fantom | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Fantom[.]exe

Analysis

max time kernel
112s
max time network
97s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05/03/2025, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Fantom.exe

Score

10^/10

fantom defense_evasion discovery ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>cQUSOYfvKg1Qc9c9KB/C2L6PN77vRyO3ClOmaMGFZjB+eO8a6c96EuPUNTQx+uCDRqTBuHYxFQKcCJYHWd4Ioa8hWVbxUUuCGlkvXyXtARwZ2+s4mhejCwJvqhq8ZHBc/QSSq/HEWS7uCwfng7nz3O7sjxY00zonuHxvtFqjnBZsgWL3I23r2s3ZwZYqkMv38S6lj/izXSRCdOLt+v3IfA9KBESr8JvR4u9gsC8RG0uyCmhDU9jeHOM25EfKSUDNdcRsoZjt9OBU3Z0+3NwywUOQ8S6ts/rj6utPlr+IWXFJ2iUDB8henqsfSapJJ65GNPoIm1DeqPGmJBtYPeDULA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (1015) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 1 IoCs

flow	pid	Process
58	4812	msedge.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\Control Panel\International\Geo\Nation	Fantom.exe

Executes dropped EXE 3 IoCs

pid	Process
3032	Fantom.exe
3100	Fantom.exe
1720	WindowsUpdate.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	raw.githubusercontent.com
58	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	Fantom.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\javaws.jar	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nl.pak	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jmc.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html	Fantom.exe
File opened for modification	C:\Program Files\SwitchGrant.potm	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\bin\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	Fantom.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
1896	msedge.exe
1896	msedge.exe
4552	identity_helper.exe
4552	identity_helper.exe
1432	msedge.exe
1432	msedge.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3032	Fantom.exe
Token: SeDebugPrivilege	3100	Fantom.exe
Token: SeDebugPrivilege	4128	taskmgr.exe
Token: SeSystemProfilePrivilege	4128	taskmgr.exe
Token: SeCreateGlobalPrivilege	4128	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe
4128	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 3236	1896	msedge.exe	81
PID 1896 wrote to memory of 3236	1896	msedge.exe	81
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 3320	1896	msedge.exe	82
PID 1896 wrote to memory of 4812	1896	msedge.exe	83
PID 1896 wrote to memory of 4812	1896	msedge.exe	83
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84
PID 1896 wrote to memory of 1472	1896	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Fantom.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa3c8246f8,0x7ffa3c824708,0x7ffa3c824718
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,4816645157617962751,484074225064857079,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3032

C:\Users\Admin\Desktop\Fantom.exe
"C:\Users\Admin\Desktop\Fantom.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3100
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:1720

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
29a3a632865a3b2c35790b353c9e16f2

SHA1
5f9ac8c96dd23af18fd2f49a0eefe449951855d3

SHA256
f961f198ea307df9b3b3b06b0a05fa5cb5c8a1d2d3e0eddc84649ac0aba8388e

SHA512
7ece19805fa35118cbde83e04398cdfe358fe7144359e21d35eabefe10a6eab4e49902f727bce2954d0a505f8d2753d81a60417ecb64f87654b53faba60d7b9b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
a42aa7cf761f6d3e799b87ed0579f8af

SHA1
4e0b8a1d0ab29325d3344eb3cd471a74309b299b

SHA256
b6d84b96d667015870990d4ea7f96fb2b7cbfbe2cafea8894236d5f502757277

SHA512
d6891e2d9ed68887961d01a346c1d999e5e83563c064490c1d85a278a51759f08c3e34ffde7a54fc38cae13e83560a8e99dc023c4a77f56f2f0eb27d68acecfa

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
400eda7808b29b5f3d1a9eeb26668a12

SHA1
5837367d301192e34bf817b04773dcb0a401e7b9

SHA256
ede0a300956bb9e92c710f98178b48671f38466c25f251a3ee2e6b0e0c036721

SHA512
68e5a4d0c2ad7eb4a4600c3718c7d3f53ac7108b9a09b0646a3e45d6fca977259bb813b2d760f3e3c413b1bd0cf263be4559c2eba0dba3c79fed4e9d1701eeae

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
8958f43335c9dd850050c1bc674f3321

SHA1
c765ec5ab44788254dd8ba61392ae4cd9c7b9838

SHA256
f2c3d79e6f9688a45669b13ed4b312d861d90027180b95b1a3a7e960bd244001

SHA512
54cce98eed87fa2615b27e5cfc4533984dafc91e7eb3b9229d69a52c5e6b72da43bb28f9d18bd14a0806dc33583cf4c41d3db1267a1667cd0e16057793123de1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
9a92c6eed86ab1706f760412ce3ff8a7

SHA1
750edcf6e527763f3bd8e4f1cdca00c9b2f73a38

SHA256
e9052a9d3764fba6ca860af7f7af8779b6daa4ddaae93dbc5b42ebd1335440b9

SHA512
fdb3993e7120f24a2ff5a464f920f9b3924495ae60eb4baa2b3e3421f53348d7cd1abbf03fad567ec5513c9e9595e65a46caa97661ed36212721a3bcb77facf3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
91cd99b8f0519bcc3831c01d9b7289f8

SHA1
f28ccc90b38e4110a165361dcfe6e10f4f3af573

SHA256
1337979c0dd15222c7e08b4aca9279eb81a42ff52cce8aa377c7ee78840ae0d6

SHA512
2c4640ccdffe596fc507fd9c61d3742bd06ef28c87bc86b5589e32c896a62563ab6059f28130efccd4d607487fb0f680c50681a8c77b441002623bec20dcd03a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
a473c9172f2565de5cb8dc88c868132e

SHA1
fe380ce54ff5f9570161997ba8ec5f5cbe7b4311

SHA256
87d8b625ea3be4b7a843752664a79d03b1163853c82362fe705cd73fd957f225

SHA512
a2b79a195a15bca20f3211ed38fb32d2a3cbdba3d23e78ce75537e1624501ff67a7e63db91b47d1aae8546f0b69a31939caa6f1d2b8a580c918b6cbc8df6cc24

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
ad9d5c881fb416363219fa6e4599c24e

SHA1
12815d4b27a1fb5c49a807f99951cec736db1530

SHA256
56d26ad22e324a873bf532b7e54d9089e6e961c1cfe4c615106664e975b4350d

SHA512
8a4b4f67325b549da677fbf23c37131a5a8e6a5d42280cbeb73412019ae278de4da0636dcbafae79f5d8e31467a8727533066fbb4649cf7b5ca08fc39fa36ff7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
c57e80ff15831accaf280013dfee13de

SHA1
98046b4923627afb2d14afc4db537f8f2574000b

SHA256
b9c6e887ed1c134bb2907835b70fc1592e328e6c2840a45f870145006791e5db

SHA512
594ec0715bda6a2f325933ed70bb47db8665749bcbdf46c5de62a0d2bdc4f7f644bde28aea488a03c271db3be1554f8f624902d600892067c02246433143cd0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
79c3f5f435fcfddfe7033d856c025d67

SHA1
71c38fe26e626ed85a565f32ce835b70be0d8ac2

SHA256
f4fe028096486a8b9a21efeddee09e14174b5fbc78217c658df5f3826d539a03

SHA512
e68a69e3823a2d344c3945a68ed8bab438187e8ecb03701c0448fce83fffe3619a3161681385e72095b069fa17e1c84a8211c8d67e187fd4c28753997c6c8b5e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
af5c1d4e84b8b9518f228f7706a2ac45

SHA1
4e134b13dc2c1f595cd970a5259da1f5588d2821

SHA256
8771417cb9d1d1944090191b7bf69f2a116e2184ab0969a95c6b93865c04f5b7

SHA512
b04414d07f21d85fd751f2182deb905566fdd93b74dfdbb99dc9485561c54673b7fdb2290bdde1675bab6aaa6001f8829f2be27a5da1b163dc47f56a1488e158

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
333b350dbd5c96e93aed0439b86caa25

SHA1
e5fa427afdeed74817184132b56313a4f9337687

SHA256
7d462f85b014a3463f4d2e05e25cc708ed000847fbe2c5521e7b8075bc116a07

SHA512
10fa90cd9960489e4064bc8e57427b42ca30436f3fafc6d1349f73495f9eef5435965826ce3db5986dfda60275e872b8edf128fbd802783ae701fc29f57cb86b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
bf95ed28dd96f620d446c88b779b54db

SHA1
3477ee401805d4324a2ac762be2cb47d78356201

SHA256
cee5c710c5ec0ce8b8da2af86ec7f3986f0dfa438855b3897474296d6b1ef552

SHA512
f41ec4f40aad782cc4f1329b87f1bcc10ebef61396329170b91cc021c41bc07abbee4f57ee96e59b78fdd4af85e00d28e18a1d83617509b22348b3723bafddac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
28463e717c3e4aad457a348c2531c0c1

SHA1
65a9dc9deee5f05c41c08535fe076638823798a5

SHA256
7332f8878d77881f7daeab97df4e8e86229ce2c694084af8b13f1c2466e80055

SHA512
4a55baa4a1eef51b49b31874dd0725443ce816fc14154ffb3512ff2b47e1bb206eb2156e90871efed113afcf30c3fc00768217186659593181e99cdb6a62fe38

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
55c5f1b010b91fc1d9ad4465f47f3ece

SHA1
c7c4e850f8e32492a6daa3f96b19fa6b95cc487d

SHA256
7c948c0e37091b33f0dbecc599cb34b419a15f240d0605620a33a2dfe7a416b9

SHA512
7a402924e6a088fb6262f9f56edc5aab49820671ebe9a7c50a63cfd0256c7761eae36a354ff5f36a82a2734be472f4914b83003f683a32aa1010c029ebc8bc4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
058d26251b976b132a32a7bb7805b2af

SHA1
5d30a446edabf1576179d4270d7cac5451c3ce51

SHA256
1c24cd33e049db3da7b47714cdd8adea8da03687a89f4ff3ba999c5fda03c955

SHA512
465ad5f2a073920145ab2b0e54a159f93e5a1dba048211f11af3fb29c4a4b607c713ac8bd44bace2967e07455f025dd703a5ed9e48f4076446319a0b551a7d2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
ae6b4ec6a6de55697e7d7c23bf6f29f3

SHA1
dc2069988bbfa745a36f0a7b24bc921fec210617

SHA256
a7b32f58688ff2c8619d600b03e665935c78143d89a4b0bc60e05c0946b10a1b

SHA512
077cf17743bc3314dccbabd6508a74a8f379f3f8c74dd253cbe1549c053c9cbdefad376a4000a00cb994dd3d7d8ce75f4a5a804dba6b5c9c0bbfd06042b7def8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
9d998d48a9932f08b5486597ab191cc7

SHA1
82dccef1d6eebe70298b58d9cdf16455c4c216f9

SHA256
17aa1382ff1eaa4177bf9334294fac7ed993bde0b0006daa6ef8c090e9fe839d

SHA512
b840c7a8dfd1e05a3eb13f62db3a9a680d4b44c3bddfc27597e350652c3b8e9c065e95de2f517103a2df7727c65934babc819bb3084ad32095fb5b2086bc4ed1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
34b4c750c284a4bd624b142cf956f999

SHA1
7d9a50ea4d52f8f49fb67d1a558c8ee87b09e3d2

SHA256
f57e95a8d7c07fc112e9ddbb118f47cd9e865c5d1233ef8a60134ccc685886f2

SHA512
9982c8916cba8c4d1fd5b470416e1991e1c5abda5aca943d2da2e5019e5dfc53e77540b829b4b858b6c7c4849fcc5a84d1db601961b451e72182c22fea6e0238

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
e796317a59c02c67ef2ebf1d89ea9c64

SHA1
213fb6928e8e3ba91edee4b177cbddf6883a46ed

SHA256
1b28bce797e69572bf05cbe9a6bfcabd61517f89a7d915cde86c6ad31e972c12

SHA512
4874876fc0bded39d5cfd13654e694de8d2c61ca7578f40f47cf929b7108c89937f9ee98f8e9d06478a620a1451962b9b79b340ce771972fd4af05db57cd4c56

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
a6a0ca2d84ff444295b9d29d32ee87a5

SHA1
5682c130fe701d475833a7efa20768d0aa370d23

SHA256
edab883f4323a8a28d544a9699e1c1e54b95e355591d3f48c8da246c8a10c023

SHA512
8664e5bce10553da39a732d289f6b42aa736daaeb6e1f696082c273d0c34d26f1939445b3f909e53bc1ce4099c6df96de19f3a10f588a4ae1b4142ded122bbfb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
d301e643225ef9a3ae7881e4882e8303

SHA1
52f6ca9d0191b6b0a3b856278ab7c0da9d162396

SHA256
b13914dfc4eb4e7aad68e4f9d3fd59a19099a2b5b2cd9b4b4f1c160e61d54002

SHA512
3314d4c3fa0c2f3369c710a839b79895e218b04cc1a301c8119645efb36fbaa740e004ebbff91900171bee7b8b34c0022a7c1fde3fbe0024a4c81e06f975596c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
cb761e9d9233859c118af71f88d4ca52

SHA1
7b3382e94351fcb8e79dbe45501251777b990950

SHA256
091c7e1c06491f14eac68ab4aec2bf840bc9014e0642f5e53183208730fbbc53

SHA512
8b00300a819b35f25152d2f94e8a004351ca344d61167bd2c4edf9ef90b6334dafd8590a6d4fcc6dad6c058d4576c65787ab835fdf3447d3c56dbd2a97068aaf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
4958c80a0f4ab2b0d34c6e1dab52e583

SHA1
c636d2f33e01e30c33da2f99472a2e504059314b

SHA256
0e5313d1e05a3deb85feced7067c19ef85c18b5f186fb7e2641f0086ab3d155e

SHA512
b0600f753fd1ad558b4cf3244bac585eb04abe96c08e325b0cdd6c6bf33886cd9c4c6db983604b451ddc8f412da3ccd003c48871baab3f4e930baca999c7da53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
976a416b1a0574a689d4701a43e8c0b3

SHA1
1e20cfd80c699cb7c4105a1bdc96e2b05f6b224c

SHA256
a33c26824bdb109af552393c7c9ebab3f29dd7ec789f3efb4845b3e75d057539

SHA512
8f65b6bfe07f31ec1fecf1bc31c3f12dfb87fb01094874f28b9b557329f03f313efb13bbb7a62c1401dd595f51d39199d714f4724608c7063b23deeb110e0db9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
7886c92748b9fe8ac983971456849c17

SHA1
6d5f69a74f3e2d0260ad41a9256bfd8f09f63107

SHA256
4ab6c83428d9ef3794e873ffa8b80a32dc73015c1cdf8196d3f15a21c805d88a

SHA512
be051f0920c1f69f1fc2a61ac086b68436be5a4127b98eb93cc7652451932f839b8d01f6194d47abd1685f14635107cf0449fae6f55c6e7b6507d78115ee9a1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
82b422314ed0f2f34f4411554452e826

SHA1
b06e5555e9f16a20b04f2d883776a3dc1ea500d8

SHA256
71da44df52c3f1e73c80773846f7d90713ff5a72bfa0605563eadae4d7e9e2a3

SHA512
723b248bc733f9a2a3d25034fec8172a5c6585069179be905fc8f2973f7a918a498afab3e4a73b7c31166d3df1852fd75219a0d2744975e96f3bd250312ff300

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
c6431b6acdfbb390302637bb2ecf1cd5

SHA1
b8292fcb5b21e09b1455efc4a19d80558bc60542

SHA256
2462cbe5e8330dda5a88959fbfffdd7587c6dee19204a1185d437c76a322481f

SHA512
9304c44c9e2906a0dfb81a131c7011d9e085472e03bdaf7b4ef7ed062c9fd975f189c44e682c08c3ff625896396da2b996adc39f32482875036114d80b5665ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
c1ddf8d375a41075cf891874bf3e8969

SHA1
b19a10ec979a66fbc7b015976ceee74fefdd09c1

SHA256
35b8fe300e5dd0a8a375a3c60cf496e15b99b6b930432cb60e63f4cd6ebc2f85

SHA512
8c22b06cd9745e57b462447f4131fcacf2a5c64588ac1e24d3ad3af032435555b7bdd14157077ad31f1fff3af4135522bd016b7332102adeed413f318e668d33

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
1dbc8cd6eace58b78295b3c24a8e8bac

SHA1
21064b982b94637e13b0722e012409c7924c6d0a

SHA256
57ec1810a991842206ee9340d438b2cf0d35b26e774d4e14a0e1c4e107d0d8a6

SHA512
3dcd3b663775537a21fc9813e38b7fca5ad53abd805ce13dae08e150d1483caf9d1aed411d05f870074accd1c85440d6ee6522ac6f79aaac22d2d1b4cc6c1096

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
cfcfed004287cbac58945337918cdfb5

SHA1
0931e8e48af3cee757bf700dc93f191a84abd012

SHA256
2f1ed4b1b54e48cb1dce75790f295937c4657193259e275c000b80cf5df853a8

SHA512
634b54de72db44227b658e4b494fd25deefb7770e5d253a6c2a44381e3ec76f5440bebc2adf7860a92b03be72442f6c8f22d578b867848f305c5733cfb57949a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
751ea2625b936a59c5d8ec511de1741a

SHA1
a9d1ac565f7b3a8d3da8a8afc350fb581bf7f582

SHA256
080a99b68aa024839e531e553de29c604c57492978b3581c340053acc762dfe3

SHA512
44e6b6fd9f05d726575c1943f950a8009ba0c6014ea24c8b2e10ca6240df0e62aa62ecdb9ca806f421591f2020d55c0baeeee9449e3f04d7aaaf2781a28b8e04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
6b273174f01c9061cea5def5c6132ee6

SHA1
98dbd03da63ec79d94bc4352668398562798000d

SHA256
9b63c5dd1202056f16d9c90d1709a04ab95127b295c0678b87e38180e16c8b98

SHA512
18e12a65b7629e7a120a92c1c8987b5c69f9f70fe5e9d5a595302d433cf2f1f69f8ea417c618948badae6ff694f60b69f6765206f9887f96882e9d66d298ba2f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
39657fe5e686e4eee2993730716689f2

SHA1
a0b50e4901819ea3e8c2500637bda0551e7771a4

SHA256
da0d6e8779e18f22b3f25c00de87bcc0bfc88a37491ad6aa323a303500b8bb6a

SHA512
158e6a8671498a982ec96f407f5013b5766daa6f0865ed91f1926a5dd50ad54d83c50a5cdb5c043dc708867ef3b0cc88ef53672926acb0f21a9948df5e407c9f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
a06a6db5c0abf53e2b90173dd3999673

SHA1
1ed11b040ffe69bd07c95c9418cbf4c3feb5ab63

SHA256
663bc4242fb650f58ec19c8c04892ed87060cb0aa143488d792235f0706b9ea4

SHA512
7f1d0593f47e155d14c6c2f10d3ee8147919515d774b5f7456801e05d66d365eb0a904ff1038e12da301f3b27912f58a652010eed1395ca39399b91b636285f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
268ff00c111d7da4dc19c9d3dd189451

SHA1
59831fba758d988eebddf87585fb3891670c2861

SHA256
b9c59219c5e5d7816f72abe35e278816eb97dd3061f2309e5fe32b6960c7fcc4

SHA512
16c82adb0bf85ca41ecff6736cac9986faac2917342355511bdb6f420a6d044141b0a29695ae62ab28083c6cee84bf64f1b2ef8845ed61f93276844a056dc089

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
eee06511962440f8b9a7c124b53834a0

SHA1
8ff40f0323a5fdb15947324a3c7b223e52040203

SHA256
400f405167c2d517c425f2acafbf08c92cb8a3a9b322d1a00790d2407a6d790b

SHA512
d05ac52b199950c5d64fe868fe9e10f60eb13763e4e2d39b5e45decdf50ddda754cc601faa70cd0c53abde59099a4275b6b42ca42825cfa3809aaee10e9c2abb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1ef168692a65e47551cb19cab52eef63

SHA1
66fa24007b7c4eb45454d856fc918e5f19852831

SHA256
52c12ff29b1d622f27e882d96fcc2157aa9256fe60921dae4e546abe7ce0cef7

SHA512
8078b3edeb4759fd3a8662af020748f331bdf2c1f66fe079b9009218739f8b8d1ce41f8954324b528bb6e3be4835778bbaaa16063fbc49eabdbed2a62652135f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
a7c2cb39a5e20a20afb2c336773cae0c

SHA1
90e07b66c10bf211d5845bd39be49fbe77630216

SHA256
c01e48f86cbb3686dd3edd05a5cc388d6a81dfd8c4ed5529ddb460f8799ca6f4

SHA512
6b31f82fa10b847ab04b77fc1fd73c12e85e9aa2e0d54e3bf41bd9a03846c0fb18a2e0bd51ae386fcd2811cdbe2ece2c6791de7c333e29a642391634c199d8e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
03e00b4e20c4f47ba60fb8002739f094

SHA1
b2f44fcde1363cf104ced6ab6fc1d792202f7aff

SHA256
f59a52506097783ad3e7f58ca2fd1d36fd349109d1b20a3f3c20b5dddbd48e80

SHA512
97c1edd68809e43e7be2763086b4d3aa81018002eb96ac1dc5878e6665233479b0b8125bd7b18fd1a7b71f7e3f28e7b51231e87b896cbf5128ae034ae40c1ceb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
abfee33380d3870a69912e22e8f62776

SHA1
c58a4c35cc0aad565e4f005733b533125d4cb6bd

SHA256
abd0357fceba576b31e5b8bed81cefb2f65d26fc9e87a836f470e6d9f8e2a60b

SHA512
ac98c78c08cacb6d50c517cd503eb8a0fec40b0ee9eae2e79f4438321a3a11e6105145ea7598233739b6512dff4e4a32daa1a66a4696ebdb7dc85030960b7d74

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
4d00759cf9fec3a688bebc850b13d433

SHA1
744309a186565431f92b988d5136600e0e2614ac

SHA256
d02e040af4b3e042f0457261288088296b91b816389b48ae9eda2441855802a8

SHA512
f470ea086dae6e93ecd3872af4e23c56f9b42358ab394069b76f2abb98a9f1da14dc2d7d9c6ea4005ed1088cf1b490154fef3573df83ec2c553fa17ff9882197

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
f043b8c83c430d9f2c8a681e4c9e441a

SHA1
ddd24b4e32b5338f1e590890144a09b00a15332f

SHA256
ad8e230f75212a84a291034ae7e7c9bf1deeeebd190095030e9e38a3bdb1235b

SHA512
43f485ff90dc20a1f144c839e82ab42bc3810d0b37c4b45e22156529f084cf724c563f646a69e72a52c8cc8cc270eac36aeec2a129a71cd60ae5a47d164c722c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
84d645e99221eabcc7b5356aa2892737

SHA1
f601836b21043e9203e4ea43f2d38e3a7f857c54

SHA256
de2e6d7b7fd405e031a6eaf160590a869b42b961a85e96c2abf5996c4252d96f

SHA512
14c073c85f2f9ba4a9f55d37c2300b7cb7a6e6477c46f36a3aa4822ada549f4e012aa13d2b1789a87585715c1fcc45ec8bffec82c4dabee34a8b4b890c487d85

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
7fb635e1650f818a50c02ef236af49af

SHA1
7ed35f84f9e58956c2d2fc4f4267acae88933ea5

SHA256
ec2352bd3d29a097b0d7ac0704ac10206d4d51b864a3a7b8e76d4e6101ee4318

SHA512
03aa01a3877d8c5dcd48560b3238a0adeaeb2d04dc6e212c8e406830850df7d31822d55e2a546d08b6772409b37650f5494f0df4078a526a1f96381305ee3929

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
e2e8059fa15c41bccf24fbc7dc628063

SHA1
8f15d151379b5a51e02ce2c7757cd00f06995b2c

SHA256
0ea3cf988f5128216f3cdaac2504909e754f05c0558f35959e5483c4c0396cd2

SHA512
8501233578ae2df337cead4550775a4d036dbd49d23ddf4cc7d0492e330080a98802129986d6f8bfd306865e1c46baeb28ca0f28d94beacf83f0ed59d6a76df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7fb0955b2f0e94f2388484f98deb88f4

SHA1
ab2363d95af3445a00981e78e6b6f0b860aade14

SHA256
a7c4cb739d577bfc41583a2dbf6e94ae41741c4529fe2d0443cd1dabefef8d15

SHA512
c9b6b6de78fb78c11b88860cd6c922d11717f5cf7477f602f197531aea114270c2b7111f66d96f60c3a9317fbf203fd26222e81d2d0eb70ad6515f5af1277edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
be6e07eb8f628fa80427cc6ddbbc74aa

SHA1
b4c0a253cf7a603ad1996aa18548bc26bd10166a

SHA256
768c4845895a68a8d26f6b299313b15a6c3ce3c728ae75a985ba64d18860291b

SHA512
dd75137b271732749a298f028f9a29761049436321c7124f586b595f35341d7ee989a7d38b2f517a14e9b41592915d85474c615693d53ab68ba78412733d4e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
0a8a7c3dafeb4ad3d8cb846fc95b8f1c

SHA1
69e2b994e6882e1e783410dae53181984050fa13

SHA256
a88495f2c1c26c6c1d5690a29289467c8bb8a94bf6f4801d2c14da1456773f90

SHA512
2e59b4cd4cf6f86537aae4ae88e56e21abcff5070c5c1d1d2105a8e863523c80740438cc36b2b57672bc7bb7fb9387896135afcce534edfd4697fecf61031a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97210ad340740901129e4b2f1bb12cf7

SHA1
9c1e14a49791919ecb004649966b614596b863ff

SHA256
3dfdb8adeac8f412cf2c46f09b36f9520b3192fea85d6958c96bc16052768c98

SHA512
3e2893a619f86319cc4a888665952481ff05777d8f5aa3b334f54d5abed28d1d00f023165149463cf88d023b37992c4a9bcc2fda522675fa5639a780aea90c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b7cd74a27fdc0ddad9a7ebf42be45364

SHA1
5a4dc1239f2c44e5fb6047acaf0fc111f88555f5

SHA256
d7f8bec6ed38aa260d7b4e112c874f328ba391290566deb4526486d399d7904a

SHA512
674abc87fd346712ce6bcf46f02c82f74be6ae7819b0f242be5d4d0a6dc9b5595ab842d1cc79420e226f9c011e9e3a23e7a3174c09ec43fa17801a9d57fc7302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68c82c9e07961a4012f4653efc6305f2

SHA1
48350fb0bbb989ee8b619ca9f76e9392a46bcd5e

SHA256
a67122b10921c623f6e32cddb668615b31abede9d376b39e112946e5684bd72b

SHA512
8b70f393b35da13f6c2989dc6690f4f20b132657d051ceaad92ccf909f7c0969ce832ddd1b202705412bc60524a3d3f32d6be3a995f32d44f6246198c351c905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2627e6345730a6a479da30c0883d24a5

SHA1
7442a41a25fcc5415e1609b647c6e414a32c7b99

SHA256
640a5e5b62d5e5ce53f120e2238d95d61f09b45d0d4035fcedc0f452c431b26d

SHA512
1cd1044e89ebd307c088b4ebe587d41dee3b6dfcb10fc4f70f95819fc9b1f98132b9715cf1bce76d5f15d97802e85776f2ae6bfb293c4d033e661e5d34354d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6eb3c3b763e9a18d2ef8edff0825aef1

SHA1
24a37cae9fc0ded01b018abe598b756bcd6c1cdf

SHA256
32e1f54f58766ed296530a36029af6c5e6dae9956b0fc2b3d9bd9fcf80cbcd13

SHA512
069969a829715a91e305f278b26652776b32b4ffa86bc8c106942eb5bce364c6290a8b9301b94ba54da662d981844f6ed6883f5b3264e2b0f7b08c170295d7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b8e6741a8ab6f7c1526394642e5512b6

SHA1
5dc788102962168b097d600b90da090a4f9ae7f8

SHA256
4720a5989096b5746bf6244247f44674a0113d241214da5c988d57bc2fbb7ddb

SHA512
11f3a68ffd48742d5e6aadd6e9d418fcd004456f93c5e440deafc947ca23ae0d13741d8b209d2b746e6b0a25b0c9ebadc11d1278f9226d246094b4b555177dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 951484.crdownload

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
memory/1720-610-0x0000000000920000-0x000000000092C000-memory.dmp

Filesize
48KB

Download
memory/3032-381-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-362-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-327-0x00000000022E0000-0x0000000002312000-memory.dmp

Filesize
200KB

Download
memory/3032-336-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-330-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-332-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-334-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-338-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-340-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-342-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-344-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-346-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-348-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-350-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-352-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-354-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-356-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-358-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-361-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-328-0x0000000002600000-0x0000000002632000-memory.dmp

Filesize
200KB

Download
memory/3032-364-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-366-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-369-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-370-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-373-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-374-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-376-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-378-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-382-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-385-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-386-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-388-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-455-0x0000000005230000-0x000000000523A000-memory.dmp

Filesize
40KB

Download
memory/3032-453-0x0000000004B00000-0x00000000050A6000-memory.dmp

Filesize
5.6MB

Download
memory/3032-454-0x00000000050E0000-0x0000000005172000-memory.dmp

Filesize
584KB

Download
memory/3032-391-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-392-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3032-329-0x0000000002600000-0x000000000262B000-memory.dmp

Filesize
172KB

Download
memory/3100-595-0x0000000005E10000-0x0000000005E1E000-memory.dmp

Filesize
56KB

Download
memory/3100-457-0x00000000022A0000-0x00000000022D2000-memory.dmp

Filesize
200KB

Download