fantom | hxxps://github[.]com/fabrimagic72/malware-samples

Resubmissions

10-12-2024 08:15

241210-j53pravqar 10

Analysis

max time kernel
314s
max time network
353s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/fabrimagic72/malware-samples

Score

10^/10

fantom discovery evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>hK+GKssqCQSgssHv48A0nlwSYQ3+twsXL1/AWHGHEpZjl5tjgtyc9uDYs6vOZFW3177uYAtuxZSDVSN6Tab9ZZCwfKdu4qhY+kBuy3F080Il30U5k2Z4G2Xjt7/pDiCnIMIbh8kG9jIqf2yDbh0bQsF0izchpEb1SQXYJMHkDPNp+KiLlECpDGK2rFNX4oeGhbNFdpFRlxBDDgKqBgdk4qroMZDVQ1Aq+6m8BE/H+oIyStSDjuCX0aVtpkTU/SlCS4hpUd7MxPOhPW43z1Me1lfACx6SXxf8aH0lkOoYwE6kaK45v4kgC9FdHvfuA+8tzTX9NVl6nynU7a51/wG2eg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>l0SJBXGfwetEpaeodLAVBNCESPuqyOaWS4SFXkosfD/XcLgFm+flJkSC3duHFJBCqnG5eiSiPWw2Mu5WVYKpZW0Vgv00ahPZH1FvULC6FNAy10gm6JwpMRlA6z4lmNS2ZUcvCRs7+Z+h0jXIDQscpEZOYKYYIovAS3NajvGUxmz+vMPK1vIQBFyFySnMo5O8MTwmGguL9vfyJquCJEkImhvOfi7V79+veUgmtdmudviQIdVUA5If9J89mXjsMDEl2e5SJARTL/05i8ZVbOs/VKLYMal4Y9yXBmVE4jdTMyWlgSWL/HIEsJq2yarWzduBu5oCebTI1pXRnAGSHSzwlg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>kp9OrMO2Y8Wyjf8Unorkh3MMonJLq1VX3b5Z2crcK3d+P2KfE/p0GTEDrSwMWrYmGugMtvhdFi+SaNxGe+YY0nO/6eRUyOq2cqs8Xjr/5f6a9mqJJPpFeaf9q4Iccl7SOEpbWT0dPeZpQdd8oaIBdipCgPIyneAyqksLFpMlZ1mhAGlYcq4MvsiM27QNBAAYg1PX+YOU46ZKvxoJVr0SqDbO3eanjT6w7VeW+B0Rv+NRC6kFPPo/ENfxXvOZu1IrzokvMj3ojyoEAgHopAtDEo5aNVrTGKNCx+I9aSW7tFq4YDubT36SRotTOBSG45CqS3c343t4XToYCve+5X8qJw==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>Sfy00ZQozxvdlPcyqXE3pQEg8it5j0mslDgscQnVrWD+keraZpWv+eARhKkL2h8lFW/H3Z3SrhmszLO1CGPEYW6t+gAIOI8+P+ZYKorLSIeJmnyYPg74AaOiI2U0Ut50OXH5+CaUnN9myfdjLY3qWCM/lAHj+212lkruNJR1tVpxRMR6Uw2vV9iO+i4yPuO/0yQ8BJHvnf37nC4LLnGXFoeSZjokuSX7prOwnVnd8CI6J/8inpESed4qDcgmtHeZcaSTYlJbNaMh3LBWjx8bwrhdxXRiJjqgJzwV/Bx5PoUtcNzkvIg13XAqjBUTbzZToCLV5AhKUKjBhi5k2wijmA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (1029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Fantom.exe

Executes dropped EXE 5 IoCs

pid	Process
2108	Fantom.exe
1456	Fantom.exe
1620	Fantom.exe
1248	Fantom.exe
1696	WindowsUpdate.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
53	raw.githubusercontent.com
54	raw.githubusercontent.com
120	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\6.jpg	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-72_altform-unplated.png	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square150x150Logo.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\id\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-150_contrast-black.png	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\193.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_LargeTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\ExportHide.xlsm	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-32.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\32.jpg	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SplashWideTile.scale-100_contrast-white.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\1px.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\cs-CZ\View3d\3DViewerProductDescription-universal.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-200.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\170.png	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-20.png	Fantom.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-white_scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-400.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\BadgeLogo.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\MedTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-125.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Common Files\System\ado\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-white_scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-125.png	Fantom.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 567175.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
1624	msedge.exe
1624	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
1956	msedge.exe
1956	msedge.exe
4504	msedge.exe
4504	msedge.exe
2028	msedge.exe
2028	msedge.exe
988	msedge.exe
988	msedge.exe
2420	identity_helper.exe
2420	identity_helper.exe
2408	msedge.exe
2408	msedge.exe
2108	Fantom.exe
2108	Fantom.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
1456	Fantom.exe
1456	Fantom.exe
1620	Fantom.exe
1620	Fantom.exe
1248	Fantom.exe
1248	Fantom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	Fantom.exe
Token: SeDebugPrivilege	1456	Fantom.exe
Token: SeDebugPrivilege	1620	Fantom.exe
Token: SeDebugPrivilege	1248	Fantom.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2340	1624	msedge.exe	83
PID 1624 wrote to memory of 2340	1624	msedge.exe	83
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2788	1624	msedge.exe	84
PID 1624 wrote to memory of 2144	1624	msedge.exe	85
PID 1624 wrote to memory of 2144	1624	msedge.exe	85
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86
PID 1624 wrote to memory of 2760	1624	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/fabrimagic72/malware-samples
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff276546f8,0x7fff27654708,0x7fff27654718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,18363843635319005734,16724280497326221045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff276546f8,0x7fff27654708,0x7fff27654718
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
    3⤵
    - Executes dropped EXE
    PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15457211826757978769,5072321537496066519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1456

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1620

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
158ccaea5ca9d0e1734da3ac0c0ef848

SHA1
9a61ede7aa7fdd8b36a58fc0c8153de67d75da8e

SHA256
4ebfda3ac96443732ac22e7ee4f2224d15a34b84c5df0a9699172941036a6054

SHA512
8d7d71ca2a7ab5b1843e8d627bf03c9e677da973855435a1588c8a316823af2b04031c05c69e04c29aeacc1a5e07d171c55fa864069c7f56715b1c0d9cf678d3

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
91a6171590ea6a4ac8fa697ccce153de

SHA1
84015cc5dc22813e1772bb4ceece8444c70ab24e

SHA256
1350e1aa923119505bf81b9f21371a7a8d1f6805546b85d86118ea986ef31fcd

SHA512
5b8f0f67ad735fb5471ddacfc373e582c63eaf91e5262dbcc7afd34e114e8d72ce17d431329739d4b385cdafb3272b7019e066c362351f8cdae1cba0be83508f

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
7e0b1681a6d31328fb260317896cf11b

SHA1
ce317c398198d0e2f16d52d1e3f2f74679fb8f3f

SHA256
62348bef957460e7fa13b021378cc732efa72c7c1fadf538c14b356d5be06593

SHA512
2537830366a225e858afc2ef2322182c86e8fc9a28f757a018849cf326ca9f8eef312ccca5adb587345a9cc4f8127d8048b43eac796d43ab3275d62c83e89c71

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
b8b5d997ba3724b2c6b30906b7ffc954

SHA1
07aa72f12f704a4a94639ffb6db55fd42c76f2f4

SHA256
4572b00d674966042e561a764d031228de33db69ccac462f895c52af33f3356a

SHA512
22645075e99831581291b3bdea3191435b25d608893047ebebae3ce82f3fe13dda5eadaf43fa164925004a54aa99aa17c2250b9190c61a2a5fdb784b16098010

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
160B

MD5
988e45b5ab9aa9c6de216233ce0a7813

SHA1
69bc8a5c77b10173bc76a2209e25868ad9f0c0e3

SHA256
deeea112001b3551933016afeb1a8c1d8b8eb1c9609cf00cc84878af97c075af

SHA512
2da841e01718721436e55d0921d1847ca2b30aa1835564970b83ba49647e2d36a1e99c949fc77d4d480ad8d04e80e4190c6135fdd1854722277458165236e3fd

Download Submit
C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
3f8bc8b4d24ce865781ba913cbd3c41c

SHA1
3fd05b57e0353a24f68f88e638bfab0619b6dd47

SHA256
427c92c04489a89f73379f90dcf9cedea11809fb7638c04a721da56a688703fc

SHA512
a3683ac5753641e495f2d37aa720c72aeaed8550fb746d91234164f9cd570b2801e01fa247bd9ceaa68faac68636590ab631c8875584f448c06783482ab2aac9

Download Submit
C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d54d4d8faa7860541bff2784ac77997c

SHA1
4f3581fe211085f10aa23b03f26462af0019d2e8

SHA256
ba47ac456273ef32277cfa6872e9d526f44b0687fd0c05c8440a3e4339e508c0

SHA512
083fda5ed36a0e1761ba4e1d7fbe78be78c5d8f8518ac102b35dedab19ef54ce7c9afd9e06fef6d76bc26a19ee0c4ab194a57fa616f53823b00cb0ef9382c08a

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
ef4e1f4c597d7b36f113aeb0ce8a3a70

SHA1
3698bf1671dd8b89f408e0fc5ba08e37d3bf0778

SHA256
9b30cc6dc1e8761b509d6025cca4405ed85d3b9a9dc8960f2d6697a1c4c8e17e

SHA512
31800353b2d552ee1fe08863b73958cfef51d553e8a66a4d75cb4fed2d634d50a834e38dd5cf8a2b78ec6a946474a969200f2997539617de88bc7814bc4ff025

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
bf8b02d1a6d99d3bc6a3fe96a3e263e4

SHA1
c237c82645ce4c6a11110a807c5e435947774528

SHA256
3fd1bf8e3bed783731c6838016ea06ee21e8faedd8af1f12e40985c9bd60ebb6

SHA512
2e40880dadbdb8de37fe2ebb9f8e723e16dbdad5aa8162408c9e9706a62f92852846b1ed3ca106d1ae83814af3c92f28a6623673ddaa191070c2e69d726daf82

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8d7797c4c4c31719660474135bd26c67

SHA1
1e930fed47bd63b58c66d823fbb23469a7e6e3d2

SHA256
e2e7c1109fdceed0dd2e54f1d21583bac2d706db7a47374063bb34efad7baeb3

SHA512
00bd5729344da345569cb58f7d244444f29657ace8b1f355fdc4eb0cd6222902801c578ece7a3e9a7c3ce5cfc2d15e203fcfc3bb5f142c406e1bb674cbe7f43b

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
92c9c1f86b66e81502921771605f0080

SHA1
8589fd65d01f88c69ceab0c1736a8ff17d542a47

SHA256
c6c458f9a487337409feea04cfddcf13f96d8f7c1e1eb25f94bc8c6683bba5e7

SHA512
768381e2dbf8eac3e8012c7f27dcb3ae4be40485e7a5021c19274877fead28b7e46006c910cca068980df0d75c7b4d079b930b98f87fface6b0b9a21fc5be2b2

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
bfb2315ddaeaa34186ff33cf1f150f22

SHA1
bf063fe02e7616b0b972e70098abe0a6933e305b

SHA256
e151c4bd81138e0be098d0e27c3f64154c7ca31d0c962ab0f6aff68d0fcd4741

SHA512
0d15c24225924b3d79f8f389a1e7daaad6780c0eccd1863f6f9fc2c71724e93f1acafea0f77f1d1bf0a2aec514eebc3601c8ffb70a5906e32ce363053dfb8ad3

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
fbd49b575a498a495d55c799115daa3c

SHA1
c219ed9277fc2e167d9d810250a069ae7649cf8f

SHA256
52d1893541b81e091647efeb521bc9360d895e9d681ef6c86e1f921ecfa1fc09

SHA512
2b32d7ef2648bdca3a89c587a7c976d3cb87706eafcf1efd5e8abedd72e7c669fe72bb6cd61cfce32e9a1ec73872d89e9ae445d6fd82d2d982627e7718640826

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
e1af39166efbd78c0aa183bb688ee334

SHA1
f72ede8b2f3fd38bff03a5f01cad207943cb4805

SHA256
2ba0be5b35d872a2ecf14e00016fc4e59578777b829faa7387dcd2723c8e75dd

SHA512
15b28385e3bace563673e64d734ce40a5f6fa4a43bd1e2ec5a0eba83542afd5c631466b847b3fcd6b328ac87ffdf7b0b709e5ceb7bd5e7211b74d6c9b9a0eb8f

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
cd9221713603d202f9293fcbb889a0d1

SHA1
95f8f00df66afc1215af8061e0402475fa07a2ed

SHA256
4f8983a576e7b0cda0adf34676e1e143be04ab1ea0ea8542b1d5f160944bd8a1

SHA512
bc6465f77defc6a23e4456c1b65a76930f9d6fd803886e1effacdf2195ecc71784d4629a2469acc596b127bf9ba0909aeeaa63e23ed8dc9bb543dd66e2bd82f8

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
5b142aad8d8d7adf3f8d233b17a64061

SHA1
16479a009148bc0ed0ae1817d1e1bbeede43ced3

SHA256
bc5f4639d0f12d5e0ee36fed0836fd13f49af706d8221d611367626462d51d0b

SHA512
86121d5aa2fbd93c77cf980d6a8aa5b547d735b36f322222a703353677a226fb18377d33159f65d8c271d4ba5f2035475cfd9f51b6d785d48fe4d6a82433f664

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
67c35f091a403e1b6ae3d87750b5ebbe

SHA1
bef0011369d257cd3391afceadfd5c2c1dd6d087

SHA256
c23b36a2746789f91dd32b6073ccb271635e6ecf86443def74c85ddbc1f492dc

SHA512
47edc941fd038bc13847a65a51162d623150a10aff18b7e5746604cd864f9ee3199b5b4a5ac77a6003d054305bdd8a18361987690f4d0dc647195e800a16a7f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
a859f9a6fca1352eea6b53ed9a2dcd21

SHA1
950f02da0bfd8cdb9044c2834e2444f3974b930c

SHA256
573397ac5f5085d66d5aff59967d5de667a817b30d5765e42b33608b7ff9a196

SHA512
a88ccf0cd3cf6216d94560d1543f5bdbff0d655ef76de1154a6f4b6f590ebf92a962647d5d1e102ce91c679bbf4d5dfe828f18633cfbe864595160e64b084fb5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
ea4c1b6e8e7786704ff4d94406cf7b8d

SHA1
ca4f93f77ffaaad2b79f85038dbd2d6b78fd4069

SHA256
cb7d7e487d0a2a7a5c07013c5d7d5669e40b56ff1be804df002c85e5fb7c6ca4

SHA512
9ab03e30678dc9a0fe49da43843b6ebaab57832a180fbfe9efef1ce3603d8a972a63ba48fec2b30c374af66b67bdfae0f448c6479449d2ed4c4a7cecf0b2ae13

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e855ec1d067858cad7a5177948b77bf5

SHA1
61abf9a338e3ad6b24bcf3d00dd369fac403d2cf

SHA256
57b83a3ba141a63c2c96326400cdfac26f5c7d0cbb795ce5df474ea6678ac6cd

SHA512
afe3befef24b987f70437fe608946e3a75a9260784a1a425507368609b2499a033e5c0f119f9bbae3b1b769b74ff483959f7f586d8f1a58cab3d03df9cf5759e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
da5e2a0afa43e4b241be5b9fd159893f

SHA1
e0cacf8ea1b52a0a009fbc10e76bd9d3950e257b

SHA256
06c732eafc8b2365dbe5e00fcae009742bb21fa72bed6059f6d4be3befd7c81b

SHA512
0b6e5977534e5a7922f85a61325c31ebf978780cb634f458ab70453ae731e369bff0d16db4630ecb502d5f19f0439ddf7aa7b29a8fb773f7202860052a35d26a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
bbb33f8f45eb7b934f4d165f73e49cd9

SHA1
4d8da339bf8aa6bff5486f6d74c19a835eba35a6

SHA256
9f78ce942107f87a4d5b05161fd6bbdaefcbd0a4c7124cb18a7fcf996584676f

SHA512
831aca1e334b1259421adefdb8f1a782df5363b9ad8c395885b9f5926bd8a65addb1a7ea0a678a60e06386ef57b69545d429e09a462d5f436feb65192d7d8dd0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
1068a6d998509a21e4397adbae17cbe6

SHA1
80afecd364568c236e21828d6671c93d84cda1f3

SHA256
1bc9933810b2a27e6e3b62656bdbc21ef111de40effaf77bb6fb6d68f2102cfe

SHA512
fa79eb69f874f51c51059d81bf864b5618e048bcc7b19d516284da116533672094c572af12aa23a799db5a5019c93a77c8afdeee2aa529e350fab2be85af6e0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
635c38fc11cf6c936b7c0948f1f0758e

SHA1
0257fec4cbadd61a893118de11c3a69f552a5bcc

SHA256
271346598869f6f31bb6b33f96df53edf65a2f379ef7d80a29acf5bce5061be4

SHA512
ef188e7933e28c4622537e04ffb72edcee39be40b1ecd2ea346c6edf061daa277e7dda4a13f15d887587aaf21bd3e9f9b1269537d9409b856ab3e5f5a99e91ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
73451585d74ba36ee206112489b4a682

SHA1
550591d4dbe5a9e1b05c2eb4fb4d5198c103094f

SHA256
7d30dcae55c9a557c9fe8d8647dae6cf0fa7cf22704eb9aa628a707715529ed3

SHA512
7c1be5c0ae47b53c40d436d24bc620d002749c388a5c31b81208630329f1f84ab2d054ee4e31432aa7aecc01174aad8cd523996c1c0a9f34003888c65c8d4ea7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
e3a374bc7c18e72a9b82c2838bad2143

SHA1
f1c162ae967f63598d159863bf1f6c3b0b5d3a56

SHA256
5209ea2d614f5f4a8f4b6bae774aebb5d9feb3e50f34bf03712f7eaaf051ab11

SHA512
620117c731a2efdaa516b4f89073f8c97124a1928618efef09f6a6c967d83e92b132fcf49878a566bce3893eefa1c07954f0cef534c1a44228560bb5e5cf0a80

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
8c0e06b4f16e7fbf685733fa3c183675

SHA1
df1891c519c0cb3e4dd31854f96566423e3a5bce

SHA256
36586df4064095f6585ca128a6e499ad71d881883249efc8f18be9c05f872d59

SHA512
3486a0549b6ff37b1d1e46fa1dcc1c5877a190bfe16e686840338ed9d2cd1dfd4a320b63bf4abd83e971b8ab11219f456910074a97db26e9dc62344655e31121

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
b6c42e3216acf12468b07cb7460e643f

SHA1
03165ddb588579d70acbd7032395002c3c854de7

SHA256
33d3bb0f25150e53fb1fce0dd67f134bfc34478812300a01164294dda58834f4

SHA512
fb41dd9258f502219666ac22c0a80fdcac9364600a956946e1dd19b549ed5631173947a3f8f10a27fe6ea65d6cfa9965723edc1f923b0d5019ab3438b39c7279

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
38c709d964aaa427833e83c415ac7bb2

SHA1
02bc1df5e634829ce5dbf3c8b0a3b971234c9105

SHA256
20eac88b73d939a3a100ce3649f36eea6b9ff9c0cf166cf919a3b390f27133c5

SHA512
7230316d29eaca6ca635484bfdad148585b7c825926e3e641b797d068cc3ac1add49b116ae1ff8d09122dc20a45a54bf6cd2d97809898a5653ee416b500190d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
ea494f55117ef240514dae959eb7f0db

SHA1
c0d710849c154eb89510ca615a438601bea527b5

SHA256
d64c0cfa6fcb2be0c789e7c9e242e06d3ad9d09a1dc0693fb40dfbabd55868ce

SHA512
f3fe9aa0e0c5e441ce9e92e59c761a43901f8d87f86c1300cd1bc7e7b9f876e52b29b58dad5eaa83cee4a614a6a7ff8fe71f7387053fd053794d5dad9c5f2a93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
32a72c6117f052b608678c2355901014

SHA1
9a87364655590ab48e31305035db016e4feae345

SHA256
5d732a65c6bedaabe2d160990ec8458839c8449406bd8ac6c1f63fe8d4a8d958

SHA512
ca1847e164715c8e0681547e614cb0580963aa3c97ac31b2a52cf1b9a39d879be6561e55afef3c08706520bb9c1a770f407b6539ff485fbcf3a77445f868fa24

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8297e05ccf147cc41ad8b5020dd7d1a5

SHA1
593c415a2a52be6de101836b58bcc107946f1238

SHA256
1974fbe0112f369a1ab9f7546231db14297faa9ab6255c614685b49f7a634eb8

SHA512
6479ba7521e2a478d170b92c57ee064cc9123454aaffa4896a22d81141b7e09fed1ef5d36e7b4e02aa66294ce9bb4c97da0cc7bcafa7f2e1c4583587a27514a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
215edeb3a7289445ef572a220b058c2f

SHA1
b8f23fd1dd70837336432763aa67617e5bd53019

SHA256
f4931f7fce08a9b51ea3bec9aeab3ec386c2f20b5b06b97d41728d0dcaf3a743

SHA512
923bb4350b88363b555416c19521122e5994d53d3b22bc40b37876f22189f00b1cb211c8e50e3649c55583ac3ccedec49df6d9c197cfd07f501d171d8984b66d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1be648eed58728632e97317470d500ac

SHA1
2a5921b93a218627dff40f02178bb9be13fdb5b3

SHA256
b824b400b16d4a0a61f8ed086ca36d27b30360632adbbf59cb715d4224a24800

SHA512
66a5d5f11aa24c958258908e561b6b80919b7193898a5b6b1d69f3c63959f729918459eb9a35fb4062c44dbea4091e6371264cdd0a67e263d5f210b937e3f463

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
806eb77c28f1cccdad279ac49f385448

SHA1
beba17e901c7eff39ed2019840268e54547dce7b

SHA256
a14f1dc26c76d34a70b4c27d92926e08e4833d79c827795dd2f1b109c2ab7151

SHA512
43469794df6b7767f30ae555708ab3ea04ed5a6ed5b9b50b0f7a97c194bf9691e755268132e5e5a746457d8720321c07c93b1363f5f146fec2daa8ef4407db03

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
0b0b9267bbfc0033ee501367fa15fa00

SHA1
2f876779b2a8800c1efb79c4881bc7c1d721520f

SHA256
12138b5b14092dea212d281daf04f52a95fe869ecee7e8e2e4c217067fbde160

SHA512
15eaed79457498f9204e3889d0e94f9426561051e3aef586b31b30e8b1866c175fb2b6dbfb75385184a02939dde6889aeea4702bad2f5649a62be5346deb1184

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
5d567b2ecf059ba5deaabc8370ed8f89

SHA1
5ec2eea920eac4a00eb6d4b36cdb18f8dff804fa

SHA256
ff769d8c18cb94081dcf094bfaea61bbae47d3b8488232eee5a2af1f48e51fab

SHA512
e6bb3fc59ca6e24141e500cfb73724edb76f10abb2e24d8b51d9f992e744831b146962e1347eed499fc546207aadf26c15a39fdd40371d5a4de1337742ae66dd

Download Submit
C:\Program Files\Java\jre-1.8\lib\deploy.jar

Filesize
4.8MB

MD5
9c717602d8226fcc8521ee0c02b6f5e5

SHA1
def8d58424d80d26e7b116cddcdb7807849de573

SHA256
13237a5002db8419e38df86258cb84a4d25a9a9b8d855bc9f7a03a88cd3c5c23

SHA512
126ce58a8a9326b426453744d1c09c2ac22f3b43e7cfd7605c38d689dbbeb2f337cdc6fb0935e24dc2eb7165ac7f8e4cad76ba9154413d01c127f1ddd80e9883

Download Submit
C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif

Filesize
8KB

MD5
c74c15392a4315880d6516ca7f02460a

SHA1
6b88e1d5154730bb8f1bb83a4312e75743aa6e1d

SHA256
4386ea53dc203ecc90c98acc98a24b552525b2b51f5e4f4c6159688a19b3ac06

SHA512
9075145aa512fc0d2910d7358a5e888d95d2952c43070c15eaa953fbbca781c00bc6ee34f90c09ff99dd7c97ba35bb6c69f470a06468f14acaa07f345d45469a

Download Submit
C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar

Filesize
3.7MB

MD5
2c765ab9ebe58c3e95aa422bb8c281df

SHA1
e7173bad927163e078e7d8d2be78884874b429ce

SHA256
65f808d52f89ddce30ebb515180d10586749f40854be57277a745e868305a90b

SHA512
45b549da5c5735dd8b7a64a84cc9c621d99eb65cb1c482547b342dff25bf638ddc12f4878fed4eeccf22632df06930a22ef143855ccf0903e434f873c7921c53

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif

Filesize
160B

MD5
7b2d91d7973e28fb537df519f9caa7de

SHA1
9893c4f35373bfd96918d97d5f059e8069e77d06

SHA256
9da2de58cc27f7463e87c62273690ccce4ca4e92ad0b9a4f2f3aa9ec2806c5f7

SHA512
6698e4e433af35fe6b2336f9b0f803aa90feb56fb532584055629c11dab5283045c5fa791fa23a300a17047060fc7739bd88898bf8471af1342c8ad9fbe7cdd2

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
176B

MD5
ce1b0c3c63ce2d56de4d149070870c98

SHA1
cbad9dbf71fcf7964a16b5aa16c4aed8147bb7c2

SHA256
3898310d09f4a671d7f4aef5dcfe18fcafaf69a4680669b3257f0e618e7572ee

SHA512
139b80fe5c34dcee5d684cd9f05ad9154ffc5807204d31e9f3bb5722fb23ad8fbff4287732ac7482a1bc306acadf973c7dbb22af92c6c684ca7f7d21489464bd

Download Submit
C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar

Filesize
3KB

MD5
3907d2b4ab37dcaaf968e067fe12eaed

SHA1
46d3c6f1e8be582cd6eac1e2b7c8edc46909ebec

SHA256
7523290cb2f6a3b39c24b2b8476ea9c6556d14a12d0fb7d6b30201437c012870

SHA512
8475d23319004cd42ef4f4336fdec0122819d23ec5d0e12d8004469400f197eaea2081832c17bb4da648207f4ada11616364428b0c81f604c978221fda981ecf

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
346fb7aa369031c916f1b78be1ba6116

SHA1
035ab763dac92941e9272ad9a45df489991339fb

SHA256
c609469ace71c1eec6e0133e64b9f8b1e0766a771033506c0aa1bae913becca7

SHA512
30af10526e6bb5b11650a14d847fdecaedcaaeddfcd7afd4b020b708e6a5c276ef5d9356617ae88dc29226564f6032785bacd72f756534cca57be8f6acf49af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f847835f14aa96ac4c182fa8472a523e

SHA1
4c4dcda6aaedd535b5ffea64df201aea6cd0148c

SHA256
e62a4813140b8648ad5966d42d16b694ac371e3cf897873063f66b3821903f5f

SHA512
6080291a9c3a380fb9b22e2e6eae561e5dca21744b506fdd4e6e97d99d9fd944d0fee13338d76b4a4b5f6444583907a9d7af8f134fd0618ad24577387a77ea61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf82b4a6b99718086a372e9d25d0e5eb

SHA1
5ea160f1affa1b3e26cbffff73be789e2fde6566

SHA256
b1b0c08611eb30814aed584122f9b21750afbf71f17ab028e2920787b2541ffa

SHA512
5e2acb715535aab38d7b0f2bc2d34ec0b72be1a944939308900bd31cd0049d8184675ab7cc4183103a6d4f424e6b46040104e49b9886b87372b10cde51fb38c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1249df8bd61aaa9bd01d5e21c5e48c86

SHA1
eca86dcc80c3726447e099288cd8b360c9935ac8

SHA256
6db0a5ef44c9c7589f61c2002148092281a646374a3d7f37489d01eec8c3fb73

SHA512
cfdbb79209c2bbb7c38b4bc96f9c56e1b21f2166aef66789ed5de37bd078e56d574c1eead17345ce9275e78a18d6aaddbc8d497d216b838ad42dd73f1e609b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f9df54aa878a375335275cd971624a04

SHA1
229c3cec901454a5d1fd94e8ae558f6ad9d98981

SHA256
6449a2e252ce8ad3b8b492e74a410ed86ae9613a9270a52cc6facfe8ff803db5

SHA512
e91173e1691dac847654779d2859427c18b8a8c928715ee042fbef841d72223ed100f343e2d4f1738890834b968277b4c4fdd6e2090011a13275b67a9d1b735e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4fc18648067516ab6300a259b00d67f6

SHA1
4effed9bdce024833cc6465c77febb8396b344b7

SHA256
4d8b7a729a0a7e2b643bf702cb32972471e549c30a485860b08fc088fd8b3e41

SHA512
346e7f5314ea39b3c9f0b93ff532257e17ab7120394c3fbf0bf5fbfccd4c306444009d00e82dc65fdee53c256c9a5f2194ecd8375c0f5037c8e341f66b491472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4128f0fbdea0d0465cb5d631b33205ad

SHA1
406ba392fd8d8ec19ba62b11a7f2358fe4e1f223

SHA256
1bd01ca041298c09fa5138de7a2bb74704becb270e435e1fecd7ac965fffa664

SHA512
857c39596c96c1c04782a7806f076dcdca8b3a7ead84320cbf209fef0613291097974b2b24f0f0d57af4e23a7e471b13f1fafc0d9ae0c54c77d075964dfbaf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
68KB

MD5
f26bbba7e176ea7ee28bb8d1bb559e46

SHA1
04efbece4b8f5160b177211e1451a649b844b775

SHA256
e1fd5de2bdb5c05b81918158dd6f841338028f72ceee214de7c67813ed2a8155

SHA512
c23a748d54d6829127e50a912a0af1f8e9e611bb919a972697a0e71ba812843dc51642f4d72dfae6b6cfdbc65503828456a7773338e1fa83a2d88f889741fd45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
05f57a89c4d10890863ebeca7ab38fdb

SHA1
7ff06f90f3037b9ae8b449619ef68d72cf56a573

SHA256
1971761a4ec11558c8c00598addd619f7486af69011042b7bea577e60639f1c4

SHA512
1beb9116aae151d6ee744525525d21a6650036c747f5141271fb73552f153d90c90918fe8c0024172ac2021fcb0b2bfe401699c64de7a441b049508b1ec2e245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
96b6bcdb37a7fbe68dfd59f89f90b553

SHA1
ef30f4c248660c849380286f87c9fecd8c7633e5

SHA256
17dfa5a8ce0314fe3380da5b8cd6f2dd040336177c415b796315572a1951a889

SHA512
6647ea174c6d56092c41d44bc74406dbe42ff53a3317a712e365f777449676d52bf9a66aba638323e9db0475cec1f68b6af29ffaaa448758f63a4f357a462fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
d5f7a7f9fb0a71ca55fa6790c6febe77

SHA1
e38409d22318f550c21811645e6090e2a0284b1a

SHA256
945e13d6cd3a79be63185bb62fb855756d5744d5de4aecff82c205ee4d901d70

SHA512
bd6d838e8b47f3bb85b159f3119134bb8619eda5b7d4f1e2038c6f0716d7e7c4bf45a5cdbbb5bc4ec076862873dc57e0f8adb13aa33fe02f1378d12f91107da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
38a93164f35163f93364ec9860fbc906

SHA1
1a8210e45e88c6c075465a40166c4c29982558ee

SHA256
7f3b1a0cf5e301d9cbb29e304c30edc8bc39aaf0618745d77ea056c6e7f808ae

SHA512
7dd3afc6a1be85cf4618c4698b662ef1b2b906f37460232126ab11f1b6a212ac4d928c2ca8cedc2118070bbb74df321e92b8074dd9c04035f98ec9cbe0534d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aa9d8befa50adb44845b405ac32b76ca

SHA1
3713f5455b2aee32250b090694a6edb8a5e0f804

SHA256
63ba48156c353bcf744c663d23f8b55fafd2876850835316579e3ccd4ea52c46

SHA512
16de2979bb80d5b7954e924d9f7225e9942e2ae4ee5f87bb429aee503c2f39f09e8ab03c08c7d9d1d392b7f60c87c95e365315e223633eefe67e711821cc70c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
668ada43be4b6e0a138a82181e2b6e98

SHA1
507a9e37182655d9b31208aeddfb84811776d897

SHA256
73d223fef38a8b8fa7487b0951e7143ffd06a3a03c3156612efc310c0c3680c3

SHA512
3245e8558e040ac4ef6e42ebcc0df5c67fc059199769de8152a111976f100eef008aa0de691409c1c3cccac9fbba552380a58e1529578cbdee8c61463f14367c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb6f1e5dca860bfc70a4f29e042c3b46

SHA1
e06a94592938b985000b627208997139ea96c1db

SHA256
e2ef413e470756a9cb7cdde1b5da7dd8830fbf64e3bb78ec3acd7e59876c82b5

SHA512
160190e09f9d2431d669c6fad3c89137d3c2b78dd1478fce7fb339c427c09e97aee3050c085f6a90882d5774155a1f51c413afe1f18b00b146cfc3f535723933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
77df139f4ab01a3027a7c52eba72dc6b

SHA1
098af5a584f13dc7b46016b3a6cefee2cbebd695

SHA256
40d4e6c64a130bdacdf4cbd44202f5be25bea05cc97b12e6b0a011096bcddf53

SHA512
251453dc9b83f106dcd96df24cd2c8b8f98dbe3a16095c132d0f5e232737c2b6ac02097169009819692f6cd8f10f4fbc5aa77ec621a15973e9be664ea5c72156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
83be0271ebca01e714124c9d87b23906

SHA1
8680f548c50b23d9b7d0ee279f1bbf0069905c3a

SHA256
3ad95333f4c6792804364cfd7179ca32afa652df3e299ba71f43d66f72859c7f

SHA512
c8b624a9be9735d15b12e0d46c6a5444f481e23905cc20cb3df9f2696ba838905383b4beca070a6d63ecaf387de6ec8dcbafbe70819ca9d4ed7274c10faa6c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
045aabf10da5e4d1f71412029aad4b5d

SHA1
4100f7bdbddda4ead0b89303282ed66e54adad15

SHA256
c6c0fa476ca52c084890d9e8366fd730809bfda3f54431a5a9838580f0336ef9

SHA512
a2f8ac6a2b7ada0e04c4983eefbea0af015d1573476df95ab067827b7bcdc2fdc1dc05e494b424af3cf5b0f2919dc3e0228270974e9be92f8bbb2fe57bce99e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
085d18ff47cd41e89cf0b75a9da87a0a

SHA1
babd40a9cba353bd3eb6271732f847788fda501b

SHA256
f1a1debd17c084d81f25bd8d7142208ecc05f0b83ccd3934da848bc42fa4ff2a

SHA512
7773dd588c4b0a89419e4db9c8eca0ea76581ddc110a57617e258191a7bb4f6e400b8315e304e9d818a9697b18625b6e3777d90bd3febb80944c8164b4aa1976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
541d3b6a7a2deefe94d85ac36a592f03

SHA1
5a7b3f3a397905da1888e3bf23c1c3c4f395fb92

SHA256
666e7d729d5e38474cc0523965087075e75706eeedf9076433c2a878374c5f29

SHA512
337c1f1f424c6039ad31fa50fe7dccf2e62e90608d6963df7e15e8c92ed99219e660191a0f5842f25411ba9f99acc83d1ccd5e01ee65df6b0efacb2de4921807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
8882cb6972550dff0b129cfeba0281c6

SHA1
3189d28a62a1f38cf66de94150696b1bb7c8e0aa

SHA256
1ed13c6f5f3e150e81ba98e015cb0419afb449c12439981031c7f39652b8c01d

SHA512
4807ab2ba442d21b7a064bfeebb6f6d2b1d46fe791116d0af8804cb2711851b3f01e5d2332d89957857f52fda489f34a4533c66c0344b8e84e92b01db9d98440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
12KB

MD5
f5407051227870e15dd652d058af6527

SHA1
0a2a2874f28608f380a8a8a12d2e05cab0ee47f2

SHA256
23054f56212e7c80dcc33a31b0ce62e6a2d4b53804ca6c3597b65cdcde6203cc

SHA512
443fa8f3cab6d388523dab35a59c22ad2b43bdae78f9dcf437352ddce96160e2b9240bd31137a7df719f6615d8f87986fa978b3acb801d3cd749aec35853a8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9cba01e1257d333af79adf24b4d06778

SHA1
0a69a4a8ce2afe7bf5b785ea574063cb468376bf

SHA256
d83ac88f408d224cec9e7c5ba7068ded5f059af35c6c449fdbf0b50e4c4fd47e

SHA512
5073bdca52ebe0937b1759537e0bdd54df4df5d2de882e0f0ec4cceb0405ab10bff13e70ebf93aa18dad2ad99e19ad167c8778d782ed13c240fe86a9213aec07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
19e536ae752d204592d6253bff8cb8ae

SHA1
4528313da924a597ed12d99e15afdb698a818daf

SHA256
35cefa11bad27da13dd4b9d1d4a574bc7cd5b004c0c92350b936ac924d8e5160

SHA512
b5d2124d9fc90e96b8e197b3812e935fe61eee815d16c90b92b38896b2095fcd26f3a05685d433abf0681cc06bea6d8e8b866422cf1015e44fc12a7f54803620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6bbfcc642b641d9eafa96b728db0be62

SHA1
36afbb79c4a9c56ababb77bc459ea6ee9af0a67e

SHA256
e3cb72ceba2c6c0ada04c7c9391b84d7bc4d1e34183ce499632a6d7a930951be

SHA512
0fcd87c1ff3de8d0cb9a92d23e61dc334bc4ace91d2f10cf1ec285357b00ae32059e62fbc9688ceb3ec798ec20c27833ddcf831cf9182a97ba8823eba685846f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9c7c41e00e4b9905797caf36d0ac267c

SHA1
85e0b091ccef73b90c5c183551dee6a3fb96eef0

SHA256
666a66b715c35c589fe98fb0a2570cef15b8d692efa0dbd4e90faf0618b7fb09

SHA512
8d67b86b96d8a7ffe1f9fc71bce253e500d5ff59ed58a37f3f8dd8ebfc734155522304909e6ede06004f88a5341fb04deb97ac73f1261afa59f776794ba4a9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21eafac4d00e70836d73cf24ef6b22cd

SHA1
c208207dad2a22fff590046644a3784f4443a57b

SHA256
a0ebddffb15d46c1c0ce13b01da17753ed7b3ad79eff3a5a58fb0534de6d3f01

SHA512
3cd4c5f3ef7eba03f23dc997d461b793f651704ed13966b119cc035a0626b2a9709581131c377cc9c1290f457cb4581f24d92dfd280eb5c273fa15b3d665f79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29b9dc1d4e912a3e4bd8da089db228ca

SHA1
8925e59b1ac0a9254875d7d9d4ad9cff123a0dbe

SHA256
372eb41466f23a6b7f0837c20297427070740ced9bd34857a94aef554ee11763

SHA512
1b7ceb4610bb2312d4944dc62992c1601b6fcc78fbfc1206fbb9fdc172c0b81d6c7a26df1f3a196824d6e7cad1ad35969918733a945b4417ad5021f376be5bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01baa43da2b1b9408a1bfb5b8af1e6af

SHA1
5b4e3e98441c041ff0c42270d6db59fdd55f8ee3

SHA256
754f7a83e872dbdba2b73320373f4e981c940273e50f330914affee6b47f5e45

SHA512
1fa1966d8b3fca3ef9b3999f4b46ac0da6349181a24416faef947943408312232568594d96cc4b97c5ee9ba48a74e9513221a1839b6d414fd9d3dd0b48c5f59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b2d9be7b96b941e668dc2dd73671233

SHA1
a3de6299f0950b1ea85f2bc74aeb33b99294b255

SHA256
389323cc78235920aab21b2640602341a9a21a943527e945588463e3519f50c8

SHA512
31842c8edbebc9a8046f9d86b8b7bbe744d774792e5dcca90d344bf8b12d57bb005db36cebd4475657e69ac8cb4566ab7db7d761ba8e5747b0b7f455d625749f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df236154f583e5da08d0c471827299b0

SHA1
a0207a2af5b4ffe2be005a11f4d1664adf68ff9e

SHA256
1d5db332f0ee3783e7fd96ec3b2bc577e0af87be30227c3ef560d23f01069848

SHA512
09cf4d4396d1aaeaf0ff0bc81e6068e5e0ec3141a23d935b9401d0dff6b550f96749c6bd2e831ac0316b26e8fe646ef79a9c40a3476b14146a5a791b4b15f947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d660c4ccc39f543b48625ef81913628c

SHA1
6ed312986660a4423db411b11d8abfb84c9eec3c

SHA256
3d7b22d158a1589f118223c36725d5a55ef932c93b7b1c1e082297f59a3497ff

SHA512
93afb76ea84b8a9620373ec23a5ac5adefaf82bde57c37b814812f2d1e4f398a69a2d161da97b22c416e1b5745f82d5258c7f9af7122b77bb4604956ab07262a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
015f4ef8b9ab7f4ee5874c3363082ca6

SHA1
116de78bf01ba00e161abbe9fac9755f6af37c33

SHA256
537c2c6b540c3f1d9201aaa238e1c5982a38032e5a15a16d620284b513d64cb9

SHA512
9cfe0ded2c535c98b1acea25a86a82c25090e3710ad4161a428ccacaf82d8916823c255b1dbc0bf17a569b1e59851f10dd2dbc5cbe434c6c018c8e73952507ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fe5a03d67ae093c0740fc962010af47

SHA1
28067e491eb7e5b48617f8c31c756adccb76a3c6

SHA256
fbaea0a14713a8dd9614a250532d733e6114c2a67052b790fc5799f0bd0cf3e0

SHA512
ea4a94da03b0c7b66de2793618aa9db46063b2aaf59e3ca6b764e685a4fa23ce2998540e1156fcbe2e24c2c1b1679fea3212b257dd422cf13dac3e5488c19a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
841b68174367c28ded7a92ce5227efa1

SHA1
8dba29ce7476d913a6fc65d510362901df7fe795

SHA256
0edb4729eb25f6d3b0d09978ff66d353206adf409a4aef312508ab18cf8153b3

SHA512
da71c7db8bbdc5d619f96e170e6d1c199409d1c8d16ac3101eaddfe57c0e045a7d9187fa83f72af63ed836acdfab183e0b030f9b7e7f85a8a932c9c6fe66857e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f3af8b0e9d2e36196c6360b9c583c66

SHA1
a9ed36c492eb9ff5c86f0a486ca0c15623b4658b

SHA256
6a3b40260208f3f4a46127a497d40b19d788ecc52204836dd8c7ee2a1928bcb5

SHA512
41bb57305bf3366f14cb2c4e098e9894dd23db743e0c5db3693c50316db7c276ffdd135d0a2a36eba77a9d4ef9f1068c7411ebd3fd1c2187a38e060349862050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
873B

MD5
5c89e201d0c47ee3073160bada4f3f78

SHA1
a23ee3c04e01e55e447e2313e71905ba1725480d

SHA256
276b0dcd82a7607f6b0366daa51aba3b0096976a6bc6ac4e27a918fd50f9284f

SHA512
df32581e3df3da5fea0c60887b6ea4b029dcf80919af24ff8e643d25e59ac161d2d632ba108d04a047606ca4d870c417d1dd6bdb1c26f5b7539d191b00065acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
051d05786cfc3f1ee1133ddbebb8c8b3

SHA1
3b79a704148f50a44f9d5da519576bbded29110e

SHA256
f4fc62ab75a3cc6e64a82a44d63f8ec0efa2898a285aaed7b1a198da856cee1b

SHA512
70a885e81f0018c2a846c2cac1ccace8edeb3ad6a994f80701e5de339a514a661f85505a338d652b886664c1b246259cff84e1ed4d25de493a05ad1b697c84fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378292355384447

Filesize
34KB

MD5
eef278d27c1a8820fb5c7862e5f33a6f

SHA1
5f6de71a06fdc0be44ec5bd24c2c91f51d365564

SHA256
b551ba9656455a656c7579238be919335173cf960ed2a29fd3a0e1430391f654

SHA512
29b2cfc333023ec31592e5874fb6b49c4b30fae0d2722dfca6e3f5f709e776e36c9b00f0b9ca0ccb493c890fb423aa175c5713300e3180ec4f9ea310da95523e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378292355651447

Filesize
9KB

MD5
f10609929bd3953c6ecc934f2a180d42

SHA1
bab99e7afb4893ba5b5a43887cff498a689d1ce4

SHA256
015be8b9147e6fe218d0e5c882a193a1ebcd8ae236fc18ddf0f16424f934f380

SHA512
9059607851b85425df047138cd0170f2e6e0a307284330a084c441706b89fb7709356b8837bb69bdc9e079bd4c4532ef4c7c86132d4a7606c37b26da805d8f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0d936d239ae4a0d2b9b0d9bc45c8d3f7

SHA1
0537f39c4350bd19f67aea14d16186a240f7fc70

SHA256
a7b307a75a01059a66d38f4628814a6f8cc8819a71101d258e1baed5396a44a7

SHA512
db8af79582c6b67ec33cd36e108fe5d17e3408a2b72c82d00434fe3961972feb1482bc62bdd9fe9b9eb6875397f9cfaf70a728ab825451b25f9348d5959070b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f31fad0f2eee222c7dff8952be6f09e9

SHA1
ad5b9052e4af00e688596ed0ad31b82ad637d88b

SHA256
0b48ef2d39d1cfdb10d886b1924e44532c826723e28d5fb3346806131ea0fabb

SHA512
35cfac876f305dffd50fa29a5da8d52949f6e43604a65129437c608b099daaa9b69ffa6f043b4fb55b812ae2fd2efebf560f1a7fc9fde8bdb642d0de627db4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
bd4b6296986d4be99042739fabb6668a

SHA1
3426f93e87828236742f114eeb13ec11958db1ec

SHA256
c378d8eba928d85da4cbd7f4815c30f2a6196249e2d05b39fde99fa2d78856af

SHA512
1fbb9c76f92f36ed612f2660f8326aa693b97f333044a9f9ea93363b998928ba45f0fd5f359596dba0eb8883f22953db6ea5e45981d697ae87b0ce166752d20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e373fbb18fdd70a3b942299601db226b

SHA1
70dae4c6568800a2062424205fc4f39a40e701aa

SHA256
f65b4c12dcea83f588eb3889df695e16461cbb50c333b2f269497ab5fc079617

SHA512
795106d352bd253b3a6f6711596bb2c0cb0b506825f258f1468736b677be3cb7d807bd83cfff87378528b856d6071dcbb22957cc9989a856729d8858aa750c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
201975210392c11a3186d587f8091b5f

SHA1
2fe270279e8a613fbb90dc914b9c646f5d8056da

SHA256
d803f997d55cd86fdd41e5d287288cd1b10d9d6a3bcc3e392523bf7de642b1f7

SHA512
2b309d51e19eadaeb7efd680740349aa2be16b9d4413bed1c1728151b206b873bb7838e5a28be18693e5584e7f6eee38b737eb5ba0ff6c1e34065aab65cbf94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65ab2dc9e1832d43e5a966bed15af1b7

SHA1
b6b90ba37d1cc8d2c5062895dc144402c1835918

SHA256
f57a15cc84cad64a917a353018ea92ef2c585c525f990b54bf63a5fdb18b773a

SHA512
fd01b4a53aafde3817c203b022933801d89b352d1c2e011d0b3828b4fe17298d96fb0a8b178ac2f18cac40cbde84d15a004a12db2ebf7062bb71d0702bc00504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ba5a754e250dc997e6088369933fccd

SHA1
a4b690eca52da0be1146295912b105ebf02cf64b

SHA256
2185d0f4dd65f19e650735b64f33310930343d529446439c1eb25df942b335a1

SHA512
a7b143fc0c7c01b72cc3662150976070a687d0fe5626d2103276ee275133af4b87542026ac37ad32595d559cd8b2928c63a4bfb1e8153299d568e68d0fdbbd49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c84b4a53693c2844abb4739889df6e86

SHA1
1fb7c9d6c6f11e14b785a66e18837a9c6c75aba8

SHA256
5850c40e48f62e09cbae05411532c1e5420012f1fea07ed66e57c35c03e1cbfb

SHA512
fd8b6edb8541a8e0073391b40e10dec7efc66bca23a4761602345640ff2aa0d3c72574b88ae3ac0cb25a0ba6d97396e35bd39ee2f4e0cbdfc3b20ae30f4af8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
715ddcff25a8a3ad6ad6a5c3d0754d52

SHA1
f0d43c15ceebfcc67e0bf35de662f3b3dbc4db83

SHA256
1d5dabc9cbabdea2cb361419ca4cfc24d3410f29a5f785a4edf9b59ac4fec54d

SHA512
38cee12b169b92334df7a3fd432b474ef43064a675a0928423ecd9a2033059c184c9da9fe40eff12f53108910d609d766d7f5c2545b352bcf708ada0e33fde23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd65bfba73ddcbc38e514f6831bad076

SHA1
c60fe31203c0c3885727d6eb3d60e96d90e061f5

SHA256
cbc9dc564c807e06e7bf638220482146140a6c3d859d4f3886b7b3747bcc3af1

SHA512
6dc464eef02b5f8bbcfa71d06597e6479859e9efc8e23e2e7093c152208cd23645346668eb52af4b331012a306d6baab85564fede649533479101739eee9e9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd71ca98c9c3f01d7d9f4fe529f82258

SHA1
3c1dc022a45e91bbc96e158ad4b2c241072f40f1

SHA256
cdc15d14115700fe1f5382b9e9cb092debc9fc2e3014c76fbf48111f520dd962

SHA512
311062a0bda1e5ede2cd039ef204fa35c4a1dc598ad12aeee920e62559a63469bd09add809b9ff6e91016beb3db2ffca343a8a14b64cd1472c25335a6adb3c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
18b4d25396185a35ee9ad1b8698c5f0f

SHA1
f1c4de0ca64a642695c4da661d1c7b3e6541ed6e

SHA256
626d9c0247a76ab58ce30ed0764a3e8542daaca3e0b777c3e685abe73ce4a01e

SHA512
8e2e19cc11ff6f3fd48f38e5d3bc790d9f4869db96438bb5226729376d39bf2e830c4f9b6beae3a2fefd5b1bd4e98f020838689b1711d749c6a63e5ad01a5452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc67a987610b9c780efc2b307ae2f9be

SHA1
84b200912cad23d9b7106d0d3bf7171fea570c92

SHA256
904cd029a7d6ebc4771b277216199653f36047ae36a2589b044901cddcb85d99

SHA512
4a182d0cc56a38b2a09cbbaac68ab24b75e64cc6da50863b6a7a73b35c9251ebcf224d18847b69c28891a54627a93fe855e693a5b64bcb71fd8e99ab26341c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f00e03b7d6977ec6711c010e59bcfec

SHA1
df013b442b8de2a1d7840b3f804fbe9955343713

SHA256
0d24baa8d558c729b203f69367ec1f902081cd7dcb12484fc1e87372056dcc60

SHA512
ea2d990efb3c384fdc6a50319e465e9a2ca29bcbb0ea244e843de5ebee98446abe86af3d117b0130be620ab12e0c3095cc0145dbfe8b2b6151c1f9e5f70bfaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811ce.TMP

Filesize
874B

MD5
aa2dd4fbb25d52464dc75da49947bf19

SHA1
a898bec3d5cdd456216e70a9645ad20be61a78ff

SHA256
a27a90baf210ac3d3a758c0a8db9e17d9a066e92f4898cd84f702264ddb2e307

SHA512
630095920e2baa17edffb052f86dfc13306246fdba5c81f93722c11cb4424bf7bcc02f35b372f14ff5c3135f74401406868740a237f4144815139cb363602ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cd6fa282e8bf1bf12af04daa48b476d8

SHA1
59c572946c2573c50028ce98bc4ad4051d538763

SHA256
e633c6ca8e27b503340a37b858939487295641aeafd9170f6521b0f33d8e7504

SHA512
63622d355122bc8c5f8c21d861ebdfdfd5fb5468cc9ef79e5cb11e3168e3f90fc201eda98e4ab9ff572b1dac79230d3dc368791d75fee055cc8def0427ae4d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
9d6d2f2ab33b3e46ff6bc15ab398057f

SHA1
35219d0c4d5b03e6a3cb6ba8aa30abaf6d08ce61

SHA256
dc1230d11fafdfb87a883e87ae09705144d5d7d04c148b878a5568f4b3fc7340

SHA512
87748c00d328488788af3b2600bec938c6e6578cbe6b652ee99b1a905aacdda5fec4dea85b15bad6e5db0050eaaf5353d8acf7293451c7a01fc43b4c2e5904cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
a5093664e0b99afebd0aa88a39334396

SHA1
68f4c837d8df5fb131f610ad4534ee776ab5b16f

SHA256
79cc5639d2e2418d268f95e398e248b54d6582a9432bd1e25b05b8b33d0e21db

SHA512
28eda390bfd8e6db50a167bd8beb90e457edc8fc9b40b4339f4b1c856f46f03c5c69257c71ae20d63016ee4941ed3e8d7862e74e9bcac8ae25d9f49d2328925f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
6f06821c44313fc4691f9ccd03220159

SHA1
4e2297c0931a9fd4e35a32ae445dcea2bf953ab5

SHA256
408b0a496f12afa9c23b633fec0f40a1cdb45cd6961c7105bbb731b1dc4d41d6

SHA512
c4dc4139a2ba91a0d8bd3cdd37bfdea49b667ca72887b2a924575a298081c3119c1172fe94a322dc317209a88e466893d996e5a00d4daa39bb5a46c3e4efb29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
15615cbbd775878f8da9dedfd1bef6ae

SHA1
bfbfeec0b3c68024f57cc53ff56e1142b5c0ec50

SHA256
02a665a5965a964d5cce1e2cf4fa38bf7b9fb9a689150223f5027236eb6bdb94

SHA512
a036585a792f25a0bbfe08d48a20a308a2923081f1d561e893a9a9f52de4673c996fe731feb3705f2a95fd926588d10a15e269a485f53f8edaaf58d57083a489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b77ec71c14c0075ddba1abb0f067183f

SHA1
289344e88364b158f1db9d6ccfca373667e159cb

SHA256
1d2551fdd90a2011ecf6824c9fe660b792df1a61977c2f1cc4cf3014777faeeb

SHA512
d134c326d12b937189cff76c74fb71163b5d4e25fb7b4890778724846c5283748bcfc97bda8919b5399f35e2c74b1b1f013dbd3919c22a191a82db56b6875ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
aba08d54c200a8aa6968930d58e51393

SHA1
4d19c060ec07c4704b72498ad6609311c7a68432

SHA256
a10668bd1d5ec7fdd374c282336831a6364a90d6691a9106ef80af3b9c3e1faf

SHA512
5581b50ec0543c9f328a9bcac5c64894fe9d81a3575d3b981ed39ce73e13e7344693c07bfc15aabeb2852b3360d8c243a3ffd514d8b77067eda71016039715c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5816abbca18ae5276d8ae07f36f5b522

SHA1
06c8d949eb8d29fade863e8c0076f9c50d8ca54b

SHA256
ebd7a4769d83abda2e7c87239ca0419ae489ed176a20c527c69d1108641fd2e6

SHA512
c2ee49acf909917f7f170aa77b1e31f6056f0b8a66c9491f34d3aca18aae21623ef305a088ffd27017f2de0d01d8b97e84c1ba62a780077c452bd13b18a6831c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
43a2f4faf163cabd4fd7501c89137bfe

SHA1
7646f66b223bd56a216c950921395225b2b1d1f7

SHA256
a93f0e2fe7851d227e57e36bb01d2655651b83e43d922355c427713135910cc3

SHA512
630bd7e66e59491d956ce1cfbeff360d368939cf05b08ccfbf1f9155f95ea1c16275376fbcc680465b2f12fd2293a74359f9093fcff88ccc4656ee87be89379e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ed658fb30ea0343f406067101452185f

SHA1
c66b57c07d2f28d64a6c8bfd0efdbad0b74468cb

SHA256
2cb8a73d9d03e6d3f46b3b1f7b444479df328d20276e06b9d6a9736b127cae9e

SHA512
664fc2d491c35a375ff88dbb322a1cf435bb36ae106659d505b9f1bf17b45e208757e39c6804076abf627bb0a22498f9094842a7ef784c2f0327e5c645d742c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
65c68a46e710501eaed8cc5010a26f2b

SHA1
f4a827f172af91550ac0f774bbff83cee4a5f0ad

SHA256
62a0d611cd5c39302f46aba02074c85bbaa7f5562941ea81b30c106153c5827a

SHA512
448d362fcfd342cd29afcbc65f3cb48cea3e932cc38b8aa7900ef040bcfe87e6b3af2e53720f96b1763337c0df46bb68bfd53deee962a5f6c3e34db80baa7721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
450d5d28312153a6ef30047ed3b9a27d

SHA1
a02af6a43b667598a89cf54c90fc91c00b7daf2e

SHA256
dcde48eccb18449cd65227b8c0466970b34a95ba660a289107e9acb3dfc99360

SHA512
e3d84e02dd0b4857482b4c8686c90117f056fb7f136d0702c145d74b0d4dfebec0ec920e8c4dca4143463898b9f548ae2042dfe4c113bedc79cfb688aab68ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f3ca14c6d33baf885f0b94dd4f412c26

SHA1
b04e522ef1800c0f3348682321b907b50bcc2151

SHA256
3e7a77998ec30846e70d332e52e4de21aedaa7b8fd47a8c6cdc23722b3ab132d

SHA512
df43f9831e0db66c03b775a1b0f8147e3cd7862a3c5a5f55563360c4d69a61b7cdb356e4947ee49e455f4891cad354f47fc8a310bd22cf6a62822fe1827e7ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bf0aeaebd39345869717ad8491238b7d

SHA1
1f028ab876ad0729ab5fc7b17e76fca52b83f936

SHA256
56e7adf5cb1d8681ea7006fc5007b17cb3cc50aa8b0ca967a0dcd1b4a2e62a53

SHA512
9c3ecd6c3f664bdda4e6536f4209cd74fe2c761d9ed8ded8fbd4f0f9bc96cba1722c80a8e120ec29e8f5f49123b1f70c6b458ca3112dd4c1f55a7322f38760f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e4d15e9dff5ec860ca9a1370a59ca368

SHA1
a4060fc17530dc49474bc761953743933b8ce1f6

SHA256
61fdf8de332bf805f2879a37a58fdea356bd07009d980c243fa631f04ee4c200

SHA512
0e39e5bb3a513b17a1ecc14ea7274bad7cdb74b8ba55833925a5776b94b383480c2cdeec39510a4483fd646dacd47fca4e939f8929313af4c459691646c5188e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
279625354479eeffdb61d75e667605e3

SHA1
f4c9be4c47965bb07097abd84c7ac18f426d5d4c

SHA256
e7e65594d95fcd49b8a9ab50a87a24759e50da835a2ea73cde93587d7a16203a

SHA512
7222d55a0b52de567b0540a363cc61ff259ba950f0b0ffd68f9346c578092d0984348319d01655dd71ec0a4f067ec7c9767fdc585324490c435bd21b74226ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
98d97c3540cde97c207b5222e9d081d8

SHA1
763e7e267245d75b5eb144a7558f47f714e11fa7

SHA256
a4a78c1bf5aad01e5ab57f6d689887644ba9b25080927d94d5bc2272c5a4e39e

SHA512
5330ac9c7054a36130b60e2971ab0e237abe96f320133bcc49c725d0e6598d4b60467ae9652bdcf026b3865d91631dc4a46591c17ae5e12b993b2c03babe26a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\02ca4397da55b3175aaa1ad2c99981e792f66151.zip

Filesize
1.4MB

MD5
473eca3ac6347266138667622d78ea18

SHA1
82c5eec858e837d89094ce0025040c9db254fbc1

SHA256
fb6e7c535103161ad907f9ce892ca0f33bd07e4e49c21834c3880212dbd5e053

SHA512
bdc09be57edcca7bf232047af683f14b82da1a1c30f8ff5fdd08102c67cdbb728dd7d006de6c1448fdcdc11d4bb917bb78551d2a913fd012aeed0f389233dddf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 567175.crdownload

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
C:\Users\Admin\Downloads\satan.zip

Filesize
143KB

MD5
d309e1391579364a758c67fafb3b6e8a

SHA1
d36d77044dce9a03766fce192629e6d2bc2e8dd5

SHA256
595e2825095b12ddfba4ee6f98f4f6cb1ff1fbc37a3b3191b2fc203d486ba163

SHA512
b1c5af6894983c58564a2b3b63e36edf0a2e5f6e6ab5268030eaf3027326dc2a9fc31e449a7dd12078a0e878afa753872e309e0e16bb58997e7fd3b8c03aa6cb

Download Submit
memory/1456-1044-0x00000000023E0000-0x0000000002412000-memory.dmp

Filesize
200KB

Download
memory/1620-1188-0x00000000021F0000-0x0000000002222000-memory.dmp

Filesize
200KB

Download
memory/1620-1187-0x0000000002160000-0x0000000002192000-memory.dmp

Filesize
200KB

Download
memory/1696-1782-0x00000000004D0000-0x00000000004DC000-memory.dmp

Filesize
48KB

Download
memory/2108-920-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-894-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-908-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-910-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-912-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-914-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-916-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-904-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-918-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-900-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-922-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-924-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-926-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-928-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-930-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-932-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-935-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-936-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-898-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-906-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-939-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-941-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-892-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-1011-0x0000000005270000-0x000000000527A000-memory.dmp

Filesize
40KB

Download
memory/2108-1009-0x0000000004B50000-0x00000000050F4000-memory.dmp

Filesize
5.6MB

Download
memory/2108-890-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-1010-0x0000000005130000-0x00000000051C2000-memory.dmp

Filesize
584KB

Download
memory/2108-942-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-944-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-948-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-896-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-888-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-885-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-886-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-884-0x0000000004AB0000-0x0000000004AE2000-memory.dmp

Filesize
200KB

Download
memory/2108-883-0x0000000002540000-0x0000000002572000-memory.dmp

Filesize
200KB

Download
memory/2108-946-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download
memory/2108-1772-0x00000000054A0000-0x00000000054AE000-memory.dmp

Filesize
56KB

Download
memory/2108-902-0x0000000004AB0000-0x0000000004ADB000-memory.dmp

Filesize
172KB

Download