fantom | hxxp://url[.]no

Resubmissions

31-01-2025 10:04

250131-l39rdssnbx 3

31-01-2025 09:44

250131-lqsx4sskdy 10

Analysis

max time kernel
119s
max time network
163s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-01-2025 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://url.no

Score

10^/10

fantom defense_evasion discovery ransomware

Malware Config

Extracted

Path

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Ransom Note

Attention ! All your files have been encrypted. Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets. That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us. Getting a decryption of your files is - SIMPLY task. That all what you need: 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] 2. For test, decrypt 2 small files, to be sure that we can decrypt you files. 3. Pay our services. 4. GET software with passwords for decrypt you files. 5. Make measures to prevent this type situations again. IMPORTANT(1) Do not try restore files without our help, this is useless, and can destroy you data permanetly. IMPORTANT(2) We Cant hold you decryption passwords forever. ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. Your ID_KEY: YHlqne7MG83N84nwKAA04sA+iyYNsMjNiZO6cwb/dY+lY3O2U7ZGQmEm2Z9MZqxVQRgNRdsuiL7B7BTZfhsB/Xi4j76QC9VcP8vd/soDZgguEVh2bc8Swf8Ba1OGzWgkLt3MhXXFmqOZFTEQmNDGrypC+RnEjWAiRcX/hDoAT9tyyS99bPGzCb4LF+Y4kRMwX38fBqL+PN7nCTYwwgdJAi3vqAM8I/v+Qv19eDdOkiLxYpMKGh7iWaUe+nBegkARhnwgiQYrCC14tFH3C+f1F84SR6/i9tvvSTyv4AgqU7S3T9fDFDgY8j2Bftq/nLsWH1v+co2Lm1PiQQ+STJGwGQ==ZW4tVVM=

Emails

[email protected]

Extracted

Path

C:\Program Files\Common Files\microsoft shared\ClickToRun\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>Sc91u+dPvJkh+y95a8pmLqCAx6/yN7L7OfZ1UW/JqnUaCHq1CDuMQ09QxUXRanAGL5XkG66v8Fl+EWZy7/csEFomqUu9udyj4+7ankQUwqDjFLjTAn4PN7LQHOg9VtU4/oipX/tn5P/qnTYjFUY9Iz+wz7CGSQv0uq6U51Z6YxGsfbzqATLPzi9Y6nXGM4pAYVrGXzif4Mcdh4B8qJULxL5U6r+3qBIrtseQlM12BzB3pBVqrA15n+esdY6+r0D7MftrI9PSlAGAC/oq/h9UHGMoOkLnsIlAQbyFzmojhLCOqE+kgYfkywn8jVnaV9jBxQUNef/DuYBrwIY4yOndSg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>L8aru2AHY2W5jayzh2PO33tuJLWHlhlBOcVTRP9Nwh0VxIJW/FWpVeeoubVo+qhoL9osdPbyYM15SCj6LEYuO3PNrlr9f0t9FfRqROcUWaYa+Bt5W3EBZxxc3zBh3J34UtLYh/NxTDXR0ULJDS1eHGNi9mjiP5PuLKIJGUXAuP6aI3kvbHOkiFBOS646WI38rxHcQIfBFckso3rv78SvZXUZwavaulgO+gFumXapy2CMMpSFBqlTPkR2YAhbDmYOBk1zDEZFoRRZZ6twQ1SDlBKTGRnuUeLMWc6d1oqQo6HKAmdFAj8PYWc3RoVXgB0Y/FLi8dObbKRUJbXh3TBZmA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>PKL2HY3MrJnUikPm3O8BDpbR/SBXIcV379S5d+bpciIfdg2HaBx9ezdcEgqpPKNtpucxz9LRwt4pSRPmbT2wVdWREEE6Qv9erfqckaG6FdVP5IZirp4uEPUGnJ6eiCZEeGXGUEnWnl1ghyC4bVd88+1zazbX4S2R42yz62vwDzwe2ehoEj+TE6RzdvG22J1+vbBv1E/AyCv0XokfcXjUPjEdCqwnAbjfloF98ZNRF8nMCNkE6SL2xh2+mwHe7wsuYMQWhmD3zLXjGBVgDtUBqg1qU7pX4yxfKOmdsbYr5WiRRaFoprwVg3RRGjpVSGIIVsPU5qie+yBvKne5CSk8yg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>QmHJx1jsHeauuXqkqrxZqofNEAR/9r9bOmeaKw8M80P6SEgYnQyGOwR7lNofeMVTLO2UpdzXuSj9viNFneM1IuLSkIl2B1em+pI5zecyaWXHvDjyj6moIRipOGlM307gUNGnyovkcYiUr/5p6rV6nlxja8BAqhiGYyyi8Ii9bsHwzx5cQe8+5Cn0qPA36jRFxO1Q1rWEh7kwA6utkg7Vm91VLMQqGbUqEVqPWz4gWeNOFJxXBxVCK4lYxeGoH2URZo5mRnnxPAvYUC0tSHexHYn9e7KpzrZbl50Iv42XdezxMG8uivFvp+hgjZu4/yJFKmQqEq7JK1oschpKRs8Y4Q==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>I2dYAkhWbsEmoCNWEV/1gCUEUHdI17kJuN2SqyKgAvln56BGqgENamPlBtCR6YJC676oEjLKS0INMLrx758RKU4wUF7t+Pc+RXRIg+dewJMhIFaEBXz0UhEmU3yI02odrpJbbMXaEniWYvRSLNBsqT5WMIwKf6end9AXEPlcTiEyKHS5xpRDKSQC77vg2JJV2Oq89KBcDBfH8GJLZq6lSMo3+5fVD8FLYBC+eJKsLQT7iD51ow8RlVn6nkCT6ZLFL4DTXtmQBWNuBclDtFVGGktffnJtadZg7y1Jk5q3Pt45Tc8zxIaqVXFb3G1jtPKSATB1IRafUDKK7va1xVDBgg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>pjz4HTkrKnknMtLSxB7f0uFrlKhAwZtdM9QM0TLA0fV6LsMPAjZPkRVfHH4tGv5a4NctGs0U8jbsD1xhdZZnVHej49/VrDQzwxIvcZIRhn6+DqWdI4/qKpT4LuqSdOpvd+t62s2wfLiHFpBi6nt58cG819ev1jtwQgAuZ3ruBM3bE5ZgCsxI9OJaFs9b7gMRVKmPYKVPJgq7Uth0YdyXo6kHX/RMA79iWOkfuPOCVkTQjl7jZyEbmjX56G3tiw0mfBSiBGNQFQlIUEx7M4GRfdFmTiLoHOTUHNa2owfdovdET4GZjomPw+wpjUvK0kfv2QjsR+cXzdsN02mluYKzZg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>NLbpNoUh7GwwSXEh61qN+IdS4aTNK6x99sBLunlKAzXJm3jJYOQ/Z9vqSy/ElFqkTI9HD/btxDeNDwdZWEKBI/m47q05BvKfQPiZ9lr/XJJCJBHp5j94citYWSRbVwD97paK3AS9Ko6/x/xyvmJDHsDr8Rs+wBBO8nALLqqJBV+R3w/qWFPvItvJKyq1wAnSXP1ELIPJmgk7D4p/lDjvpznCuPFXp3geCsIypsc0BFXIAeE4mlZNb74MnyCj2+mpRGTNIk1AuBl2tBRIJTxnzsl1ghN38cLzp0HrwVNjnGhGMQ2sxqGMda2eiR/CVpPTXoUCybUJRE942Fs8eSqNkA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>BiNsr2qnFU3zyqC7hQGT1o3PgTach71i6xlUerdlmwf6mlMI9VNMJdu7mp1f9yj0JiObDXikFnlfhSYM1HXfraMzjzIJvChk9rJDoR7x55fWb9LZCwtbsb+HYmuiMBBQqRKCsC8EKV8uxLjf0dK9HLXuiNVNMjtaJ5USq+Pi4pkl5Vd/wd7XvUDB4omjcwXUTx4QDVAf/m1pLjYEYC2mOk5GGsBLLMEDOYGIQbvFqYbvsJPjvr9xz399plebpODgPgfI4TXaPq8wmqArNZcwy2TcXBHHkFvri3pzaRVD+76cDzmGFAdWcOy5ASUD+RrcrkMyW/sYklUjOaUqdWa88w==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>WbIegEF7gAywXir2wHBhpQWL9KorcJkCES5ePJaLclfXKeVjod1314UXjMzB5D2AqFRJi0ozWCYYRrv3/oxEf6+jd9Ai7nB2qCBHfJpOwtpRJv23ZZCbld6N8/8xxVjwatF+jqqKoxaiPGvVlNUK232JQyS1N+kSCjX8foUQLIwA2QV0sBtDZtC49ZtRJmE83xcNKPvbNANuF+7+vh5gwyTpKd9u2mui5Lq40fMG2HJJCxQpdNJ+zaEpOQLcQScCVEnpmChvkie/+W2VsluLnT5UYfNsjijhmQ48ksaSQBQxxIKOaC/TGssUKHf/jI8tSA93HVTxs/pcTQoW+5DVTg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (143) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 1 IoCs

flow	pid	Process
114	1240	msedge.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2566122449-2538968884-464987429-1000\Control Panel\International\Geo\Nation	Fantom.exe

Executes dropped EXE 19 IoCs

pid	Process
880	Fantom.exe
4744	Fantom.exe
5140	Fantom.exe
5872	Fantom.exe
3160	Fantom.exe
5688	Fantom.exe
5920	Fantom.exe
5460	Fantom.exe
5796	Fantom.exe
4044	Fantom.exe
5316	Fantom.exe
2396	Fantom.exe
5320	Fantom.exe
3348	Fantom.exe
5232	Fantom.exe
3216	Fantom.exe
4788	Fantom.exe
2116	Fantom.exe
1012	WindowsUpdate.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
113	raw.githubusercontent.com
114	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	Fantom.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	Fantom.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\6.0.27\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\RemoveSkip.potm	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	Fantom.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt	Fantom.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	Fantom.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	Fantom.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	Fantom.exe
File created	C:\Program Files\Common Files\System\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	Fantom.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	Fantom.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2566122449-2538968884-464987429-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1240	msedge.exe
1240	msedge.exe
3576	msedge.exe
3576	msedge.exe
2508	identity_helper.exe
2508	identity_helper.exe
3040	msedge.exe
3040	msedge.exe
880	Fantom.exe
880	Fantom.exe
4744	Fantom.exe
4744	Fantom.exe
5140	Fantom.exe
5140	Fantom.exe
5872	Fantom.exe
5872	Fantom.exe
3160	Fantom.exe
3160	Fantom.exe
5688	Fantom.exe
5688	Fantom.exe
5920	Fantom.exe
5920	Fantom.exe
5460	Fantom.exe
5460	Fantom.exe
5796	Fantom.exe
5796	Fantom.exe
4044	Fantom.exe
4044	Fantom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	880	Fantom.exe
Token: SeDebugPrivilege	4744	Fantom.exe
Token: SeDebugPrivilege	5140	Fantom.exe
Token: SeDebugPrivilege	5872	Fantom.exe
Token: SeDebugPrivilege	3160	Fantom.exe
Token: SeDebugPrivilege	5688	Fantom.exe
Token: SeDebugPrivilege	5920	Fantom.exe
Token: SeDebugPrivilege	5460	Fantom.exe
Token: SeDebugPrivilege	5796	Fantom.exe
Token: SeDebugPrivilege	4044	Fantom.exe
Token: SeDebugPrivilege	5316	Fantom.exe
Token: SeDebugPrivilege	2396	Fantom.exe
Token: SeDebugPrivilege	5320	Fantom.exe
Token: SeDebugPrivilege	3348	Fantom.exe
Token: SeDebugPrivilege	5232	Fantom.exe
Token: SeDebugPrivilege	3216	Fantom.exe
Token: SeDebugPrivilege	4788	Fantom.exe
Token: SeDebugPrivilege	2116	Fantom.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 4420	3576	msedge.exe	83
PID 3576 wrote to memory of 4420	3576	msedge.exe	83
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1580	3576	msedge.exe	84
PID 3576 wrote to memory of 1240	3576	msedge.exe	85
PID 3576 wrote to memory of 1240	3576	msedge.exe	85
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86
PID 3576 wrote to memory of 380	3576	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://url.no
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff365d46f8,0x7fff365d4708,0x7fff365d4718
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7108 /prefetch:8
  2⤵
  PID:1716
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
    3⤵
    - Executes dropped EXE
    PID:1012
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4744
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5140
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5872
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3160
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5688
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5920
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5460
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5796
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1720 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:6008
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5316
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2396
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3645238161246982762,7364988837783497433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6956 /prefetch:2
  2⤵
  PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2996

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3348

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5232

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3216

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4788

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
aa66c7653020a8097c54ae0924498ceb

SHA1
eb7a32bf8ad539d9c3750db6680e58e5e49c703a

SHA256
9775eddda78f5e4cd7693a4d7e23d72240279da46b13d573248693f7902fa225

SHA512
af3182746a5f28b503cc038b7a164d1a8e2ccab57a2ba818b294a88a0007d60690f4b6ce7dfd309f274a91803b343e33222a4976c71a81ab929c80efeb0b0ae8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\br.gif

Filesize
128B

MD5
a4b9ddeed56ba146e4b1a63f249b4021

SHA1
c2305875782a0788e7a14bbeb6564e99a11189e5

SHA256
44a50b739a788cb1637deb984552d728e24c793ccfa8d2f149c72ce430120a38

SHA512
81725e6f419744f69d488d821ffdbacf0614851c15781a908eb0351ecc9fb61470481316a8548ae56a85be3c0ea38d686e47674d087fcb41e29e15770bace3c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif

Filesize
592B

MD5
eb8fc6cb29f7d7a0c9cce0413800092d

SHA1
09ca5b656bbe674af95c57f0582a89fad8e4aa9a

SHA256
7215d505a1c7cbf1ac0b3729fd043ed573c2ec3723fc71f77106fbba131e679e

SHA512
75051de0216fc7bb26c548a54e05936706a157b170f3ebadf25dbe53a36ab8093323ee1edfabce4b6ad9630f85c08a5742bc464dcc436105233637eb263d410c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif

Filesize
1KB

MD5
04d5e86ee64e8f0ffca7fecc02929a73

SHA1
e9644ea048b8b621519215ab1bbb509c8375cc62

SHA256
3b82cbfefe821b76852037ad819e11dee9f010f464a8294df02692309f5b19a2

SHA512
450d45dba6010ede3ea291f958a198796b1e687efa596e32d5213f6db93879c2e05bce0b1d8d1084599621a9fe9c821002644e33ce8717d530e54b11555ce63e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif

Filesize
944B

MD5
23871eab23853fe80834c2db68bc7b31

SHA1
732458193bfb5c22cce4529720e8762c13ebb65e

SHA256
6c9649e8161f2e76208a9416f9cc7013658073289047a12f17dc2d19e7a03bcd

SHA512
ec93f2f5928e5ea3940206075c0bde4e441072abf321f5ca38e6ef9bb930715c812311192563e1a8d31821ce72def108f0d0881514645cacaf780eb68ad305fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api

Filesize
4.8MB

MD5
bc519d4c2e4f17014052f601f8cfd0b2

SHA1
ad6cb012c4a6f2e08af2de848ebd03243548e53a

SHA256
bb0bac1f01ed6bbfad402ccc24ad21538ba53ab468d4c7533d10c13d18c1fc02

SHA512
a590c0cf8d7df5f3b8ff36ed920aedae8645982384262a9a6ceeaa3565cb2d5fa5a22cff5a4671ac64ee9642e5e2721ebb55528cf47aa28edb6c47b8f6e5cc57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf

Filesize
106KB

MD5
4afb8374acc028665e1c19d3feb4c44b

SHA1
bfced615715372e86cc4fc3197957aa75d82b187

SHA256
bf4fe11d628fdab706d53ec21b6fa845a5ef182c959726336f816eedde0bc093

SHA512
2f18656969225363393a5d80481e04e1681811c7cf18e065081c26bca900d99382aa5deaa2938f795c953547e181173e7bc0676876aed0442b0d754fd7dd0cab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf

Filesize
109KB

MD5
32ca4430e6370c8d1e06fdfdaeda4853

SHA1
15e03171ccb437e47463a573da6bd0b8ff3845f0

SHA256
0ef255cf501785795bda5c8ba70c137351103130c3346f91ff6437bc4048334b

SHA512
be05604b0d7063dc364d5ba32678720810bf27a575d7aaa1c3e18999a20d497fda26aa1c2cdf6c4b0856251abc76e2a9df4dc645e79be202cee01bad922175f1

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
f86d7886623cd63581bbbc21b9e51bab

SHA1
42c77108aee4a67e70ff4663ba0463e64f4a9562

SHA256
79b5bc3b833a399b7606f0ff4cc5cd10b9037263662d54319b1fb44c63b59b7d

SHA512
2ba86394a47f052150e4392533c3195451a6466b700036270ecaa448d9e24a909051bacdac7c60f3158689ba373cb7ed54a8635217c53a7660937e3365e7757e

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
411c7ed507128cd0cc7e0f11a7aea9ab

SHA1
4b548290e56bb1405f0650cb9d6247a9f2f9f316

SHA256
ddc0e2f5c75a46d61b13e00be83dce1e6591aab647cc076facf1bc10046c6db1

SHA512
783bf1021e1d0f6d5e5c9a4b8337e73e5ca9166d0c556f717f27adfe0be9eec6bf82f1cc2d59190e937fabaf40faf49a95e481f295bad4eb9f6758105a38bbc7

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
f3a48c5e374b76834e295e9b2584c6fe

SHA1
6218823de9657b9662b492abe8b0a39df1c6c1b4

SHA256
653f9e9602aa7342f2f73004a5085af7b0ccdb2ea53bef6d77d1c59e0b2d5940

SHA512
759910cea4ae1d13a59a2939a0b3e36c4525e6288ae229170acefa962e931a29869a50471537f33744d876a07f11777d1b4f23c94633255783a593cb73193374

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
ae33f67a4a583667ac3cf7467257982b

SHA1
95e7bb1ecb24f5d84126825f38360a258ba348d4

SHA256
25fcf4950d8986c26b8b0ec29950c746910bad6b854c99c8f7061b242cc5b436

SHA512
f4c1d6601f35e00e2cd24d7db29f7c2e5b09c7503b416b422e841b267f02dbab86821368857647d75cda34462d907a1fdca08fb55e44d7479375a8700ad2ccfe

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
8b6e984ff691538c368ed2ca3a8818f7

SHA1
c5cc133b20787310a992b5a790edb1ef48d61ac8

SHA256
ca8e1a9b37bb29e8380fc27ca61bcd3dd2c4d1fec13ddd4153559b4f3ac7ebfd

SHA512
94ff6146c3107f8a4d7ffc2efabcbc1b89905222894140867fee471fd57023d2e51a952947c36b4b280ab94ca355712c33f5cd09ce55e2c34a5ccb9ca948036a

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
e81d37ef8ed46abc7a1eab8872cb85de

SHA1
94208f4392677f56393a7233467fd36e8e081c92

SHA256
91cb76b0b426d65bf803e08de22f119cfaaeec6d5b74bfae98b1a3fc791ce6cf

SHA512
5798e19773dd92d208b6dfc87a7e2afd36e38578fac6a29044d4f938cae5983198061419d6917ee14e018e04d0913973bd369b665e5b097608ab5fdf0854938e

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
d958ca57e74aa1ee2639385686fc8de8

SHA1
626e99d9fe2efea974a7fb239223cc87008782d9

SHA256
552e753bcd7e2f9e45a8fc71b6057f1447a0e4d2733e725d744dea4a1700c0b6

SHA512
cd28bb1933c7300c6cba7c604c3eb2c3a18fd12bab4e4d363278ce58d46b5a84c033dffb3cdf8375ccd62bc02690da871e340d81c22351ab85719c5b310fdcc7

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
c39847b6cf5309762d292ca4f1dc93aa

SHA1
1558e1ec8cbac8a01288bf89e94f7c85ad29749e

SHA256
1ee59873a3961f2938fbf2b21742c39ac7f959de5af5062a6e8f2dc4ab78d3b6

SHA512
9b05489026fba80effc6dcbab9a056d86d918c0a4c234e8c6a6f04a5eb85ca3ff8bbaa84fddfeca5249145f6d9c61a5358be7a2acac0f11300e253342151e3f6

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
4afccd0f4893839b4f5898397f3a8185

SHA1
26cb5fe7add73fde353a8d7867ae468bc38337df

SHA256
a932605af6f014ff7e6d862b81ccb11ffc7570a17bbafe2c32979d06ec291fcb

SHA512
e92de8bd95026d495520d4b7d148e62a67c8b26598f3b7a4124dc630f2b02217392364ca9736c5481a212604d866d3eabbacddc3acdf59d14455cc0cf27be597

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
aa305231fcc22221b889c2b9daad3a7b

SHA1
a7c2f93744dd009cdb2ebbaea67b7584bdf64031

SHA256
2d0c7c85269376763ca1d53c8957526f56d43ffeaa0fd2fbb668b298a663c9c5

SHA512
de783bccb5614c08bed7e714217f1e35d8e60a4e0b68f1d572bf2af5fbf5d1efa71834a5c0bf11dfdf043ac71a7b4b69c8c461615b9a13c1b9eab1900ed221e1

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
e553039294c4388844ae0157c7f162c9

SHA1
15d0ec44024f67c68d5afeb5cd35bfd04f02923a

SHA256
fe6954325587f8446ab5e6ff44b428e634f303d694bb4c9d87b0252a7dc016f7

SHA512
1bec3d3440bc24ed16745b7f3f7d7763a3f85c6fc3b0bcfd96ec13fbadec053dd4bf8bf83590856552116b30dab763a6620af982689015b6262f3d533026fb6a

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
66aef86a49a97b36e51a71e05b13825b

SHA1
4b91adef3c4d1b124267b5e9e1a91814a0eb4817

SHA256
3128016b4f7747370f8dc97ad43bfd797192463f2cc0c079ff1644088a852e9f

SHA512
1fc24bf8a51e423788827be85b314898b8ccb6066f25356260efb2b7f7175cb9a27a950694c1fe119a031a2dfdfd1b1d42e5bcdd6cc4956679d2fdd95ae0c7b0

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
41d375b43174cc7f16b97f73a39bcd44

SHA1
9aee0e0e0a4f389cda8e8f84993505b2f4bdcb69

SHA256
f447d707123ef345319fae2c797a5e2a4ccd5f8f1c542daccc84c2da15f279bc

SHA512
6d5b964da7ab1cb4bb4c883f78af3108717a63448dddaf60c49d514e27439dda45a95b989c2cb703b0a7190442ec2150e5974d3b5aab7565ec433f893d5f7fac

Download Submit
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
25e776cc7fc6a6670df9d8ab53bb7f94

SHA1
690ca89205068be7a82321e7a6a5adc9feda444a

SHA256
ba1ec6568f3c66738ce03cea97f66672812c032b087e7065dda31517f1c92477

SHA512
ebffab858e1b84bf3746e87b0359f38ee2673d1e80454fd2f424f99f28ea55253e419e99eb1c5fd045876c1076803f3b0ab0f1576ba3a02ad432c55aaf764057

Download Submit
C:\Program Files\Common Files\DESIGNER\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
4d7190bab20872c924959edcae9288f4

SHA1
390fb55e20461a2f245f7a0bb2d4ecbae089d78a

SHA256
b01185210781c739ef3d1611ef88ab5483b1121ce42580f6dc1612d3681136f7

SHA512
48d868bfe4e6e8a7b681baa9f28a02b8a645f31dbb6b2a30330256da9a8bbe8fcd82e68886a5a6e22462f6f14b2519ac9ef7ffde891a687aa942cb2e8b9f731e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
bfe5da470e7b1947a0dbf309c0364dcf

SHA1
839312498b09ccc52b2a992d2100f54f06d90be5

SHA256
7559b27f3d9b640dfad86f9b2b0b0536deec24a7c7d2bef5bd29253df06c7dcc

SHA512
3c54d27ee7007b77e743b6c917d22db29e4b425259029ee82521aef761f6e8d7d4904c2485d56cd9b6ddde0aa0437f3a84c8b24197b14bb56cf301b4f4a1e678

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
160B

MD5
f36d1fed6de737ce04567d5c1ff7f1c7

SHA1
1dfbd8e5b6fc1000090cb0f31b332eae012453da

SHA256
7c62104a9ea120ac2417868eddd9dc54225dfdde5553ffd9f07160f1f9650258

SHA512
9409fe151a32fba84cc3f067cf5bdcfdc1aced5d205bbd51ad65bf5c182d3d837f861e3daa0a81323ee9149c6eb40f1dc923a61ac5eabee19561985c7846316d

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
160B

MD5
46a744b1c7ca1d9ae5b55c1c577afccd

SHA1
a07e64695db2775f3b4eb309a35b0425101cdfd6

SHA256
7cc106e8811781ca849e4ff75ba904c610675156b87523e771a8570cf6958c48

SHA512
c2aa702e0635830f534f080d16de5a424da7bac65db3f378a86798413584cac89ca76cf25b3cd59cb61b407e87d4300833c253868ac0308e8010bf8d5b7983f3

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
22d6832df388729954bf59e066e71108

SHA1
aa601dffe674e70d5de92387c9c77bf146090f5f

SHA256
7e5d4324622151d67480bff068235d620d35a1255a339c154e3e67e2a5a02177

SHA512
e5978040e0b4cbb3b8dca2dd235875c9659070662d19cd70dcff15d4d835300e26dbb55602579ccdadcfa98308476eabb0e6c567402b6aa2b82cf9ce8e168e21

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.fantom

Filesize
1KB

MD5
abb96015af207b67b9418e5825f2ae8c

SHA1
d9228ed2061529bd49efa6a08e74adff994c42dc

SHA256
0a3313913d45799595163a08232103374c0eaefb563c451e8985e239354bcdb7

SHA512
788f5bfc758828c87932151c23b8331897229962b0bad09f2902eb143f0fb035b07acf43581dec4190ab64c8f281e30a94264f6c6abf03fc4d0fded645278d20

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
ebab6aa626a52817e4c2a8c782c36f3a

SHA1
f01ce7f4fd965f5d001e80e4a9a77dcdbe863586

SHA256
c24dbaff945a9d1af438aea1dadb762c5f7bbfac664efb88b415a05194558d7f

SHA512
8f97e0f4368f4e0160e4a071070105d95d36fb7021f330e3962c8ec34330b4df39654df1b8a87d35873a25587e42e6abe299e94714076faaa30e8e4152f412d6

Download Submit
C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar

Filesize
1.5MB

MD5
b856ef8f4165d311f932e262b055ea8d

SHA1
ee20da6907ac6dad984cda6f59b785ef3f4cc148

SHA256
205316b08706c80a74d8b2e557f55ac35054d6085bfde797e9869aada759f024

SHA512
383f4804d5bdff9ba82272f7203f5ac73dd462770f15f08325ff7215a77116fb8f6380a73ad4ef5ce6ba434f24a7cf0b53d87378a29de9489b37f968e6ba66b3

Download Submit
C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar

Filesize
35KB

MD5
319c15d6dc39e10350806a6cf4886e17

SHA1
7c02f5b0e0a565cae6b727f8018f4f54f80f7a7b

SHA256
0d8a64c5d4ed5ffa8635a33f3133a5a0e1e1f0ba67469c8e8ac658c51cf46042

SHA512
fc37f9e96a0cf0b9958c92041ae67839d8554a6f839f6fc019f99fadf11385898470f9d0bde96e6e26ef83bfeaf77aa63f5a07c7bf46d88684cb24b617733d3b

Download Submit
C:\Program Files\Java\jre-1.8\Welcome.html

Filesize
1008B

MD5
d65b06fd6e3cf9ef5facf2d590c25297

SHA1
9bc9167620ff31c95c13ea0d715a2805bca67464

SHA256
3075c5c461cb05d79a75293315f8083022dd9f1f810bc8bea35d5e83c823e482

SHA512
3dbfd0fdd2a7343452ed62946e470504bb213385f4499125a79cf157861c4cd9b18d1b32fb7a994e8acd0b8f09502ea34db348c4dce735661e357bade6ac2388

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
1a376fae7f9ab37b5d0276e827bf81f3

SHA1
7c9142590f5064b3d52e266c9be67e1a57bf1797

SHA256
3b357acb3a990d38e4f5eca131e5f5f35bfef7de1bdd70ddf90f847e71df02c1

SHA512
a536fdc19c24ec496a52d195dd8e44dc4e9a34105ae033468380006e6e888e1aa30aff81620a31e448327fd63599d14cf062828e30da56a268079d34b06d17bf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
03e8cc152d7912109be832ba663a10c1

SHA1
c149dfb4674bffd917e8cda91ae7a18819df75e8

SHA256
abc8eb44dc7ba6594ed96779b1bd03e8143e7b2dfd7436a9d10c7f25f6655882

SHA512
0d74782e5815232c3acf4b63e20ffdc828d4d981128c975dc5c02950ef28e9858dfe2162d8258567a2569bca05791172dd664a700d03dac6ed46f3f788a3357e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
06a3972204fb077accfc2e1955bbefb3

SHA1
f3ca9bded108271057282b44d929d274e9bb09c5

SHA256
6f491eb333283ca10d2a1d4a312826ce4d80e7cbc53733be959dd06588203987

SHA512
187f75970c139fe0ce060b083f6faac691d8450fe3409eeac3d933a8e7fa1df2005a6839584971906f5bb235f46570c0238333a76821072a77b7768a510cc5af

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
b42360988cb57d415099b3b72e967a7e

SHA1
79c025bcf2fe045cbe3e970965bb00f8151bcf85

SHA256
65118e2595e43121ea25343045b31065ad0d4ffc2ab74f72247b2af64487d454

SHA512
c18cc88acc491d8c0eb67608ea532749d0e569b9e232eced8f08886538272ff71adae15b4f53a32a2b6cee2f9fa88ea76e2c4555d1410c010986e4d5584d0ff0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
14d1ec2eee4a62f2d9c774cd3c82d2ab

SHA1
5dc366ed699a9d0d007b15baa846dd47f96aaf02

SHA256
2a9df626a431b3263c695dc957fc40635a05eb54a13616d157ee3ef5efc85959

SHA512
1219f8ffcac592b5a22d67792b407f57af223b881bde6e33bc364dfb01538441b4f5c0f28776b7538a4d21cd7750700332d460dbb1cc07e71f2828ac5dc12f6d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e9fa6d3acf5f7e99e3a2b544acd97438

SHA1
551819d6b0e3d6c5527df98eab2bbadd1e7de0cb

SHA256
314e586f6aeab744cc837a35b9b62606de331f20901a007d38964598c6ccecf1

SHA512
198d8b2ea5b7e4a19b47c5e6cf372be81d0d89dc14e982e24303ada89e9492af4704da387e603dce8106852b75f5dd7783f2ad9e88e2874499b066a73ce2a860

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
224B

MD5
fb6729edc33a6fa1fc30c98ff1cb7681

SHA1
3967e7f62b90a90ac7d2007ab7180ff0cc9b4d99

SHA256
f7e00e7564659d1fbea712994333c152b788bdf29b632a5e2d0459e720cd1f1e

SHA512
fd3c4ba8b64566e31f6d5874b6e0daa19eb6c045119b4857a595d98e92a98b6f5b652ab657fa55a02d6942bbd8d9217dd25374f05e04be16e3c931313af5ee49

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
dd7591c3fb6c923575a1359a728a35c6

SHA1
dd0b141ee9c19cbe7326dc3fa02a75939ab07dfc

SHA256
c9aee54a667997702afb5830e954c679b0ecb203c6738ac834103c9c2fd78cfd

SHA512
47b0da79a8d9908f659e77d4719d66f76718249be97734cf3b547a4e1bd906ad7a7d5d5ff1b3727b5791746c7899333a135842fef9e446698113a5284881ef26

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
ea4bcc28d6c0d03b51e8eb7f8efa6b77

SHA1
19a3500aa9799be2808483d597e799bedf115646

SHA256
2c42925e7533726a8169c41c62c486d9ce09c15860e630e9ee93b4bc5154af07

SHA512
58fdcb860b6bf4604bb14853fb224639fcb5b2114d8ec458fe793e535845e5c66d05c31f8f39db3c1408cb17817471c1030e91199f20fc869c53a4786aaa5981

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
3117f2b034ff684eb68af7034841c7d6

SHA1
6255a7187597ef13fa371e05d649b56c746a7198

SHA256
c80404fd3c70bb499385c39eac6cc4e398b07976221b5b0d0a275ba3ace3e2b8

SHA512
f3baa7018ac973677007418ac70a47804a09554356271e7ef5b5ed662577d27c9c2320570840b7f38715c317419fc4990b8ff2fb152da7b03d170840ade5c9ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
43cf949300605e78cf8ab2373f2bee5f

SHA1
ffae3e5e35ca922d7a0bcc543187b09c4c5e3fa1

SHA256
8dca9608f90a1e818e69a031e4afc10047e51001861a455477dd37a4f12331ab

SHA512
b94ddbda2143ba56433280d7ffa013fe84fa59a081931a06312167346bc9bb0e4fa9e1c37e12e741f06facf91bda7e27b30d15b0c6769428be74d68279237835

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
65f48288ab2d7ee2dc2085c730680b11

SHA1
f29e7c2163bd7cbd3bfe592cb83c6f2d57eec3c9

SHA256
7f48383ff97eed06e8cc0769a6844ad59231dc9c7f88c5dd24940c1e86b576d3

SHA512
959a846e13d3a30080895d9307869fdbe3b39340d15095eb27abc7c5ef0928ba83aef51275d4d268a6d963526cb815954edd002e206f96a8c257b9c8fdd61358

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
0659b99f227776e343444bf5478f549d

SHA1
a100f4cbd32383e183b1eb785605f3c111c08dae

SHA256
d89da49f58f33232161387f53c009e7f8ab677c7f80517d10a5b2cca34a8f7ea

SHA512
17c9cf40673e3147340bb1300aac66a03fa7d598c84ac0fd5499623e4b68b3d350ee647e098725bc1d24ad90f918bad487bbb35eb06ea05ec052985a4ba80b0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
71bdb7a7ff270242c2fa31fd8af690b2

SHA1
744bea367ad5528f6bf7135d6964059f4916baab

SHA256
b4a92be40a722b56ba2a6dd842d12a8a2b5df3dfdff7f55da36f78143d9f7196

SHA512
18be38eca07607b8efb4a07660067020dcf44a0a620d50b264ec4e82c8fee6f8a7983b0b7fe4e43ba551638ad5858a09d51870f7693be2bcb1840709bb00a6a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
8542de748f758480f107ed1ebd240743

SHA1
11d4ee51d34151ceba4f780319519844a75a9d42

SHA256
1cc632a1f647decae592220e053cb27476605e3c98382e9af533d60c421486ac

SHA512
bf2aea1c1612590a7166a1d8c127da9236ce83d7956f55a2c79424b3b35c8e34711fb9d6cddbacc42c6b57ee6de9895fb968ae1dd7718972fb4900aeb2b3984c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
8cd151dbe43b762e14d3126c2b991bcd

SHA1
ee4c0ff110c15acd677a081e8f098f2c153791d0

SHA256
6ce623756a5e965fcb94eef19d7d95a725416782bbb2f057f3e549e338a03d1f

SHA512
edc16946d4847f288ed77ddbafab664bbf59a783272d1c4fd9cbeca955f650171a5b5cf519c0dc8b5cb74675a669854a6059a9ac85051748880b2592a21b4386

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
974027392c382fba3931297938de5364

SHA1
7448de9b3375f2938782a3db11ba8a1fe712f011

SHA256
f7ea0205ce5112b19d9ab7b57d0f9a6ce0fd64b4610cfc2e09ab92b94a93fef5

SHA512
3e53f935194a78660bdb533dfdab5565d4845a74cf0be0749259072643abf2323cec568f5a9a733fd3ca6f6927998cceddfa7c1144c5464a425854591bb2a8fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
c7b4663704103bef544efde88648eea3

SHA1
74a5487b2c2aefe7b72650f0f1b4f9ea893ccefd

SHA256
d7c345d80d07f355ce70407893ad7cd51a6b2d62d03ef5acfab5aede045780ab

SHA512
fade9767eee366ab3a8b8b99e2f74f812f4f13464992ffe97a6c2423b977f161be7654ed078e3acf998b4a40b1300d7ce3246dca2db01c25e1d7db940cb7fa0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.fantom

Filesize
5KB

MD5
eafacb40a5ec597f98f25ac2675e45c3

SHA1
c2917e17faff47145f1da37722eacacad0e1f122

SHA256
5c607f893df9fd806abb5b4d9a5d6af51074e27a33dfb51ca55dad8a9b115656

SHA512
eae9101d08e9cf94112f67f3b37da3104eb66e7bdeca0f86e2ed570916f03e2717e3dc7c2fcefb08c355a6791007e8447e4bbfa907f3c98b4cf982528579af2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
a96fec24eac81833e6e556976f400f45

SHA1
7d9222b820d721d0cade151554770337138d4496

SHA256
4a92ac40dda94ac03ea979161e22c008ef9d6b15e1aa506517c5cabbf56c8ad8

SHA512
aafdbab98a8a489c7200b41e254f1d737be62fc267b3929b484b1a055e9891272ff789fa7663546a9c06f056d993ae97c0c066645adcdfdfcb7fb4deb42dd67a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
cfec76f228d07a25b0ae90a7eeade0e5

SHA1
b4f3f4df381d5c04d07976513b598ed9ef85bd2f

SHA256
e76a4f0dd2d2a5f54cbbb517eeca379ad31a6430b182ea34d4517f8ec069d05d

SHA512
23847ac72dfb88efb51191d1ad9f5f14ca052de1920336b46cfe10fb08c69c84102c93e61dc80b1c400487855a73157cd89b78416710276e58263a2628d0a81a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
46c6893ca5732da008a8d20d9ae22e56

SHA1
22a6c65a6ce6544fd11776d91f46746fafab0c35

SHA256
b4342f16d8df71c49d0e481f5cb09d0f743d0692be959831334f94bf320d11b7

SHA512
525b429193a9f77a66060f8e3a2d294b9ff9eb217687a71d5f814aff70a4b70b391a84d7422b353747a702deed78d39bde00dfab03bf42f32c9ee7f94148820d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
12KB

MD5
de3efe15feb0460d2e38d0a554e0db8b

SHA1
f1b87ca809440453308c9c55152b347d3d81ec59

SHA256
691ba401533e8f965aa923da732e4c34721bf521e7278ce82e23a885e5b5c046

SHA512
644e09ab51f73554bb8d0ab3cd71cd4b9d0ee85a54cac1ab2420e6a74be6a488b54876fbcbade9af9269985f30ad1c9f6172e2246e798789040a7de54e30d967

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
b36310c1ce081ac5e17770e546a97a08

SHA1
ceae6b0bc8343edec166841862e3f7a5cb72705c

SHA256
65bccdc60d7976ceef33ccae464379bced5b2ccfb42d834f67a95b24868bfaf6

SHA512
1509f3139627997f52f8a2c2ac039427b242053d25b47b60e2a57795eefc5bfec75d8a41f8d7558e1cbc56c43d918f74c666e38b5887f6ad124491e250fdbc19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
141a50a94cc7a3dddde709b4a02b2032

SHA1
cbdfcde4209091b305236690ca4dc1f6422dc5c0

SHA256
98954cf977ef99c98d9c8583a18062c32e493bfa2f4fdf969f49922c84ee6e13

SHA512
3f9cf591009557b172417f204e5fe317ebea727ded366e6e10ae4c0ff920ec9b9200b979b7e4c64abfcc63683ed164a76264109ff98a1e913c3c7c50fa08cb7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
e851af5cf7661d5e52e73d8cb3e0ae68

SHA1
91025750324bc069a9f9d0c0aafc21e8a9347d38

SHA256
8cb760c0142bdde7ca81b3cc4d9d43f7a88788293fced12471e68dcb8d1dd4b3

SHA512
a423707e6c7887102a4b2edcc6ee7b0a833e7d7cfd02007596b9ef5e05b993e52b990c4099aed3d361588094db2748ac10ba48f623c8601e7e84595d5030a7c5

Download Submit
C:\Program Files\Java\jre-1.8\lib\deploy.jar

Filesize
4.8MB

MD5
bb56a50d0ebd64a6e5166ffe1c35ba55

SHA1
b5e64b797412304a1c98493e4b4dac40cd5969e2

SHA256
6ace1b5a2313e91fa6e4fc75879f413ed99bd2111c70a3c1f7c7f09225b80a28

SHA512
a925a5e945c285e19bf8a18ba067cd1834c8a6fda507343c58a719d3a25de9259efdf134a0ea292f9f4056af6d796899774c238a0f1a332f48bc2f1dbe30ed50

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
20615351b8727fc1ddecce4ab6924f81

SHA1
85e134f3839f96ee75643e66938cb7916966174d

SHA256
712d4cc92a07c9b9fd80f6053e093463391ced9632be9a3040bd4dadbf8c5b6b

SHA512
a7053e92135f100575d8ce7f975807eaa186d3690dc6a5269ee923e945eadec2f15f739ec5e65f88223e6421fccdde83ce237bd8a883d132324306aec8ca95a1

Download Submit
C:\Program Files\Java\jre-1.8\lib\resources.jar

Filesize
3.4MB

MD5
b39919da62fae8ac09e7fb6276e81b2d

SHA1
2746335e247e39c0727e38f7b46d3c255a7ed347

SHA256
f010493f30f76d15c0c2c82dd0a19e2824f7d84c3c22bdecd42e5f9273b46bba

SHA512
1d91109b919658e39d2d3cd18594e5e1e8162f8711fc132ce64f95132c54557aae78c2fce3686b826fc2bb5e8de9664dd806798fc6ab764842fc4b2f34f69ccc

Download Submit
C:\Program Files\Microsoft Office\FileSystemMetadata.xml

Filesize
320B

MD5
df65c278620410ea8c1359340f41e281

SHA1
b2c707077f75ace1b61f3cc583236630d5ba0ae5

SHA256
18e4715e4e3dedda089613e71436def1fa9563cbcebfa782f57ad482db52d092

SHA512
d863e09fc8f683462892683c6fe2a9ebeaede25db35be7832086da119ce003dfa9a66dc236e76ef005075a9f8f85650a9a229baa10339537f6361a0dca16a029

Download Submit
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml

Filesize
514KB

MD5
642f597970dde16fabcfd5fcc7756742

SHA1
681aa856206c0afc0e1263031ed68f42540dc61b

SHA256
49b25b4e069ae4b4b892892f924e9eb231f2e848b1eeb45c8cd9cf84be76fb0e

SHA512
cb63521ad331478d5f4f787a4a0b0c185f80b0f5a72e0d33bef4dbc9297b26527618c140d29b3f331b92cb4af8e1b53206b754841ef4f968fb307107797d6a69

Download Submit
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml

Filesize
1KB

MD5
9b0cab96a0b491db7473fba31da731a9

SHA1
77bdfa00f7a2e07aa8fc85fe6882e327e5533585

SHA256
3c4fbf6f542689fd80a5ef7da047771bf1df939a1f1dd46621f56964cef74b13

SHA512
3cc1b46c5796efcda5a7187e2f5427d0bd189e518a05582ccd090d13f7e9accaa24c2b0ef0b9a2bda7d40737a5204af14fcd7b3e73b52bf6bd376ade9149ee99

Download Submit
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml

Filesize
1KB

MD5
76e517d02d806394b6b572b56ab259cb

SHA1
a46f0d453153bfcd9fd34664f21c18bd4e02ed13

SHA256
42510aaeb74ac33054da5486dafccbf94f05048823b39cfa71fa9b89313cf6f4

SHA512
ba7898c8f04efe022ef764f7f9adda73cfca7c9722ef9ee3e39c8a96d86138461fd11304e7ba42ba0e3ea1ac3b2ec8e687a73ce36114c5baad043a1c41d1d8ee

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx

Filesize
721KB

MD5
5eb7d0988230acdf17a2169943bc78d0

SHA1
4bc692edd4f5860f38b88878ac16264157ce2274

SHA256
4cdb9b29ed3f6fefefafaf199e8e2f6040f40d99b0e30303cfa6e2dc62862613

SHA512
44ce38f6f0f408abae4d2c42384d0739c4a6c21bcfb34439f9e1e19627531c55803594210d7cfbd524cf67205700f254ac2fec3cdb481d4873a9352a65eaf224

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx

Filesize
3.3MB

MD5
4e8c654a845fbe5d355f509c3dd7e376

SHA1
a65a0330d2dde041d3301ff1d8350ebf5a3b1d2f

SHA256
53d5c1164f73bb739cd3c77981ffc8e9674f2a6e33063755d36aed416b854268

SHA512
c8154d2e3c63622d1cf6d608395f328a0d5341c0def4ba32ce693e9bf533b45e71c2f34e50acc16e5883cb136a20b12670ddcd84711e920bc2864428dcc19bd6

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx

Filesize
1.8MB

MD5
c6ce8c338bedc93f631c5af50be95d87

SHA1
33d6d7ea01ab53d3b709fd170d480f6eaecda818

SHA256
5dc3eac9825657c35272949261203d8d952668e03a7f8a631be07b4e1044fac6

SHA512
5db5b05ff052d8bf69898f3486108ea4757d7f50e2b4401ced44180f94379bb127a08f644794b09ee415f559988317f7bf1076ecfaa0c475f7c1d5f4acbbc39a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt

Filesize
41KB

MD5
4fd7a53f5e0a574523d0422023e3234b

SHA1
8a483c4fed556b1f84db8c75b4b2d46af50eff9a

SHA256
d5963dbd0adc6cbe3c2b05b12593566b7d979577af491b9af3985ef28a3129ab

SHA512
9c5acb95c92ec1517b73010b15f9b2a176ed7a2d9d8efa185f5a14c5c17c92282a31d48b46ecc8bc5a864123bc54310b65e44690bd54a3bf27422ba87774e035

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc

Filesize
208B

MD5
378e3318c28b1b80602916c924f19b2e

SHA1
9f4ae848b3b033d31b919a144033fa00084a5c58

SHA256
ea29151a7c9d6920183c2991ff9ea98ae08fe0886b0dc2236dacb5e93a02740a

SHA512
a6239a527225586816453570a73e3ba4328c200139909a4b235753e2dc3b594fdf70440d2d4fd800643baef1dda5d2133c356a974b391b158d4b0b21b6ad2194

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt

Filesize
430KB

MD5
3027c71b0bf6b39e6b7189766e7a78b9

SHA1
12223672ec269ed93fc5c92382de9b251c306a40

SHA256
113107586ed51a1392674b8ad6bedc5ba52e5cc1bc7e1590d0347ee0b8a069fe

SHA512
8190e57fe707abdff0d10aa9332fa29cbe1b8b322b4f73cc90eca2883567b6978c907b4eb7a7420eba9c2ca388913ff72d8b28f102e39505599bcc71cccbd505

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx

Filesize
11KB

MD5
83a73f00099feb0a06c6a5f6ca59b93c

SHA1
280a2c0f0583bc8d8eb00b46861fc106023f5ec1

SHA256
07940cbd629b84ad6e832ae1c2473e67d81cc7615fd5541b506632710588e02c

SHA512
32879f3ca6af21c385c29c220c04d3170b2c3338fa5ba6f96e26efafca39a0ab2fc15b3393514cf8f565f94644061f1b83ecff3967848ce04e2b8fe311725369

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx

Filesize
12KB

MD5
4bcc87fd5ed5124d5ad96d1bc5fbc9db

SHA1
fab1fb38452a8fc87847462d00b36f21bb1cdbf1

SHA256
66b1d2adbca69c35f76934af9321d8a2135105c24c773caaac49651bf139504f

SHA512
908639fb9b044cf26c19ffd41d30c94bdac00734bdc9c74bd8db3a0a8fa9d1017232075095cced967281d2616ef700ae8d013ddeac311a05f8de043709c8722a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx

Filesize
11KB

MD5
0a026f5611bbc0ffac76aaa1f5d02d36

SHA1
41ed99e04c5c1a3e6555f62efb5a5cbb4add1550

SHA256
67f00d5cea70b22169bb41aa96f80576930b0591b0689daaab20586ebe1b4015

SHA512
8ff03de18147b6cb95230a745b1a127b92f68eb593bc29af8b7936deb53f917a41828fbfac8b4eee865928be97663e79c4f9d0513bb14e33086291e377620a0b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt

Filesize
459KB

MD5
0535ba336336e33a194bf4560b1d9a28

SHA1
a07700e79e163ff20b699d1cddfedda7bd5e5739

SHA256
fff5974cd5918a2bd53b0c7496853dc98562cb29bb0ec0d723c41fdb91c59b65

SHA512
cfe3ea14b0ef18962199c013edc360712924f2bc0b6963e56cd0f129a01152a3f2436a42aa70bf2a8828590b2795f3d0296b4f4693d75a7d5c4039e1e82f02be

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png

Filesize
1KB

MD5
d68d4594a697fffcd914d57d198cad93

SHA1
5e18603d18c871502ea66fe3db9ca5957ce4d3b3

SHA256
9854d7ad7c83576231fd778b590b10c2b23d1b4861aa8336924d50629f08c278

SHA512
9bf5b36672804c3a6a9e1fdebaa0fa86bea583ef01b45c42087fae41745bb4fb8ed6db7e84a16b56c958dac45d3bae0e601447c87c49006f5dde2796b340627f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png

Filesize
784B

MD5
bc564783d2e0acfb403421cf8554954d

SHA1
6d97c2b0eeb8156328abab48c153f225b45d677f

SHA256
b28908a59b990ebbb03532f3a21b00400aec40f67f8d9d86ef932715725c6ebc

SHA512
af7cd1d1ae78024a7b141f3c31102a0aa398df35729dab78bb0284df4acce179e1b719ca7e46edebc09329235b7c619aced3bbcb55b5c9a3ff12100ee378f6a0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png

Filesize
928B

MD5
ab3b89169e75d6a732a68f07e794aab3

SHA1
f3e8282af04417d5f9dff0a7bccc7f09358ce67d

SHA256
ef31cd48248b908ccf32f3ed28f0af7918da1e3d101165505661f0625e72f04b

SHA512
b80e3a7e7c91c58b490588d59f0d2073952e63eebca2a3cb615d006501264c7028602c3461900312bce11a0a0c1ca28a1568a925b6b0ca8434a0d6ded16ab6f1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png

Filesize
480B

MD5
de19d3abb264b2ef07da840ce4ae8158

SHA1
2fe81747307896ebf30e6d1809c05c698a18ada9

SHA256
bcbb0e613b000f55ced94b61d5f9f6123e706f83797160538b435b4cc5a5cb96

SHA512
0fe6158021de3100952af324398b8b15ac4083799d3e1056c71446106775c3e26720d703c5edadf6f899323836339c4ec319a11445b548d4c8f648ddbdc5b830

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png

Filesize
512B

MD5
8caed1794f08fd736f5a8bc6284e51eb

SHA1
b4d2cbcd89e5224ab3f11240e526aaa0adfd73c2

SHA256
fa59fcf05d9342e00298cf6bc8039e95f6e5f69de6d94ff435867e12b529b6d2

SHA512
113e375ce03c9db68eea6bc67ed989ded12e2676eef8e0db9790a7b5a90284f2d2584ffbb09278ce341fc7aae50c6c9e97d73067e91e6ebbd8a56fd65688a371

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png

Filesize
624B

MD5
edd74e3583e10e8090528ccb8c0f56cd

SHA1
604e646dd80114f97a46a713b609e7e885103e79

SHA256
fc3166527bc1e4a7951d20fc86e67cc40cc6a703a0727abb87607e3e05189a2e

SHA512
c2fe6d5b8160ea9026adce9ead6ddec87bc015c5314786f43d7e95e0c7e57745c76d669c7f843993d2b6b47739af67dbc443ff19e90a789d9f55e99ad5cc79ee

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png

Filesize
288B

MD5
1912058649e8d174337f5c680c983eac

SHA1
655d50c2887648081e5967b87eaec052f0a9e297

SHA256
3111e0f74585396cee22c911021be3d111ffc29c99b14b4b1404004cb2578fd5

SHA512
9f6296fb91926aa074804f570bb8707ba1a9df7b97cda8a970ba9b619874ad20f5bcf73782c063aac1d451f361274b3c90b1eec67a40eaf460cceb38df8e2b8a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png

Filesize
2KB

MD5
ff0efdc1eec13d0da549f2d28f64fef6

SHA1
17632d49eb08e2b7b01774f42bd7acfc1231a94d

SHA256
7321060d754e771a2c9ff93fe307c165f2321d4bb67d035847d4f620f0ce2a1c

SHA512
58498c62dad919c740df5c74de355a71c68848d12e88ecae322f1db67a6c278208f8442d2f41c7a4f248d3abaa6985e8df58aba70c9b32f196caf9f4104b1442

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png

Filesize
3KB

MD5
f6732bd212105ec5d58b9fb4562fd095

SHA1
2cd79b7f5a69641d6494d6f80a0310a81eeb7e44

SHA256
ebebb55a48e41b71f8aa543164fd9099de406a71e4aaa4d31a50c06a264afd1d

SHA512
bdd597ea7399d1264fbc054c40501e3556b8aabbdc94003a3fa41218572b2054daadfae04aa3a16b8fbd069eea69dfb4a43c47fa4b333066e23fc4d1ddcb2ef3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png

Filesize
928B

MD5
cbc2200fd5a826e6f402a1dc562b334b

SHA1
615392841aedeaf3a2247fbb74e7db0be752289c

SHA256
b038e49d7abb752f0cb49d12b60de75b042168b66b33c8ceb1e38faec7fee53d

SHA512
768b980db60de49ab3afed6a139fcf5a5ddcc5caf234a184cb685db3503440586bd44bae3c1c8dcbd8ad1d54c623c49d163582e961231ceab75556e2a8999534

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png

Filesize
3KB

MD5
9eb5e973f2d67d0c12f52db92bae1a8c

SHA1
c494fa5e3af6928292730888c582cb521c291786

SHA256
630f9564700aa615947443d4c786bf91d56106e69c0d6d98088a6e45e6470a47

SHA512
5a815969e62bd5605e65e0c932f95f0ffcb6aa4e1507c0edfe86c6e4e0bebdcd3a3eb3dedc64911ace42610bd577577937f1f9440036b01bc2f9d7a6850b5bbe

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png

Filesize
1024B

MD5
b08a568050eac648751c274ada137b1d

SHA1
f6da22267fcfe72d5e2c7f9db48b9ca09f13f3e1

SHA256
d5a12db9f40cc1a8923c56b826dcd84fae91c133c0e0ef48d836a930b2782cb3

SHA512
05de31d35a6ed6ff5c46f86072a2560aa36f581a6d5726704f7d4e7e538f98e534a133071672d15ddb0e0bf0bae00435e53bbdd33bbc31f202253346b503743d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
528B

MD5
595a8066e0d0dfe3546d5d73fa2d00a3

SHA1
7a4259a900927c2b412d5deaf4d5b8f5ca692f40

SHA256
76d4d9fe1dc0bf181a4b81e5fe275ac53a9267772c365c3d4faa8a9d3cde9a22

SHA512
7f56de8895375297ba7daacea21ec26b2fbb6877aad6a4e9d143d1dc781daf3fa19c4b809e419f3ea71e87c1aa522bf191586ac2e92f1e6b83557ea9ebd598fc

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
624B

MD5
2be36c7af6431a29c55c7c790c90c9c4

SHA1
4329e172dc3bc7810ae25db8f2d0111f7ec9b735

SHA256
c61a82fab135c5ba6248f04bd7801a4bd77e5ff482860ef46e69717578f8857b

SHA512
d3770b1c368aa82484cf85ef44f71495f44ba071ec45cfe14238145e033d55376ac602c505c3a246ea270f7d9ef6ffef7786b10bd6ca4e3bc03af54ec36900a1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
672B

MD5
a3a9cf020d8258db4bd09b5aa00db473

SHA1
aea5fc36d8509d17159df6b9c5b48208c7386631

SHA256
20c589c4ddf3f5358fe4129c64289ef931ce104b1d4a9ee1130b1be991e41d8e

SHA512
d5e78e2060fbc4959b8b8018249b0da93de45af03ff103fe24168882e938e2a841cb53447d620c80eb7541a08e5c31866d57cc5cefefca81f329c31eef0ca4c3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
304B

MD5
0a7ad97afe53af3e043e50cba4baa8c0

SHA1
71b7d1b00a8e933d7e9871699359e2231acfc86f

SHA256
7e7f6d09cd4e3bb2b946e8ce8b215e8de3192ccf8a4aa0531899e4dd9dde7d7c

SHA512
2fd73ae6e0a3efbd8c9d9515f3b0eaee2f03138d56a00bf905a2e093384e935b8b63933d596abc3e3c8fd1df38ae7a205b9f01c47a2f50de8663623db5d284e6

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png

Filesize
208B

MD5
dd9aaa9fcaae11c74e69d353c203892c

SHA1
1571859c261727f58fad6418a25128a40ea6ca1d

SHA256
7651b055212c36561cbc6db2cf2a687cabf5a53e06aade83e2c71d43e1718872

SHA512
5367685833aacae39ebb0608a5443e535c4602fb70a110a063ea3fc2bee706370e0c64e75ac51587c5df9ffb1b9f16934d19ded1de174ed50ba3a583ec1cae30

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
272B

MD5
00ec2aa16bd2fd11d4e85e332b7a3ff8

SHA1
9d8cbe4f72ee86afceee2f0f54164bf158b03569

SHA256
b671f6dc6b9a779021ba237813aede9fd3b14907b687463eb145f0a7ff9222b2

SHA512
4f7350f89cb97a01cd78442522966a48098808e4dba12f1ecc488d0776376cc3618e9099491426208772928df3e7431e968dd72706d70ac0e8afae45fab54afd

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
272B

MD5
89795beccdbcacb1ca6bb3180efade7b

SHA1
8ffdd5ed3b87de09fb3fcaf96888e5d646f72a25

SHA256
3c30a4a8da07b30fa9a747239d1428dba138828deb998f3a69f2711dc76efa8e

SHA512
3d015c631f09e62f463fbd5a27e58c490b7990911ccebe05a0f49ae5e27f08a4a69fd3be587898653392126411e642f25e4dd7d17b679e0cf2f6e1230898587e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
288B

MD5
ae2e443f8c2d62da579dc84455e6d4c5

SHA1
8158137f27c0ee49de8703056ee0d0526876c37c

SHA256
a72e82ad11dde35ac92f5169ec66527237af0dd2dc828a6af2eb45f09433b7a1

SHA512
036e68574ddcdddca01f0f7eb8fa339f62988e78cddaf41f8eb17886ebd0ce82f26ed79e15dff94a9d09ce20969a3a25c94cf0d8736d6471ba6a574d91032046

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png

Filesize
432B

MD5
e5bbc064022207c75df2d0fcb7a9bf4f

SHA1
84f40c898f5ec3c390dc61be0455ea33ed39d491

SHA256
e58fde3448088025cd6f778aea421192fddccec867fe2fb0844f1c3965803c2e

SHA512
ce69d40d79b4d8fd6c875d829ff4302e80d0310f5760432c069d20b2bd05440add5ed2f2686be6f35181582a0379a80ecc82a49f8b473875e6ae4d21924ef0f5

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
672B

MD5
93b668b5b373c0502f60a7e7126534c0

SHA1
f05019d68850b464ce4177c08a986db0bcd9d706

SHA256
93eaa01fd7e5cb5817604cf7c9ef84236e2e5c6c5c8224c6dc1abd85aa8fe437

SHA512
ac7633eb430128d0f6b6e24dfbcf6417f4b13db107705f33f2374a749e81e1d714a000954d2e50adcde94165680ef7ef7bc7842d34f8b35a6b7700d43ef32eb8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
672B

MD5
dd340fd92c8d06df0d2fced76a9a2c33

SHA1
53155857faacb370c3e38147029d018f5bc5ac11

SHA256
10fd0605c2e83221d7ef27e8bd6b5a3fcc436c40a909bbb2f1dc03cc80b36907

SHA512
ac76cdd9e4c20315f41043b3dc3f4371452cdb8f553000dc899fbf9c1ea28bd5d155ef5aa9c4311276ca66a31fa0a0432d81016e383a27fc04ad75a68eb4a501

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
560B

MD5
b3e7dc8cbbac917c26c8417bb7922181

SHA1
378e6c1a7580c47d1a6517eeaff7dacb4caa720c

SHA256
85b160ba4277bd559f4f669925998e730a717aaf77caa1fa29d2fe24251e2d36

SHA512
29a9f004794e4845c809394f52fdbb3caaebb25fcbb5e93dd28d65ebf31cff12be62c220253c4b41d96070746346673d6d609edf7b53f4945e4d5419c3dbd6b9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json

Filesize
352B

MD5
01abf09c11ee93a636614e6f5bcefbda

SHA1
f0e487f2afdc9bb1c170bf43e1a16acaa9b64e58

SHA256
665657f6ebcde037d314bd8ed05edeaf9ded8b8124b863956bdf4b0e80a10164

SHA512
ae10becc1ec33fd32615e4884183091285afd2156bd8dc1e1a12187b29137a28e06bc9f50dc06f396c5efb50b9750373b4de47e38cef7f986d365f005e30837b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png

Filesize
4KB

MD5
7ef0710ba7c3ce2f6a80c55326e30c50

SHA1
7b47d353ce3044129a5fd7449ada2a5b35940c06

SHA256
037dd1d719c0a29267950be2d553b643dcc47114c57066dc97f44eebb8fa60e4

SHA512
1d21126db651a25caea81f1e3afb9c1e3dc92ecb9f6cf86cd156c21dbfb141fecda3bb3fa1228b5cb7bba1fd3515699c14029e9c7a264ea7e861ee36eab1d3b9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml

Filesize
784B

MD5
272ee07bf64daf3ecfe19ef3bac3d295

SHA1
ce6eb4175e1fde412386a844d2321eae6ae39284

SHA256
4f6d21b3c05e057483c0f1f7720109eed54b776a6d78746d0cea720bfcf800f5

SHA512
74ef6215587e440997c3a5b7458ade3226e46c209ef383bb352774daf7ff06d1913953e5169c2aec6ae6d800b14ea71b96e83de733782c85db9c61707e319ee5

Download Submit
C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx

Filesize
3.4MB

MD5
bcef979878893fd490c41052f227a812

SHA1
454f388e42746564059d930f1ee5d711edd3e313

SHA256
c80c43fbbc72054d191f3658d3ac41e7d81d6f8edef3bd0aec65906478fd958d

SHA512
d8481610a446254b8ed9226842d807cc57f36cb160354b524670b1344f629d1cfe783fe944b2829a333fd5e67c48edd4ccb727c141816f037bc2a5ddc1013f3f

Download Submit
C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx

Filesize
233KB

MD5
bbd36134d505d0403e1060dba8dbe8f4

SHA1
d1306a9d9cf06c6a839a8eb336e9b0752d88d432

SHA256
f2728eec31dfca0371c8184e1a17f32487fe2ff9a9f30918d4b6c0258d0b9f00

SHA512
d0067e22dab0f422ad38874a8b5e0d77a3a0d748f1e4921f27a5b8e681e3a117508c6910e1fa3eed928641759f49b10691f96b890d935a5658eb024f9b3ce73c

Download Submit
C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx

Filesize
158KB

MD5
5cf6c54952e32464e2ede66c24b9522f

SHA1
530add09bff877c9cb5a7e02f5747d111b78f494

SHA256
a54b74a1314393ff8e479fa3a2edf324a39b71d95bc0293ee4e3e8f17521a6e6

SHA512
408fbc2b9c213f1f4b85482be090668e8bbfb6ebc093aeb7d3a46b556bb5bb1e7f8c43e30c64842ecf6f8933c090f6f540146eb75db7997e5f20092332e330d9

Download Submit
C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx

Filesize
221KB

MD5
96a7947f749c046cb53ffdce37ae5cfe

SHA1
49b8afee205a1086c76b661ccaa98091a77b046f

SHA256
67816923f5839865e984cb3ca3d56f6126caac7a4dc87620b90222c23b6162b3

SHA512
9b78f61af63fce149e16fe0fe91bcfc14f1cad98d1bf4f2311b00c11721956f0187d3aed984c1fc57a56d08c8ec05e63c93c5be20bc3d705c66b948b963ae261

Download Submit
C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx

Filesize
18KB

MD5
89b0b62ab9943cffc56b750a88e1ab0a

SHA1
5ea82fc34d6bb7610cdc57d44d7f95b32d90150e

SHA256
60259cd119caa7db7712f51b5f112a8a63845d0cafee191ef03f0f745d6d83ab

SHA512
a17ed4b02a94af4cecd63725d16b4a2ac6ab8a63d2f2fc4baf2a9bf34f0bf53b58e752b704ead4703ab568c9c520943b15a0e0852cc4b931036d0f1287d4dd02

Download Submit
C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js

Filesize
144B

MD5
e029a68b96aaba931b38554667a10f4c

SHA1
fec209130ab8017570a9d48093703df3d130f678

SHA256
5d97bd08d7b24b111ceb996f5e8821c563632a01824d9504eda5d674cefb7080

SHA512
f838e255f5c703bf3d5c60745b650ce0d268a0e4712a1e394f7ddccd6dc5c27d437471f71c1edde89dbdb4c76d57f76772cfea6a6ec1343f870a608a157ccd97

Download Submit
C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js

Filesize
480B

MD5
260880ca7f918af0ee045d9678d3ab16

SHA1
3ee2e56a89a076b9a13df0dcbbde9a60a76bec8f

SHA256
13b7d38e11aa92078c0f939bae32c9bc6ac1233feb10122de5eb610964909962

SHA512
96b4471443edd313b3bd5b4056470f7326706b5da76bcd84dcfaf681ff6829d643f1959b58785ab88e05cb782ef5b77fc3f1c40620d3d8cfa7f74c99f9a91b14

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json

Filesize
272B

MD5
1918a596309ab3542aba9d4206cc8c26

SHA1
d6e04a5c46d7b14dc51942840471fe77f65f188a

SHA256
9d062a6893d20df685ea18fcab4539a63c137efe4b30e3f01943a11fc6b5226e

SHA512
101867f1ed5e147e375d62607711ef76e6dccdcee653d3c43b99af289c46bfddd6e90c30ecec62533e50798cdda90fe3283feb6967d0e40cbf92951e496055b8

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\uninstall.log

Filesize
1KB

MD5
1f8472722abfecc2f96717ec28a756dc

SHA1
66620b769103ab6367128420bf4136b21edc9670

SHA256
e9f32f5e14d1e17fa0d74163ae909486ee2b86ecf3ed3d9ec1e8ae4e0edb88c3

SHA512
4a676c096eab5dc3f6247deed3c8851b640422df089f7423da2f7f55130bfb30ed3e0b6547d5ea4f551fca384ad7eafca0e2360ccc1fc4e5d03c63ab084ec75f

Download Submit
C:\Program Files\VideoLAN\VLC\NEWS.txt

Filesize
213KB

MD5
78840df3a5d65d93b9e2880b82bbcd02

SHA1
ba05ae52289bbea0b07b9ec7d18a9f62996b4eca

SHA256
6e117da43f2895be78b32a1b82510066b0a8087a80b20e4c0bcb9d500d70d2c8

SHA512
258a05feaa9c70b3dcb3d93afbd64b707650dbfdc03d776a2cd3e307199e788329001d5fe799d6d0ffc2a48e765ccde1c327ee6ed759152da9bbd3cb07de9796

Download Submit
C:\Program Files\VideoLAN\VLC\VideoLAN Website.url

Filesize
96B

MD5
c3d1bc861df419ca38c0d92eb8052225

SHA1
3bb34bf619037b85920e22d264005be4adfe78ff

SHA256
b553572807b21979597e796265ae4979bb69ee6d0f7cc8531a7e02e1c1c66bc3

SHA512
10bdac3b60ecaf55240093b2189e18f0ec62160cea7834b836eb965b1e0296396e2107734f062b3c40cf3dde563db6c5cd04bccdb08feddbac90834e1b2ebee7

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css

Filesize
32KB

MD5
92a250600252ee3413ba7aa8a210cfc2

SHA1
0b5dfa2b734171aec3f55a0df60e7e063fe5093b

SHA256
2c0173f5846a524c4bce450bcdd56e67dc81631dca7bc48ae97eecd6b70b3b65

SHA512
4a7afbb3c7adafe9893539395d5fb634250cf240ff9c905dff294ee13d11cd020ce87f106731cf12f0dee40e84e609905ef5361118e70f5a629d26c5b9f2acdd

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html

Filesize
960B

MD5
5dda5c9e5c81120309b817da0dcf8eac

SHA1
80947b4008ff64c70c589db28c8d067b3c4b28d9

SHA256
a6601015ea23a102e2b331cf90e1ed8c2db88cd1359b1c557c01b9a8f909d3cf

SHA512
92d288f35c9054494f10734a358a7fad6e09eaadd2d8775e5084b462c9610edd03b94c4417f0ccd6e529c2e2438089a3e5f38f6ee94d5c733d801617c979eec9

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\index.html

Filesize
15KB

MD5
eb9196ad4ee008850713cd6b3eb47199

SHA1
44fd4e3f240626ec874809eb15851b4ff1552ab3

SHA256
8ed278f29382dd358513df44475a9c8ead9e2083978a8914515a38106df24c04

SHA512
ee51e6e3ebab1a0f48381a4813179996540c95720ff131bedfb314ba9a228096ef44033ef9f615ea319d34169b49b2eb70936e765eddc38a4be5420caaf30f4f

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html

Filesize
2KB

MD5
215a4742655dbe6428c751596664f88d

SHA1
3f631dcb5260968bf8dc4b21c473cf66595185ef

SHA256
722e3ee078e36ff37fcbcf885ff7f0ee5106bc110f4ceee13ad8a4ce40b19b3e

SHA512
c0fa48d571c877f585fed3a8933207f515b8bdc0a5705a1c50cd77234cee5b0a0f7a54b00d18696c614a1a1dd0087de896991e711bcbd139f8e7a3db5a5a952c

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml

Filesize
3KB

MD5
7dc2b4482665037853eb292523e8b475

SHA1
65b3695d18250bbf62bf78dce6cdd106652796e8

SHA256
c4d78ed437a23ad28af84e6a67dc8df6228a2b8cb451cdaa9d914e3f26bb9ebc

SHA512
2ce10403d4aed9bd16841ed0d983a0ae792860d94cff8521491c4ec842a29ff24fa948715f0c8c7eb83c76def70b939fbdb22fc12bc2badda35f2535a1923202

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\vlm.html

Filesize
1KB

MD5
2e4e281506259e8ca927c8f05ae4ed13

SHA1
81f3dd25550ec5113d2fee23adcb565832fb005f

SHA256
2e10643edf176c73ddfe288cdb3d71ee3b2f8960afe6901e3293e8fd8bbb9d25

SHA512
3cd9ca02a773b5eba51d2560c352767444cbc4e7796fb63f5fc0f1b157036603663062f6c209bc1f576cd8829b4bb63e28bdc78c7703d6af7881063209c6b044

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html

Filesize
352B

MD5
7e4fcc7decf59dcbdb83f692dab7c268

SHA1
1a226485112adff81e2bf25bb5f4e40d8423cf45

SHA256
89e3e0f23923d0eb7ec6f2a3b20856e0f23578e510f861b3c0a5aebd7bba1e5c

SHA512
b2674e6c6004ae9169cda1db40112a8fb08888bb5fd8ea96ced13ebfa3c6638e71699b5084e04df4bc329874dc64e766f5a92d95b3a97788f345ba9493e18752

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar

Filesize
68KB

MD5
2af419495620b9b29929b3855598d5d5

SHA1
8fec5e09580ba8ed13c11990273f617f9fbdcdb1

SHA256
a04f38a1d50d663fa0cba479921784a0a8e5f6ae1b094bfa5db1b6147e1de637

SHA512
966f0cb46d9e28e78ba88624248a45eefd778e615f600ffa6fe603827a94e4f78cfc6c4c45c3ec598e2fb9db51331a413c026334c764964b497b9d42af01981d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8fe50664fd38239e8c01b75122cc6b3d

SHA1
36d011ccd6e5ce47ad0e69559c782d6482e6cf4c

SHA256
c7be861be90fd1a2b4df96b30c8b39739d99f945f79d21bef4eb7481358bfb0a

SHA512
f96af6111881853330c9c8816a354faf8946c97cc56e04b0de9a764a40f4541dd4b59c82a8db8c243f059c386e680f8c1f010c34f6da0cdb6fb1fa4de81afd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fd15081616283109ba7634f121c129e8

SHA1
c18b1fea593774c5fcd4ef811c9f2dba8d8edee8

SHA256
3984047d84f9b254041736df529a564eadd3ec877b7ab2b8bb1407f97feed729

SHA512
2a37640b5cb27ba6da88316bfc2d502085ae4e34c0f8d44a56e0395e64e96f269874a8a36c6927375dedae27b4b5c915bf4cef1a8409d21428cf91ba4f0c4dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b0341bb3ba6c4c1fe54b08f138c96a3

SHA1
a278a6d26bc798a55304abbef1fb17ebd1997f80

SHA256
2d92768f44c8915743f99106c79b3bc7ad1ba1b98aee722993c858ad2f29f9d9

SHA512
cbf66dda9b0c61593eb6a7dff5f1317baf203675cd570be286eb18f6902719966bddcf9adb88c3bd25ed7e054e345dbf8a6e333b7a62eedd8b0c49be3338f1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12102888b1f90bfae54d6ac1dbb044a9

SHA1
2369184406d33d45dc5f2889b1774239e05bbfbb

SHA256
94a88c02fd3bb6ac9ff6382020cc212c0c35d7047a660505e68dd34d81faf295

SHA512
16595e0b3eb7bb7748683a2462d9af3da2ed1b3e8e2345d87509a0dd1f91ac44b1af335f29bd329a2b8fd63e16d6ba9d20cb1369fb10f6db3b66a4c02e41b5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4834f234931eb471832fade68615b06f

SHA1
202ee0eed9439bd9d7c3f53bc833b16ac68f0e4c

SHA256
3676af9d36c00b62adfe9f6829feedcd8d832a661698879d13bf94f4bc0d07be

SHA512
4e4e8c3ddb3ac860edb64131a828bfd9815d1a6ecb0da5d0db12f89d4d4ff01f4d2fc51304598b22581e67d832c105e1ee5fdf0d4a828cf708734241718455d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
494c8dc290714f95ea625633aefc06b9

SHA1
3828a4524917611ac65c1eca4a7101cc8a1ce1a7

SHA256
b169904cd023124cecac4cf0fe9c8d232b1a264d8c62782aa7181ae7f51c837a

SHA512
1eb57f06e069f1deb34991e9913f0024a70a7e64d9c81a9319e835661baf75ee6f60dcd82d6e59c7805d13a1bf002001f64fe575d50d7fcef30e43d74096780b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3cc6c64794f3310123757acda69c12d

SHA1
e10c959ed7c9eb10d269f7bd6059a341fbfc3b75

SHA256
0a26718dbb047b97e00c4d71dc2aa0f51ac35e53d8239f827df6b9daafb13a09

SHA512
978e1706be3f89193632b2138088d061161cddfbc04629eac402280ca048af142519294d3352b22e9ed2064d102a10cad0d67acf3a1df991e32f4671cbc988a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16bd7419bc091833e7baf79be6e8092b

SHA1
aaaeadbc70ed9f819ea00e508a9e6cdbba62c862

SHA256
5595f90b4b30688e7c1af529532a8b45ba9174c3d4bec3161f7ce485e8ad689e

SHA512
fd42b8e52db0fc82a8de44ea7fa79a3284f6aecc64127d8b7c0d9b14aadb176420a3eb01c05b9814924fa03ca31dce36c78ba7f885376f01e597d7d36959efcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8be763a684e953a8d49e23b8228398cb

SHA1
379baf2ada2758bcce144505ea50295b13b5f49a

SHA256
9dde268a1d5287643ce47a0485ba467ca8c6eb66a29a01cbbf88a2b6d6736a1c

SHA512
5035b1f603ba503af51ead4dc28bdc60b4d62dc6dae09084ebbf1ee6ccb1956d3592a2a76e57b97b0d22455d2af576cd01060e07111f66cbcaeffc5b9956b619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6974ec0ab68812c5a0ff61b2ffe40f4

SHA1
20c4a023f1144d161c9c4b1da85ca95af0dee149

SHA256
6475563cc8d4b64adf4e80fa2f26382f92372bfb58c4d8154b254580588d3501

SHA512
71e968778c58caa1f626691ae5b9b45717b8d9d087bb927b0bc7fb40621e5534c20fdb6e2b293499454b32f1bca44b4daa867aeba09d4ae6ee6204afc090c8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20d5403b4fc5a33e884adc97e4b264f0

SHA1
79b0e28025dffa489e5c4b956d058b5b03de2c96

SHA256
a62a85c7302729f695028bed51a68953c7a5cdcda15588b6ce54e4eff0ddaf24

SHA512
13dd3edaa2034826cc3e2ac7b0b6b3816fa0f92b4ebd546f2f80c081c65bf4a254791380649ed4c6feda764f4d830125497ec4d79b6346aec3767ac41b3b4769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
973565950ee1ce7012289eac534f4e92

SHA1
6fd41d5fa12da09064aeb00d9a2f26d963da893e

SHA256
d7cc05c474da4fe9ccd16681beac546c55fb249d53ab46ec2af724d7970da11a

SHA512
28c15e0f9a0c493607786c33b7e1740926659b494a530e38ad5a07e7ee84af5b03001663c3132714f5beca06ac672700c7c419a8bfbd232db106cdc8db95ed27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
eecc8a4c7dee09451197f6b6a8108243

SHA1
adb1802cc302b129b146905e55992575e7e4ddc8

SHA256
bf59d69f1f54e5b9547c3b5c421be1659fb870b29c46cb7cf7725d366c99df17

SHA512
3137320e6775941241502d804139d37fd5d463be46ce9faba40ac5c78f1b19b5a54bba5a1958292547b97ee0832adfbfae958ea687327bec7812755a047c9a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0b0683c3f4922bf36f8268440796cfd

SHA1
3141cf7abed3f7543a5c6db780e8567b9e96c45c

SHA256
88c1d43e61db376fa81ce8640483eb662f84da38fb77f05dbe19a5c773d145c0

SHA512
eeabb0c360e185d0425b8a37cf20aa3baa3d2ed9bfef68592cb227bf59fc9e5aefc248364b6e524d7381b849fcca4163adab1f224257f4b62a2b8cfd0619af70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bde1.TMP

Filesize
533B

MD5
6e79a6a39f15fd6604a32216d2eee9c7

SHA1
1622d99152a50bf76a4a5b49b51fd7174d260d6f

SHA256
b1dbde6522b4bc3a8f5cea58729b1f778e287aae66f82e6e30e1169f436540c5

SHA512
43f19f62fce8016e94d513414c74512b0ce22823f5c64b6b3c688fa3b22ef960ed6e4199f5233bd610fb0832ebd9c7e7005f05243d412a81a3928de9980654b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b7486af7136421489cf592611b4163e2

SHA1
b119952e9cdf0e1d79a643013cbcffb9e27d79d9

SHA256
2347b720251ebb438411ec063311c4ff04433111ec437ba3f92016c92a628ecc

SHA512
03b197bd2dfa218871682e063b329c1a18f8be7e863fb54df7f810e029ddd40f38a7bce2378326dbf50f8c398b1ec9a15974487dae58c064ea1a3be9b0d5f9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b62e95adf40f5d4b1770a2a5caae7bc9

SHA1
93d80a17838cf96aa0d98f34db794ef192840ac5

SHA256
776244875f2030f9ed1761978c03c126e38587974d42e8d71eb56518953de615

SHA512
eec0877a4edf83760e89513bda03bfbc8d4957c6f7bfade0739743ac257644e2ac1736874b81db29177457c55f1ffeaf337ae86b3c2d4036d24ca0863a871e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2477af7c44a7c486cc8e29785004b99

SHA1
3a034d5f665d37cb7979c2f35e74f96f6daa749c

SHA256
76b1bb1c2462b7972eebff88759efad577e04a4cc314041580275db09b3b177b

SHA512
6f957e7ab33e3c588518ed6b6db0f274706b1352d51983eab62a92a833f2999a01b488071b18bee479b4d1d5a8562ad881f0fead4a5cce61a9389daa479cd702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
481b07952d3ed98476b6e6a99133ce89

SHA1
a82c843d417cf5ba6498b832b5889c13da67195b

SHA256
c6dbc82b9ce608dc55bcaf1f2af0560eb8a991f0db9f74b7d0d21f30accf575e

SHA512
b80b3e9d011fb2db9a84ec0fac46d4572eb3371e5df4d203be0fc32e6a8beb8fc81860a679aa03252fcc7ff868e9921941ad87f2455bf7e162c0a48443daf0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90b9ae9f81fd471c0506c951dab52058

SHA1
d1a362e6f04a37ca9174034875d37b60dc4ad581

SHA256
4306657fa93085867cf4059359582876d1b9cad983197935f4c1a69decd7b433

SHA512
ca8696223a16419da9e557a6fd268f563919105880bdbb7ce6c72d1f3de4b043b6cae1f4fedba965d8c4ae7eafcec611d8335f495205a1488e342b2afb39f59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 855447.crdownload

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
memory/880-547-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-559-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-537-0x0000000004A90000-0x0000000004AC2000-memory.dmp

Filesize
200KB

Download
memory/880-565-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-601-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-599-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-598-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-663-0x0000000005160000-0x00000000051F2000-memory.dmp

Filesize
584KB

Download
memory/880-662-0x0000000004BB0000-0x0000000005156000-memory.dmp

Filesize
5.6MB

Download
memory/880-595-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-664-0x0000000005270000-0x000000000527A000-memory.dmp

Filesize
40KB

Download
memory/880-594-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-591-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-589-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-587-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-585-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-583-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-581-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-579-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-577-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-575-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-573-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-571-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-569-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-567-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-563-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-561-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-536-0x00000000026B0000-0x00000000026E2000-memory.dmp

Filesize
200KB

Download
memory/880-557-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-555-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-553-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-551-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-549-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-2896-0x00000000053B0000-0x00000000053BE000-memory.dmp

Filesize
56KB

Download
memory/880-545-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-539-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-543-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-541-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/880-538-0x0000000004A90000-0x0000000004ABB000-memory.dmp

Filesize
172KB

Download
memory/1012-2911-0x0000000000E00000-0x0000000000E0C000-memory.dmp

Filesize
48KB

Download
memory/2116-2759-0x0000000002100000-0x0000000002132000-memory.dmp

Filesize
200KB

Download
memory/2116-2758-0x00000000020C0000-0x00000000020F2000-memory.dmp

Filesize
200KB

Download
memory/2396-1985-0x00000000020C0000-0x00000000020F2000-memory.dmp

Filesize
200KB

Download
memory/2396-1986-0x0000000002250000-0x0000000002282000-memory.dmp

Filesize
200KB

Download
memory/3160-1043-0x0000000002180000-0x00000000021B2000-memory.dmp

Filesize
200KB

Download
memory/3348-2246-0x00000000023D0000-0x0000000002402000-memory.dmp

Filesize
200KB

Download
memory/4044-1674-0x0000000002450000-0x0000000002482000-memory.dmp

Filesize
200KB

Download
memory/4788-2632-0x0000000000690000-0x00000000006C2000-memory.dmp

Filesize
200KB

Download
memory/5140-791-0x0000000002070000-0x00000000020A2000-memory.dmp

Filesize
200KB

Download
memory/5140-792-0x00000000024D0000-0x0000000002502000-memory.dmp

Filesize
200KB

Download
memory/5232-2372-0x00000000021F0000-0x0000000002222000-memory.dmp

Filesize
200KB

Download
memory/5460-1422-0x0000000002380000-0x00000000023B2000-memory.dmp

Filesize
200KB

Download
memory/5688-1170-0x00000000021C0000-0x00000000021F2000-memory.dmp

Filesize
200KB

Download
memory/5688-1169-0x0000000000770000-0x00000000007A2000-memory.dmp

Filesize
200KB

Download
memory/5796-1548-0x00000000021F0000-0x0000000002222000-memory.dmp

Filesize
200KB

Download
memory/5920-1296-0x00000000022A0000-0x00000000022D2000-memory.dmp

Filesize
200KB

Download