475c5cd189

SHA256
39a970e2675a11be4d946535afa52afa5cb8d49e929930c3736d79177dc21601

SHA512
365a7f6561a0d39d6bf3cb793deb4efed5da18b1edd0a1ac577264956f2409f4444e6672aebea48b24334bdd6f5d9be6a789aec0f1f39a7e73e7425c098dd2bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
8e6141b31e7094a454f5dd69c7c327ac

SHA1
ec586eca6e424e61211a3b387b17c830c4840e1e

SHA256
35e91d776f1774f9aa364115fabd3ed704e3216df32b12a8d6c45f9fa92c4c64

SHA512
1667963de9681f3ee4fb7deda2dc4eff88264c889be8a2dc13e4d2dd288edb33445c0cd30e06c2dcfb1cc131368fa05cadb510b66ac9f3fd2d85cd73847536e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
495ccb4ddbf53e4d0bc2097ac6da23fc

SHA1
3b205daca49f9108308ea9a57e470e88a87b23bf

SHA256
6f0c71f512ec12345714312023132d100afa851fb5c5c9af5724015544373344

SHA512
86aaa2dc4099c5b0d74d7458051641adb58d1f795a0ca6f5a1850cd1c51d7a3f074ebe7ab60d6def84ce5df9d0cf5e7f3dde3f70cb73dedb7a4b7024d0d2f34f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
fbf1abd638a379e4682fb5d2ab8aa878

SHA1
504e4b0525f68287be92c3fe927ef6da07df8ab3

SHA256
897202604855265bb65cc5e7ffcc97613241db6b949962fe705f73278544d2b7

SHA512
e1e2382c995a400ae41dd7fb577f3dde4503c3585c888a76c7bd68a94fd4b6ebf24523faebcdbc136742ed560d2b8d15fd3040bc44d9b5a753e879898d13c241

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
0187b4465072da3291805fa7c929da44

SHA1
e40523617b00ac22b424e377a45b593b1dcf37f7

SHA256
28bec4d7cad0452e55f79b9e13ca305b8177019f5bbcd406b50bdbdfe8a88795

SHA512
cdc561709c05963d10629e2d3258628f1e81d64cd24b8df83308b819c834976c9fcce82b1b7c82835a9c54f392dc6478fb7a3c7abea9398bd56a1652bc05493f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
acd0d86b70d02313818485764764aca6

SHA1
f446e0814e8470bb2ecbd1caef454c74b4819014

SHA256
6732770e8684637534fb1830ab8b05641c50f59963da6cad619234a6bbb15fbf

SHA512
d5aeb855d7289a0683f7baa45bf8cebc3f678680c29443448a0160bdc625c02a60c498b82ac6cb1681ff88d6f8f0774c515d5e29375a3e4ee946280068ca3560

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

Filesize
64B

MD5
862478a966ea774def38eea7552cb0a4

SHA1
bb42c30bf01b6c07ac8a11b8530c68ac9d11f154

SHA256
615863be007e6d1e9044d5479829fc351ab0377986bcd1703f70cafbc2bf443b

SHA512
c0906e9d52e614cb27234ecfa3e49da15d71a68f5993c809b49bd9212cd1f2a7eca199bff98b4a82088603b93f9555f34ed86b1f33159feca4888a100580ad06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
63845cbeb2778ec69ceda039e1f19dc9

SHA1
a39b9ad8d920482c07eacbcdd532e66589ccc549

SHA256
9dcd0ff47f790c23611bade2e0552700ab44a5fde30364f7da53827be921e229

SHA512
51a611049e54adade7af218326f27297854eb2052972bc0bbe69e13633eea47ca8f5b71f9c5f037ad46731c7bfdd1a862800f342658dd94bd7671c8595c948a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
544816973895ffb489f2711f24dfcc16

SHA1
4ec9715440590644c2f3205a99084bd024d62138

SHA256
588054e4e5c102a30cecebef78331482c51f055bc9580dfdaef548deca9c05b8

SHA512
be4545edb9ae114359d2850381b4b345bcff1da52d29d1ec13fade3a0c4d6657e8a1f7bd51afc2b9b61536db1c463b40b2ac97fcd5e93129770071c08fabd5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
726B

MD5
6a62b1e43375a889dc74d2582664d057

SHA1
aec094f7db5a1f62e32e40577bf4ac282c6b7b3c

SHA256
e83a85d478a792c35da134fbaadb95537a5b7f67d248c6df863bf0b50215c635

SHA512
3418bcc40e9d6e376e81c4b0e30985c84aa7b8e336e9be1a114391224beea7e1e66e9af04eb403ecf783d9aa1d475f9788aeed94f2b44f7b4e1aefd8988978fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
bde54c7cf2f305f1e0b079bed2a94f15

SHA1
d782aecd8599ab0b3547d2d9271e66e6eeabb41e

SHA256
ca143db121da66f7c8166cdb754af0c464ad0c6f6d9421a8754ce5522a5e3b82

SHA512
3e9065c825dba591d155894c92845dfa74adb5abef2579daa447e38a5ecdef8ea7067ba1015d602796e071244cf53e0531846d3e600fcf5e8403a41bda95299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
656B

MD5
c6498d04c39d5738916b8485e808db69

SHA1
74273eda75023be5e602f1c91de6d9debb5935b2

SHA256
6cdcad045e074cd24dba90817ab5e9f22fa34a7d5e1a8ba628c053dad7258467

SHA512
1083779f1b97086912fee0b080a17db19a002b431bc98a32b83f30f4152d10a6dac6a444f3e0db627ef7d11a5a76a98b70cf614156a750580cd43ec4d0b2e5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf1fd7efaed56f17238cd3bf3a91131b

SHA1
fd1c2258f03e48c22176e2e53f7fe8c173e941e8

SHA256
6a37a61e7e310d347f0ee79a95d1498b4580c7572eefb53a6301eee689b341c8

SHA512
a676ee305eff0bea53f7559ed535916c6652a88d21faa6c732bcf310d52bbc0979610fc908c0550138d98a50aff148c6bbdfccc3ced171f2a53b97cae790e182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e7d129189aff06940b78c91b3a27c81

SHA1
455d861599c30160fbcfac4223dc43b1f2d0fd14

SHA256
2b01951e220f87b772e59cc74bfb224586056eb51bb1a700642e850163f5149a

SHA512
416462a06638760ed343fe63cca769bd4ab80f18bdd9bfa091b263c4b28fb7370f68c50fadb088ed7394e8c722b213f79e621b9c30dba7b54e7654a3a68c17fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac6d0144c409b432474c4e6db5ea2d85

SHA1
2610859b18c4a63bd9ca6bdae5d0d56b2db58db8

SHA256
409da701ab43f0fd06d8ca604130c5df6be7b64163113ef52dd138d05b0b5775

SHA512
71b6dfd39a9a394cb8c53543d6300c05a7518b111f395517fb3e145ed18ba5e154dec3ccb8325fb8ce5dd4ae18cac1abb5b9e874b57b026ca64071191d2b8274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb8ae5acfb6067bb3ef7a70194721250

SHA1
ff213223f626a4c093c0faadd6ded2dc89fae1ac

SHA256
d913758fc4275959a9c73320d9d6d68d49f31e335fe3a7bf3118b78cc2f75f50

SHA512
a852e2fb515c54891a9cef785672cd9908afce52742b2f6a33a110230e0cc4e82ea804b920f6b700f94feab8ef3a9a2e66c487726c063f57229a857d74c27f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
916e70f131fda1d0532117aa4ab9d8b7

SHA1
2975787fe4b6b8e2ef4622975b551c2b190b4300

SHA256
69d3dd3cae703da6dfb9acbf2d4ad14ffc747974133bfda13b65b1292699d13b

SHA512
1ca2600e664678975bfbf2db3c76171a64ce57020e9db493ae1e1fe630354461152ab200497dc7be75fa08f98f5b734c0f4c084be063e528540b24b5e57f1f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21cf8e38dde379143f0f22acc3578a84

SHA1
3dfa7d82517c17fa86f1e8169a115f11c7c2624b

SHA256
9ce752d846018da69c4ac1226759a82ec29e50995067ec50668acaa43ab479cc

SHA512
204c2f57aec1893fae9c0f1e46e058ff1a9b48ae941d6e3594eb70876eaaad44faa8031aa70c0346b550c3f4476cc8941cb65b5a3a26b462b522c4919e69645a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
421116354b286b35ece075025439bf90

SHA1
2c22ef4cb88544ff5864c780e273ade826065faa

SHA256
9675e706e306dc13e843a796910036c19a6823cfa8ce0d95efa8a659f864284a

SHA512
35ee7d865618907f975cfbde2f04f55178581263c7abc49a54fdf4502c6585a3735bc74abda039e083492945a147f943b989914682ef15e7679080330905951b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea33b4d331545df401dbc668e9dceb71

SHA1
a19124fbc02fab333b364f100ac91d2739d1e4a6

SHA256
b7e0ccf53658af605ca58691edc4e4cd29bc05fa30f4e159e733a5c762a8d768

SHA512
cd866e47e5ea706756ddbd6b92dd33015c7ca3fc7d797c8c9698a419b0ce75a203294ed9f2eaa1cf611c9136e939f7e9c5be07d45f7cb4a664d87e66a8999091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df63fec5b2ee477ddd88a69350d50833

SHA1
fccc1c8e42866d40c2a1cf7429ceab3c48f09e8f

SHA256
1c1b47c89d0fb8ee402f5ecc1d1e1492a9974169bb0b88441c17ed5adabd3310

SHA512
e2caa3517c08877f62cf1fa52adc0607347ae06ecd550429d0986606d6d710d07108b2b312a4b16a20b7e0d3070536fc8138af10ba5b2efa187f03cc4de8425a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40417d8ed8e123185feb539f1db4697a

SHA1
9c28baa569e0b5db6c2dd42176f00f43fc62d7ec

SHA256
83b079d38567d26d315d44b8d69ead3748c8cd0e387f94418ee4d75ed2bd2c17

SHA512
8a42f94934b3809760d5d752edf87173cc4c36fe6c122e9c017a5b304e152aeb11b3fe786f7076894230309a449969fa5107a72a6d3e71b1b755028c1a27a88e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9e9e781c53ebcfce6296d765faf040d9

SHA1
c721ced3d43ae55c88e3ab2c3b7c115216b27f98

SHA256
a4629e5f377c9febd5fa3f02f98b8396af1df222dee3bb050c17675b81cafe1f

SHA512
920030bd761f8be3aea164c70bc1c2fd526ad3473e5fcc38d78cdb5b287f38acbdd8db9bf3a1ce85e307dbf3f4ec51f91b751c9f41d8df59f74ae21480bc2337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fc3d8b8f8efa39d298dbff5ca2f770a

SHA1
19568d794fc10b4962fb6a9f29049d0c6fb593dc

SHA256
983b322baf78e073e215e860c402c4bf3df7acfdc3457e1f8ee57273db9d0f3e

SHA512
bf400fe432fd43bebcd9114ea11cff396cf1c334ffddbd5d93a83bedcac0a2e6c33c0ac42f63b3950019b4581363c244169d71dbede33960b0c875a2c01c8943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
608426edb43e599333292e9e11a5afdb

SHA1
33c1a4225cc391bf47d0a9e11f7c11f0afbb391a

SHA256
ca660c488971de1e7f72600f64676b1eae82a56b7c4409c02f862c7194fe4e1b

SHA512
64939d277c752efc6b0151c14a3273f2c91b22a96dc02817092399008a1b4acee0084825d6ae122fc20cc3c4634db5952c0ff49be610eb0da09f9df50b59df3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f3f1a7f21bc627d3c5bf55463c9b903

SHA1
8fef171c708cd920c8addcea2f2c6da6761a4afe

SHA256
5a5a3d06c6f69d6e3163f3621cec272ace01eb21bc4db3bcbdd1078c83418868

SHA512
afa4064b107a1423ab932a622f9c60ac47a828d885bf83703b9fcd2d524191636597a252ad17f1b3a50d9ac8eb4c61883fc6d975a0694a455ae422d86f8ba7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef3bfba4bd3b03e1011676bd330d11b0

SHA1
b462e0fbbaf2e44ccd1a8b6566464e6c27fe6892

SHA256
4235c3038d21c6536aaaa543d85b5428c6f7aaa1f1377b18ceba647ae4ef2156

SHA512
6d2a7c0652e645a7b994e1d55beb80c0fad545b124e7cfd8d732de21a7b4cccba119d53985dd272a106da99e3bb97a70cf1def9b3b8465bd16128ab50ad68693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5830cf.TMP

Filesize
874B

MD5
c869963afbbd745cc60b02f0e9d30122

SHA1
39b74f0dd63b183fcb3424aedbf1f1c4d5dad1fe

SHA256
23ce1218a92a924b453bfda2cede7060184efe926c6a615c40cf65b783c11189

SHA512
282007ec2d2fde6e281f82bfcfe530bcdd1391b7d77dc00289f05d804b3b17e664373877a8bc426711c452c2e5f0ba06d1de5e1a1b315f8eff9db030aaf99745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c3ae4d8ffa8a9d8f5a21f8de210269b9

SHA1
cf7546709720dfc077fd1f3943515967a5447475

SHA256
1181e1da0e4b64f85ed7bf2bb7d412d0f172e947fd056d9c8c42c71ef205700f

SHA512
99e8107555838f82c5f29622c9e3c801f4a5fa5f6c4c709c95897e74a2ca43562c06743abff70f19efedca1fc2d1f72bf9a7a41812f4235435c2592a5d4b158e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6b9d7e4b2d2b24b3f6ef5361d5688f4

SHA1
e0e52f8942cdfe44373ee48895587d3e9277c2cf

SHA256
86808300f47100fbf98cf38f0e2cfc5272b374e6277fbe047a5660d9cf0d80f9

SHA512
8bd83dc600e6e2349fb06f6f63017e94eb1cdcbdc1e6bfa3aa1156eda203fe005b9d0eb83eacde037f33afe32a27ed7ed814887ad9815586f03a778a4d1abbfc

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4d52399020a24c1f6b4254cc7252504b

SHA1
2afe0c8994c64898d5fe16ca68811438ef19b0ee

SHA256
e75a14ce8abaea1788c4361552ef9ef2b86ea02485eb4ad5f8c22c9c49ece3e7

SHA512
a481726d4ef1dfd67a86ae79e16abda87a0f370310758cc8a1bb2516a69557129e9612b9430c0ae11d7ddf72e1afc3375f5649a09bb53febe5cc16718ba976b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\Fantom.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 727216.crdownload

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
memory/4104-943-0x0000000000650000-0x000000000065C000-memory.dmp

Filesize
48KB

Download
memory/4644-570-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-931-0x00000000060B0000-0x00000000060BE000-memory.dmp

Filesize
56KB

Download
memory/4644-633-0x0000000005410000-0x000000000541A000-memory.dmp

Filesize
40KB

Download
memory/4644-507-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-508-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-512-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-514-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-516-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-518-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-520-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-524-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-526-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-528-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-530-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-532-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-534-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-536-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-538-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-540-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-542-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-544-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-546-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-548-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-550-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-554-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-556-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-631-0x0000000004CE0000-0x0000000005286000-memory.dmp

Filesize
5.6MB

Download
memory/4644-632-0x0000000004C30000-0x0000000004CC2000-memory.dmp

Filesize
584KB

Download
memory/4644-558-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-560-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-562-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-564-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-566-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-568-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-552-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-522-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-510-0x0000000002640000-0x000000000266B000-memory.dmp

Filesize
172KB

Download
memory/4644-506-0x0000000002640000-0x0000000002672000-memory.dmp

Filesize
200KB

Download
memory/4644-505-0x0000000002600000-0x0000000002632000-memory.dmp

Filesize
200KB

Download