fantom | hxxps://github[.]com/Endermanch/MalwareDatabase/blob/master/ransomwares/Fantom[.]zip

Analysis

max time kernel
109s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/Fantom.zip

Score

10^/10

fantom defense_evasion discovery ransomware

Malware Config

Extracted

Path

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>CoAQmWvZsUPy5sH4cFiQmbtqT2TVLXeIafDWlYqDXlGEwd8s45diRTElb9UvoEXP++6rL5dEbujYJ7X8VxrJcN5m4aE3o5CEFJNoJEixcncH0ROWLcgFZ8L8omwC/lH8yj+P+2Hlha3K6Bx3A8HdcYNR58E0NkJKbDFUe4BKERMKokpFPB70FvcJhqkvBn2Zivt3UtvxUSUuSCzzR7igdC0Gud5oiEbjWdBidnhEmVMJqgdRMRcwtRYuQmkQI669riyxpWBgMkw0G8bEhSQkQHmrSO6Om/UcNxEgIo24DbPI/9IxtPNgZc8I7Eaqaa7OTfbTfI4gl+pinuSYv3PauA==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>efVk5wMXyNQa7yo3EhsLuaHNSMwCERKvY4OBA64tUIQ6/qgWNQBa/Hm7CX8kDdFzmhlmV27uiHx6qOhssAKoz45rN/4GILdYG2faY2gB5gPJTFbD5pF8gMyQgAzJm7EeOLBc5PzOOmAcdXwnA2cPU5U/a3uyayv7Inu/TnFld/pxIxLJYw8UQG5bCzGdN/1G6WEdbwlGkHercl1T2XTmhtGjxi5e2mBhmfEkHGN+vD6nb1uB5rCCnK7T9IJDw89b/Qq9tSqTJ3774u8ij20kP6oPj01nw6F92t1WdNYvceWLT9oYHirEikHtq62nufi8AV5RteM33dR/fQL0Vgrbgw==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>A/ZVl7qKV75p7pAD87J9gAipWwTSYIMFUZwscUHSsrx02gAO67zvQJEeP0NEKbEEiIQlNT9iu3oyXtOrvVEPnLOdHoCmbHo6ZDRmWLtVGKDX1r/4vE1Rt1rKtp+eZBAI/1lX/+qSnKH/KYC4FukB1zAsg3DbFy/Vxn01qEIzd/fo7xCC5wqKsKvarjSXuocdNQwl9iMW30bM0l1UDgULeSRZy8ak/YOLkz8ax/rDs56idZwApR2LNH6TnQbS23nN3hzKTSdjdbHZkz5kGDpItIRXJMGlQQUd1IjRTmS5hzXfNdqG3jaKVun09AGGDn2D4FbUaN9CRNq/ehAuQDW4vQ==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Extracted

Path

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>ZPvQvM8SfaOarNBJbWnXZ20OLY5YfpQ1cyfEI8URo/6dqUNPs4kP56tJ6r7BeDv6h4dRKWb9tkQQPFBX4DHf1/Znyn/zaDytJCtsHlsk8NmwRp8KCp+ouvSi56aRFmU77NUFISpju/trgS0+JmD+uN+Az2RTZVyHW7x5tyzO0mTD7mbAsQ93OIlU/DRdOPsBOhsCDFIQKpH003meX4CUpzs3D+SYidhRIwuhoCaDf+DMcarVfLJLyvrs1VpJB2X4GT4G1B7e/fzyu4ymKIT/5AeoNbobymJ0SL3Iyu53rn2Daa0h1oL4XaX7zqrVvo9pbZZheeipvhmr/EUUWjrtCw==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (1012) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
defense_evasion

Executes dropped EXE 5 IoCs

pid	Process
5944	Fantom.exe
4544	Fantom.exe
3776	Fantom.exe
2328	Fantom.exe
692	WindowsUpdate.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
80	raw.githubusercontent.com
81	raw.githubusercontent.com
82	raw.githubusercontent.com
84	raw.githubusercontent.com
85	raw.githubusercontent.com
86	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.BingWeather_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherMedTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_neutral_split.scale-125_8wekyb3d8bbwe\Images\splashscreen.scale-125.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_1.0.36.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsBadgeLogo.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_1.0.38.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Google\Chrome\Application\133.0.6943.60\WidevineCdm\_platform_specific\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Mozilla Firefox\fonts\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireStoreLogo.scale-200.png	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Windows Media Player\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Todos_0.33.33351.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125_altform-colorful_theme-dark.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\contrast-white\MicrosoftSolitaireLargeTile.scale-200_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MicrosoftStickyNotes_4.0.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Icons\StickyNotesSplashScreen.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_1.0.22.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsStoreLogo.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.PowerAutomateDesktop_1.0.65.0_neutral_split.scale-140_8wekyb3d8bbwe\Images\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LargeTile.scale-125_contrast-white.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAMPLES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt	Fantom.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\KeywordSpotters\fr-CA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppList.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx	Fantom.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Xbox_AppList.scale-125_altform-lightunplated.png	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml	Fantom.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TipsMedTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.40831.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WideTile.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_1.0.38.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TipsWideTile.scale-125_contrast-white.png	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SnipSketchWideTile.scale-125.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\eu-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.2012.21.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.scale-125_contrast-black.png	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.BingWeather_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\kk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\el\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\vi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ne\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\sl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\hy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_738077123\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\offscreendocument_main.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\page_embed_script.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\fi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\id\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_546139163\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\service_worker_bin_prod.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\dasherSettingSchema.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\bn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\lt\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\cy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ar\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\lv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ko\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_546139163\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\msedge_url_fetcher_1916_2025063122\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\th\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\cs\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\my\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ro\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ta\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\fil\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\es\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\mr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\sk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_738077123\keys.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_738077123\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\uk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\es_419\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\en_GB\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\sw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\is\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_738077123\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\et\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\be\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\lo\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\sv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\ja\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\te\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\it\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\fa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\az\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\hr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\en_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_546139163\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\km\messages.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\no\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_1585292508\_locales\pl\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874998495826778"	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{86BBC7EE-560F-4F9F-8F26-E6B082122910}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsTerminal_8wekyb3d8bbwe\StartTerminalOnLoginTask	taskmgr.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3048	msedge.exe
3048	msedge.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
5944	Fantom.exe
5944	Fantom.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
4544	Fantom.exe
4544	Fantom.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3776	Fantom.exe
3776	Fantom.exe
3548	taskmgr.exe
2328	Fantom.exe
2328	Fantom.exe
3548	taskmgr.exe
3548	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	620	7zG.exe
Token: 35	620	7zG.exe
Token: SeSecurityPrivilege	620	7zG.exe
Token: SeSecurityPrivilege	620	7zG.exe
Token: SeDebugPrivilege	5944	Fantom.exe
Token: SeDebugPrivilege	4544	Fantom.exe
Token: SeDebugPrivilege	3776	Fantom.exe
Token: SeDebugPrivilege	2328	Fantom.exe
Token: SeDebugPrivilege	3548	taskmgr.exe
Token: SeSystemProfilePrivilege	3548	taskmgr.exe
Token: SeCreateGlobalPrivilege	3548	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
620	7zG.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe
3548	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 4044	1916	msedge.exe	80
PID 1916 wrote to memory of 4044	1916	msedge.exe	80
PID 1916 wrote to memory of 5060	1916	msedge.exe	82
PID 1916 wrote to memory of 5060	1916	msedge.exe	82
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4412	1916	msedge.exe	83
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84
PID 1916 wrote to memory of 4504	1916	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/Fantom.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2ec,0x7ff9f566f208,0x7ff9f566f214,0x7ff9f566f220
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:11
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=2496 /prefetch:13
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:14
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:14
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:14
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:14
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5296,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,120464038575091179,5152318164184504704,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:14
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ff9f566f208,0x7ff9f566f214,0x7ff9f566f220
    3⤵
    PID:2696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:11
    3⤵
    PID:1984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2036,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2508,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=2668 /prefetch:13
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:14
    3⤵
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:14
    3⤵
    PID:2460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4460,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:14
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4456,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:14
    3⤵
    PID:1140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:14
    3⤵
    PID:4924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:14
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:14
    3⤵
    PID:748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:14
    3⤵
    PID:912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4832,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:14
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5164,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:14
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4744,i,17577007224609891528,14645451289425940219,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:10
    3⤵
    PID:104

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:780

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2428

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Fantom\" -spe -an -ai#7zMap3111:74:7zEvent25976
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:620

C:\Users\Admin\Downloads\Fantom\Fantom.exe
"C:\Users\Admin\Downloads\Fantom\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5944
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:692

C:\Users\Admin\Downloads\Fantom\Fantom.exe
"C:\Users\Admin\Downloads\Fantom\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4544

C:\Users\Admin\Downloads\Fantom\Fantom.exe
"C:\Users\Admin\Downloads\Fantom\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3776

C:\Users\Admin\Downloads\Fantom\Fantom.exe
"C:\Users\Admin\Downloads\Fantom\Fantom.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2328

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
c8702b16d557803de164e9c00717edbb

SHA1
28b09934d9acf2a66237827d8c787a6bbf10bbac

SHA256
29a5a40eb2f509d5e34443c3f31725a2ee1ea32807aaa14d7e2f4e18d10b75d1

SHA512
741787edd6fef6ba808c9a04b3d3553d9b909d81775fd92ca83836bc36ef06d6da2bbe5f20417de1671172f0a61ea5ba31088ec50c7ef71b5d109cbd548ea711

Download Submit
C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
8e3b43d791247681c055080c2b7da996

SHA1
332631ed7aa5cfcaed0c6aaf21cb868e5c09d6d0

SHA256
e29122c82c20b14a5be00d6f7b28699392e28ba78426b30b44afc69d5718e3cc

SHA512
6ccd69ca447d966c978a5e9a1a6eb5c661164b7d216bed78c24517c85a76271e7785e491814588b34c39a3760caa31a3323e9fb314fb33ae1d554c4d39641bb8

Download Submit
C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
cd788135f9237fdc7b2e514e293f10da

SHA1
2d617b8cf5dbbd3567d55d486b289462f20dd39a

SHA256
5899ada64fc2c75c69c44d4de2db80dbd8effff9a9bda38be6cabca43d6149cd

SHA512
2bc0c4fe71f13da5adfdea6d21948f4d2bca844fdd600e72d2382f4601e4dc63378cf16bbe4fb796bfb65907757d54904d845a8b1c3974ec668a9314263a1905

Download Submit
C:\PerfLogs\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
a70feead80e683a44903d9a4911ed33f

SHA1
aeb8b6d5fa726518b23126189de0a7e7cb101828

SHA256
5b0c1df159ec3106531835dec7cce10b02016d2dc8708dc46f8e48b77fc90914

SHA512
51fbb7a8d12cb89a1942963bfb658cf48441865fe2228e151f78dbbed18dee842a937edd7f9a5974f8dd08f438ce0c29e713bd379202d2451172fed3508a9f30

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
25d154e6683dd1cfa85566f1e077ce34

SHA1
5b3f2e26ee20e4dadee3a8f5aa50645b7ec36bd7

SHA256
ae822a372d881ae3c728b4abc61418baf599e63295ae63d75a61a7cb7c0afd60

SHA512
fdce9a2cdc759fe32915b466f4b79f65ddebbf0e638f0b5be9f3c2664a767425d6d838dbcfdcf075c448a0498322d52edd8894b108553d87a35c1c2a8ab98866

Download Submit
C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.fantom

Filesize
34KB

MD5
8d357ca306e12f1fc28f6a87a0bf147a

SHA1
2e2c5b2615ce5e5175b5370502cb5c7941a49b8e

SHA256
64966d0422384f52a8d0d0bde6839932301927a405f2f84a220e9cc849b653d0

SHA512
7c44d88a0142826ee36e36f0fd66692b670d646c55ded1f0fe87bca8aa29b29c3445b315ed584c9c693f4a620c67905ade19e7f1223c828ea47bd23b4e7c2f9f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
6f81a7d8d619917d9403a7c155a17f8e

SHA1
b58412d1a8b9a62fc1d7efca3c7f2dbaf7a98b75

SHA256
c274baabd1255df0f9a824062853489153d0367da3723da75b4c0c35053ada85

SHA512
d2d4d2148e36214a24a8317cd1c3fff36690f4fc5e777721d6fd50534ca091ac656b0d4589489c90bf569acccd73289c35092e36b52eb4af5729ff9091dbeb5c

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
042332f3dce0a4b6ff76c467108e60ce

SHA1
e17c0e8470536f93caabe1f02213284123051332

SHA256
8bf9743fef1fc292b25b80c52319dee3cdda6e47e2dbfda1ebea3102d698e019

SHA512
5503cd627eb085dd86012ce533cae17bcdbfcfc6c49ce07a0207dc1f4f7c222e7895770809b897ce6d4c2989d11bf65ed074eb9cfc487ae87ffcc5914f95d68e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
d6a5364d369221c531e15d6c8970caf1

SHA1
93c76cff31fa5e35284f8e8825ee3ae38dcf3163

SHA256
b814905c1d97d6f3d06ee94cef29f94b84f0fb01386062088edf7ae1b4edd16e

SHA512
14e5386b4bd11be7cb3710b6c1f1a40427dda952767ded851de7b4b6d6476e35bc77d8b1459c2d6fa96cc8dc3ac562ab67f4bc2f5f395295530b51d35163b2df

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
176ef446d2a25650beab35b7d1eabeb7

SHA1
18512dbb4057b406e799b02c7b3cdcf17de8004a

SHA256
ce24ceef0cdc872f7927a777a2d51df1354b7e7265fad48610d809f5eb63c8b8

SHA512
f43d023add635f551d633ba6a80fcff0446995afec30401ac6285cc8c0647776aef34cd6189e81cae0ed441c6d74c6475c68a60f6e77dba627fa1251d18cc401

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
c84b63bbb758ca5721d9e68ee39a872e

SHA1
f2bfe2bf75bfeab8f68788f51540c245b7bd64fe

SHA256
18c7c34ee567de46a395be3d0359231240e4ea1b339f82e52caab3ca856b6a51

SHA512
d8e2a857f25bfe6d8244be5d57411010cee75d40fafd643d527e67bd1249b74f54efdcec0217f8c4bf59c5dfe7b3d05def9c03dc4d35de02d6f33d41ac7786fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
cb0aad2b2e38b6837c1d85a09a787ad9

SHA1
c4641d3af6a5875377f5f5ba4095f601f5c0a6a5

SHA256
b6674373be6bad9210b44477aff7a3532eefced985eece3283909609fcd1b610

SHA512
a67dd420c55a6d88940cf76ab2bc02bcb80cb467b7a30d2131c8b6f9a6d320a6550d953ae69a7179c9b22c939d4a791d061aad879230918e9e598150730228c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
33d5f095cbfe8a19d99daa55dcacd211

SHA1
c2091213224d715daf59d7bba0301d4655b039eb

SHA256
743c105a04ed11be13447fd69b7503e6f5a8f93c265f6e6048fd61dd9ef10d79

SHA512
cb819443195fb7bd93bee08a8c037e0ad832e12bc6d378f11e16e1b3a3a6d010306c7d0340148f42659fde663f2272e99a5652c08524998d91a38eb533993e97

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
880556f388aaf794cfe386e89211f08d

SHA1
9314ab25112acaff091462e9602931ef96c28962

SHA256
80c53f7160c5ded637b0ffd47a640077f501256d17169040b58b46e5354a7cdb

SHA512
45d3c2762912401a1198929bdc1a12426100423af63228bd03998d778d03d16a8e74720f88df99e4332dd2a7117eb46b45a1ad2235f8702418a13a5a2c20f241

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
a442fb054ba09eb7d07e5c41752639bb

SHA1
af5440aeb32b058e7ee9c7f03cfbcb391523a95b

SHA256
2107247e42f6a5c4a002d2400a4786406db0f409bcd875d465cf6cf3c1389464

SHA512
c3aa1a55202cf342e19ff14519e9a0fc25f2a9c283ca7b85c43508124ed150fb35f85e9ab74f1c9ac8dcf6466da2a56b083d24ab9a9bc4e5b6dc12650422703a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
f4a7b8bf560832b9099c54bca18e4764

SHA1
4f361cd938e48faea13649df11672968f6716723

SHA256
760db430c3ffded2d5d4ff6fe5f7d938daa38eaaafab4e0f38e3d1670bcd43d2

SHA512
8c838ad9998952b6042587179e3aad0a3b3f099329f8dd512a5846c324cfec155e0deb876cf3afd07892284b69786a2a9a92cfc9c777613bbdcacdabb6ab0069

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
60d7380eee412d634dbff8b269ef2c2b

SHA1
ed5ae4c2c222c8d1e5ae531615dd9589c5bda2d6

SHA256
db7876181dbbab13bb0920e16fa3df1026ae3771809ff22100e98c43211edf68

SHA512
129906cc1a1afa7c55b38bf2f2b28057410b7b2228467bcae5a79c75284fde0afa2a66fe04c7a8a4317eca9e01b3ea59d5baeeb5f516cabf40b816dd1b99c8e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
05207c3549719d717b8e7039be8c21b4

SHA1
9f8beda40ec46e030de7d31b6db6ef6dd3e17f16

SHA256
704a4b8cc33ba50fd52cb7785c42205ba35ee39d3ca2e686940f52f1bcebec0d

SHA512
2e4c5ee07a7f0f1ac7fe07465b89963f0e8c71be7f8134740bcc4fd5a72270b3edb96d583106e9eba91f2010efab9134d76d5a6c5063ccea041bfe7f21fab412

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f2a08128b87fc993765814339aae6724

SHA1
9fa9fc5538b9f06122979188f97b5207bedeed72

SHA256
7a7ddda689926768959dd7585f4add322c045b0a47acce49fd2f3f5a96851168

SHA512
14e518b1f3db928b556633cbbd4781688002f697291571693113c3eafc33b21d3f9c26c39fd7a5bb30253426c740295074f667219ccd3e528abb62cfcd8bee84

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
6163f63edd1428c4c5305b00bb87e634

SHA1
d560325ca24642cffdb51717c23f620143ea9585

SHA256
bce64467d477f99cd48988d854d522c6af7e03d44e82c70ea3a690e849797bfe

SHA512
a3a8345c7f8958652407e191e4bd13b7950f1e03762b7c911364a5309f3b03e5d8b7d2e9ab67b3eb508360df6441e608c10049f8f7eb9c57fd550b854492875c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ad1dfc704b1070ead4fd744d063a46ad

SHA1
7eb92dade84f3f2b8705293f23a38c9e1563bf4e

SHA256
78462303b5827bca737465bc43d1687bc1317eaf90058a0ed591f80790988f41

SHA512
9cecba94cccbfe86551bd71d4dabfb1513ebf9647f7fd7f8fcd5d8e8d010dd16328221cdf425a362efe522cbfacfdd136cd85a36be3d925b772a5d3f1a0d05d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
8987d36d467c1689571fecb2507af62d

SHA1
4e0e07416e1e5c75a29149addd42659e30ff4126

SHA256
9101a1cb773acc921c140a2ad120cace9a6fb5ade82e3217d9cfffe5956ebafb

SHA512
90c70c8671ece56180deffac3209c4ffa4abdc372d7b08a0d125b28bfea7302e46b6875d6ab7cbcf9253016e6b56bfe92514bdadc9816764cda28dfa08ac80ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
9d13ecfb493745117fc90312d9355087

SHA1
ae50a3b0e2af816ff447cd0156f3c35e2ec2afb7

SHA256
452e2f6200801bb53966a32aad12f3700e2bc124a68d63ba08f867a49421788a

SHA512
8c3f27d57608580a3628334a65e9690cce05c5217ae37cf5385170eb1b90bc4ca132e55cfe6f75dc082684b355c6c4c1034713f8bfe67c8b90a45a1e894a736f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
9cae25344150f3c33085eeb48e48d0f9

SHA1
49ae53a5e38e745f3c9de7f01045bf6178f9a63d

SHA256
9a44b7dd876dcf9b2c1cffc8d1aa59c81fe2b033a02993935a49c26dbc9db98e

SHA512
0f0a25a04262cb6693a3230e5aca6b989808f01b0a726327da5bf1e55d146de324c38bcf6a4d5d45f2e44f8bc8ac26e2c3789d2fe1b536cd8780d088b2d35e73

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ecf9191001f578c109205ba9ea598f95

SHA1
6eaa8b74bd07bbab3872bb75257d758644c1e303

SHA256
496811c97e52716fbd07505b996cd29637f71637cb0bdb56f3a2685889d18659

SHA512
77661ba1f6c080dcf2d65b9b29e9765f3099c94dbb6d113ea3571a69bcf587ddf4bcc1e102e94e14a409e462a14bb8d7c090d0cac653ed88f66519553ed53c5e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
8456602745471740dbc900fb88ac0ee9

SHA1
a15b5569bea67b5139526d5665904efbe61a4b2f

SHA256
aec43a44d0457595cb2781ab3e200129722a395573a3f4a7ab5795c9e047e5f9

SHA512
dcfde181f509c75478a2dbc6531e2a4d852aeb1630676ef043d8e05c4e8d2bb226c0d956ae1af4118923e28fe2b0e3c24875d09dd7c4a328dc2c0098b7a84052

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
15ed1c0b89e75f8ea759651ee7c06a02

SHA1
58e34e53f8def8156e360af1b48fde64385e5999

SHA256
fe51b6a9df47d839b9027448d1a20b8dee442a6b0dfba9934432f07552c3bfb0

SHA512
961835867003e01e7d590170c7120f194cf3be1fb84b0955c9e8e707cca3c9c912cbea108e8a0191285c47c9f865f5c68a7dadd0f8fe383aae4bd8160f8e51b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
40092892dd073dec0736b14afdc7bddc

SHA1
6d8f69da55de78ea0d47d65e218bb8a660eddd41

SHA256
c5a5960abf3bfaca30b639f9604091c92912e5c482a0aaaa834a263f52ea690d

SHA512
ca3b235380a01c3d4169f20df923adebf8020f78d9d7dc0d4f520ffdd7c0ff57e58e5eea2a8f06336726fd168cefdcb6ad281beea6419271b5b72d1ab4ab23bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
fb4930a504a7205cd26ab29f14881bc7

SHA1
23edb556bb149a1af671fb253772d8992b36de6d

SHA256
d35d69681f1c6350c281cd3ff385e70ec6d5c986d8c86ae77802a2f781544393

SHA512
d2d7e4f6cf1e9eef869d12540b2f18a56a507b0e3b20a10989800519df89d1b63f855d0ba983670c9d1d19aa5136a4c0c362592aa03b3dfa4ba398270370597f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
dfddfd02437a434b57beb903ac897e6a

SHA1
ad44d1c607d8798a9cbace51f5ef956fe20cbdcc

SHA256
b6355478e0ccb390c9b58c00c423543cdede177b93955abef81fe50ba47941ca

SHA512
85f79647456e1cc1718b21c14aba89a8a0d9f60e56b3f17b271d5ada731e406220ca9df70cdbe0fc4d1aaa4a18dfca6143d61a768acc29e95994f8d5777b3297

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
dce562105592fe9b2e110f629c6722bc

SHA1
95e7c2c3a7aef8ca71a42dd75855f690d1eed599

SHA256
5576a8d664ccc1c510673f62cf4921a9470e90ced903a0bdcaab6bb76932ac58

SHA512
76ee60ac2d37ec9b310112e105cbc958c3dbb4782a985582c69e766a9428d114736f6a077a111301981db1390644b78229e23581fdeb7e4dd3f4b03d411d9e6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
04387230573efaa177de64ce3c3e91be

SHA1
08863ae2be5b31dc543e08b57215431746406370

SHA256
081da06cf5c1c08f0a8acbd945bd3dd74de393982f3682208d6d5252475b9d98

SHA512
6bb0d3dfd7297fe861b2f387310e5c63fcf1d2572430eb54cfd7cce1304bdea3750bf43258956bfd24f2b1e554677c9d020c9211e9c8508eb46669f711e58a9a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
3131cfbde8220298ed7deba5e9103cb5

SHA1
71ee576f397dd5618aef02ea409290da37a8c985

SHA256
372d7d84d7c915fe19d11a2fd41e13b2c547fbe20313025177fdeb7f87f61ecc

SHA512
80a75ae5ec9037ab83193671ee0681e9ea7b32ba28587d0a2e2f83eb4f3927f093ec51cd53dd0ac16150cee2c4f93b55b34c939146290cebbf7db784b456a8ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
f2b458f9631888d0ef7c974031f22ebe

SHA1
a189c1a9872152a0e554867bb7fea8af8e2a1b63

SHA256
4e04303c1d89cd032ca704fd21182446497bf30a1c98f34659743b8303827082

SHA512
10e0ea88710a27289a6a938ba3c2c8eaedf80ff1405834fb7533e102607aec61fcf3db0406146c1b6265c7a777374b5675f41d5c2120499eee0f3be784941f22

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
c58d1328ed58413076635db2a556dff0

SHA1
be960d40c35dcb8afee4597fd896004f20d7d9c2

SHA256
5abc01d08cd176af343250173e56424f671583d9e39960b2eba7bc9d04ca8f82

SHA512
0835f424d536a02db3bfd691ff174e87386076bd157a1d76fc953e3f92abfb8a8b89da7e3c0dbb9b45ce6f84e7bd05f8d73721365f0267cbe3e708d873997fb5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
49b3943adf7d2c4278a1844e740034d7

SHA1
6f2b1d77c112e0a3ba2f6e8e5739734e9d25447b

SHA256
c1e1520fbe52da956d3dbda6a706b155db958465a8c6d1bc46dca6a2891360a7

SHA512
d9c9ccd9aae88e8105dfa1efba3c9c6f435b09fdfc3c9a4675cfe62e3db2c1c89979f48b89e7e63de77d0692bc6f92bda394901d92931378f399d65161285293

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
a51e5e5f04f1dc7d1fedb15e825cf04c

SHA1
a8c3d89bc45c45d7f69f9ead3f3bb10b2a95c37e

SHA256
4b395cd14e404e35abbda2cfbe7dd6ad8e9a92bb52d7b2920cffe69dd9111170

SHA512
3b9022607aa5318acb67d468bdcd5eba1415954ca1544098f4d2e24a2063858ce4ab544fed3544e997aadb46484c26197280faadb22ff40b15a2bfe538297f0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.fantom

Filesize
1024B

MD5
545475f9f89e67e824236b8a80d8c828

SHA1
a3d5e80e6fb5f0b5676693e64aa2ff87c1a05bf6

SHA256
34387e9c47c7fbc1455e5f3561c36a0138364d4d0d612c32113c448e6f8b3f4d

SHA512
fdeca3615045b19ee1d2d41ff3cae3d6f2c8748fa40e0c9db192a8ea9d6bfd8ee52a72007f11949e22508dbae5788eea13677683f7b23bbad21b4e1273abf5be

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
e78c5f3730a13fa8e61afb0a97d7a2aa

SHA1
724ed69973ae4355f706fb2b1babd6b70b55d272

SHA256
fb14a3deb99d193d229080678cde845248ed7d0daeb43ae717d5d67ab27ff116

SHA512
7cbe6b8c310416c422b8371bfbd8a3e0c9df887a6ee7041218b3a6c775c75ab436e49316f356a25bf92023969be8ae9435f8f93260f44a6c977f57f796bee0da

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
1496129d426db99f4e841f50a8dd59d3

SHA1
55d9dfbe94548ebd62951fb2fd6c647ca6de1942

SHA256
58433c7d869de6c302e82c80ab470622f980e99a3b400c2109fbb2d2b4faed72

SHA512
bf1ac4ab02ec4e52f245f09c30a9ec9e2067835c1091961a6651e4b456fe989fb9417ce6d784e4de337c74a9a869c98525e5a458fda9681639ff621e516d549f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
cefac9ec1b3dd8898c2b7e50a7179943

SHA1
d94980d5ca6ea6b278dcac638941e33e5bf92cbe

SHA256
3b8709d000137708f439208c2acdd5616ac7156c841c68cac91cd35570b44c72

SHA512
2892c14018a8b09a6c82ec2bc0e28fdbdc02555c4d9764721ad6ea7e340bfeeb03df014ece14e53dbec23bace5dba4ac5ba8407eab0138c8bc93289f3208b682

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

Filesize
64B

MD5
787ea2c8e92f64e7c894eb5b37bb37af

SHA1
d646be9eb22be17b2b00f68eb723f0c48fd90b96

SHA256
d9f8797e90c7ec61acc5c8267b3eed4e72c9a86ffccc1681fca1e19a24695583

SHA512
ff905e291663e9a2008f00cbff63e4d99fd600fbf196962b3ec99235e88281b53dbb12cc77b6fdf6ffa3e3d3d4985d2e2937de0bc36186db0fb5c761b9cba505

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

Filesize
80B

MD5
a4909eb06f90a8811314a457b1454a11

SHA1
ea7274fa031b2445a19e1845b5b12b5614940148

SHA256
8e57951d46d6f19e591ed163eb1351c8e6341363367b0d1be26bc9b4b8d5b82d

SHA512
0fc8d65ec17726cacc419c8ddbd01607ec0aeee2f316843eb4366d8c9ca44628dd3f516c00d546f7c81a21fc01782f2e6da9e6cb90162088ec9669f865e3e34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
219395a13658525175e31787390d0223

SHA1
f3890efacc39a7a8f149d0a785b70367bd536d1e

SHA256
f965a2195299288f1ac3368dfd1c6d29aa0b931f6bf5d34ec8aa0c6ef86b98a7

SHA512
99444063bba6258c432f481b9947d58ea468d244924f43f81d7f5b63517973f41b24b87b98f419dd6a90ac849977e8d10b6e4ee711fdc466b948d82b4451b7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8272581d8cb38484cc8cb6afbdd0d37e

SHA1
2baa96a0439003aabaad1ce5619ea0a581cf261a

SHA256
025356bf819ea8a5da44ac2c4510bc380a9448247a30665577430ca7a44ca297

SHA512
60574186c595b0018d9223afd38e59378b1b00ef4f39be17ef2d7613cdac5b8f9e6dc3f2efefd559a0e4e8d64884d6ea155e874df13f170bb6dfbb41a0104959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0b06c738acd04fb68d03d137bf073600

SHA1
3c292162e7c4c75baa739a40c36e28cc244e8f30

SHA256
beaf5cda1402a0d2f38484f13c1fc5ba55ed3d518b2d97400a881fa6e5a55939

SHA512
729b757ae85ba4d142b73e3673139c5865e8b0bf41c1eb4844a405e281337c047a56291282d5e11df5738a57507b67bcb8cf88b7b44ab84840ed6c4fd4fe92f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
2b65b73b9274e6253fed740e6a1afb93

SHA1
5102e47311a387642561daaf386252d3a2db99ae

SHA256
b1034ec36c7f175bbe3c4c9d8791d046343de6bef4b948f33c50ff21d21d701e

SHA512
28c2cd5c161724ab8198df35fa3c253136be49e9d4207924d624fe414e2054b9b867ab8505a02d0d2f4a4acd994964dc6df5bfeb4d578c1bdc926c6a5ebc0e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c87b614618e34e53e2c8d47849fd3d41

SHA1
6982f4d30ef1ddc27010d338964b5389ef11048a

SHA256
84a1fc576a734f1d671eba60ced5800a52a1163c5b88e7c67d7f46e80024dc07

SHA512
488aff031f411becbfad03a5966d1e9a9d81184a2d0474f47031fe5c977f26ea9073da1f8f94dcdf602743c9a6de23ecb28e2b4574273238033f9f162f6f4370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
fe05871578439f8494e85a5aacbfc02d

SHA1
d6286357e46470b25f26bb5a5e092cab20935fb3

SHA256
cd7c9447ab4125ed6b26962cf57b6997f93a6831a12d9dbf5b6fec06e86673c6

SHA512
ca511004f4a6e891308796d384a4d9e023067751ab148dbe8fd171dd012233e611f28538806cb44418a8815be46a217129e24454df955a87e2c5f174586a345b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
42KB

MD5
52c96c8d3c6ab546574980f73d9776e3

SHA1
2ae429cf9a1b5013fef45690a9ef2f8c25cfdb65

SHA256
98a3087f3f0e0bba98bf6a6d5276d19541944045f0aab7238f0e003cc8b78ba7

SHA512
fe6fe4338be607336bb7d74fdf13e843fc58eef6891873e277de51cef87b2936856079e30d75ef26916b733498bb5664329b0ce753590c0bacd20ee43199bb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
38KB

MD5
b8103746b4757c6332fe545f11de8f70

SHA1
588965d6333eb015af39c7f44ce71dfac67fb0f7

SHA256
4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd

SHA512
c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
37KB

MD5
bfda78672fa2098a6c4266a33e799f69

SHA1
7a51f4a9980e6f9d5a484d12fa3e35baddc753e9

SHA256
bdfc29cd8b54192ada7194936da17428629bb5925e31a2846682571bebe402b6

SHA512
7d01483a7da3941afcd7b1566c868018ac80927209269e98a6dab0078c1a14c0a380402efdd5b257e0a37ca6b45f68817dc774cbb32b5e7ba5f3cdefc2bc72d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
21KB

MD5
ec0963f084571ccba8609e51d71bf6ec

SHA1
b4a93e1b2e235488747b17c212ae14e5551c2db9

SHA256
39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3

SHA512
88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
21KB

MD5
1ca29a777ec5f2ab7d037e4f9371493f

SHA1
38d0a90ee2f09ea5dd17416a4f4047d40f881eba

SHA256
bbd8e0774deb7c4f9df2c05c6090534a0444dec6c05620b17548acd14c0b4dde

SHA512
7d28d53c7328ff2c5a56da031c2f9ed654ed915e1594b75bcb353b2f8c06c357064aa3d178386d60dddd01970df5ba73f9f56ce2b8c8a2da04ecb4c8e18cdea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
27KB

MD5
fa2d7364a6cdbe8144bfc6add239bfe7

SHA1
2b37b884e7235429a2b4d675cf1d4975f9081d4c

SHA256
3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5

SHA512
5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a2

Filesize
59KB

MD5
4690b3ea55b2fbad2b8f45d320c91e74

SHA1
be5961ea90ca80c5c466ba6b385a87045c75330c

SHA256
86b362f5b149efa8a722178b483aa9ba34265e51ae9ad23acfa0f319a70b8039

SHA512
4e37db0e32852b726825bab1a20c02357398060aed874c732387003a0998b68c342dd839e3a552991f69edbc06d5f1217505de9059987651b16a76ec64d43911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a3

Filesize
45KB

MD5
0cd2ab46029c0ae49d223689ab7605ea

SHA1
6e7e19f322f84f43d35d6834e98e97cc7547afae

SHA256
7d3e92c0c209b08cf2c05527e9669cf4739dae23f534b1641dd419319222a3f0

SHA512
25a08c9e7112cb9f0382aa1e7f697d7fcfda2c8c2f206287ecd20532afcc14803b627009df134a2168872e6f00eb34fa3554ca70950b86a381579c1c96487584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a4

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a5

Filesize
16KB

MD5
e8a4ffc697d192798ba8038cea357b39

SHA1
91c9a9e5b4fdf400e0230ce497da603b08dc3516

SHA256
1030501915d70d328a1b32ac2555a7cae034358091caba8fa54f5f8c8aa61f91

SHA512
67bc39ea738c8c880a3553f70348772a1e202924d54f73d1b1e9266387a912d1c91f17ed20300c1a8eaf1018f511a7417db220da7669d2840ccb5f31093fbd47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a6

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a7

Filesize
110KB

MD5
212fb70cc1811eed57c5aaf5bc070dcf

SHA1
94ec17177f218c87d58828020705ba19a054b364

SHA256
f570fc5a000981d30666094c0820795186217dc40768d082e38b47c556fb4b4e

SHA512
69b4257439e14d4fa0ce55c70deb8f21e5ffd259f149b3a31c7feb284d7e28305cca0fd54faca0b5bea451abc6c0fb6c1a1b9471ef8cfc267605781d9745c0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
65KB

MD5
408a9dc26e2fc27776624923f391067e

SHA1
a3ebe2fd08020ccf7e17ada68ef3b3c922a781f1

SHA256
6e49aa39c9fb588eabba2b84a0c3238be3707ce8c897d60f684e822451b41bee

SHA512
7e0e9872b9bdcba4f400657bae2b23723c1fdd0983c513446f7fe432afda3284e7c374d27ee51c94a92e40184716cc919ed954099e237e53f20c7a6c78001cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a9

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000aa

Filesize
16KB

MD5
dc491f2e34e1eb5974c0781d49b8cbaf

SHA1
b73ca9b5f9c627d49da4ecbc3455192e4b305a3f

SHA256
f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8

SHA512
5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ab

Filesize
295KB

MD5
2470a681ad4a0bdb8f07a8d0cc374472

SHA1
b9abe345611b623675b13a2f57c6f4e49ecd786c

SHA256
926a94d219e9c14c1cf3c889e9552aa0b462a0ee958c61e76e1ae4c0f48bf7a6

SHA512
8143cd404697a65b90e81cbcff12121fb7871f28e3a07063a0b1d798faaa8ce0644e6125dc6dc216a0b34485f6a7bd794cc77c11484c21425054e9d5dcd7209d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ac

Filesize
198KB

MD5
3500896b86e96031cf27527cb2bbce40

SHA1
77ad023a9ea211fa01413ecd3033773698168a9c

SHA256
7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

SHA512
3aaeeb40471a639619a6022d8cfc308ee5898e7ce0646b36dd21c3946feb3476b51ed8dfdf92e836d77c8e8f7214129c3283ad05c3d868e1027cb8ce8aa01884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
eb4d3896c8854cd8a13a83b37bb28c9e

SHA1
4f28da07116d3a212b777f8bbad8539b636e7e68

SHA256
b2750bf2598325f57c95cc90a2078c09c0606685c3ec4a64b6f2c3964820bc52

SHA512
d98c7faa6eb8f38b13aad24ccbcabaa7ab0733a9429760e60499764a16f320ec779054cc4a9faba239148a8de5b189af6746c3204785d8cee6c8100f3316592d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57fbf4.TMP

Filesize
4KB

MD5
48f04234380945e580d74d617b839e8d

SHA1
c5a7eff3b081ec3e076ec6195a43baf8404fc992

SHA256
114fad73bd47e5ce53d2e31c49713532b74a82b1f52d945472b443f1502fe03b

SHA512
f5de090fdb8fee674425f364caadaeb54368b573294379c1eeb0a7754c48e4a46d4094ecc7becbda6442fecb2d4015c7f2998a3df937aefb68c216831a12d84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
aea3e0a98fef7802087e4014755dd6fb

SHA1
8feb753f79a407c491fb96b15bb82bfd87a9fbb7

SHA256
3c6364c12a2a219331a67f96b1f232f4a3849105fd28c65b2465a11a51bb42a8

SHA512
7aa93c7d2fff7d54aff7f555e17198136d674afe1b18879816085ec135fff3a9a5c9de14d3dbc7f980dda24883395efe00214a74e1958b35f595555b87e683c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
24a41c2faf31a28385df4738fa8669c3

SHA1
1613a9a5026dbae925ef0113b0d6f86fdc0a687b

SHA256
94e42d7adfba676ded31e831ed5c1fe2c0361b3e52847a36ea483687f271e1c9

SHA512
2d9df7c8d60193546b6c6f7631ecb2f3df1a08f8d2cfd6a3e85c8be4628cfead101d2f0bb9f4b1da2346cbcfde6a079e069508c3fbc528e77d653e79985b6199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
47770ed50c2d0d85aff9ac068ae17b33

SHA1
af87abde371de309eae237e52995837e92a1a2eb

SHA256
4c00f3fbd2368784f7b1b870e2327fcc2bb2f40793b72b939e3b5ae90f2c3f98

SHA512
eb236a4c79c4d5d68a4f188c41503355e0df15d9c95f8391d69318764321051f010b70b5594640872abf474a8cbaeaec2f154a45b971a6d19ec116ae2de0b8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
5a5f89a4e308931c569abe7e491d8739

SHA1
c64522b359afcf04b57e981f645d4025f1f60474

SHA256
9b96b4fb6df22314cdf5928fb0a21489eeb5253005983026ac8452878febca0a

SHA512
6e58bfdd37f7083ad1ad980c59e768b5ae331497ecb7054ffe6ab59fe8716a8cad87465c3ff359a6e4143f580fd81cb52838b5c232898c503a19363431864338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ffca5862a0803b711fea6bfb50fd5320

SHA1
11a0433e6ff82c173f872e8834ecba3c1e4ee743

SHA256
01786afd582206db03957b9a0b47147fdc7aef651ed0ea65388a7f2ba9f8edb4

SHA512
31dcbe222b95e106d3a063d978de393bb3726383d2bcf8725ccdd97da90d59314d109f8a4ff2a0eaf266cf42b44b5ba5c7551639f09b82492f82796c7efd6653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
99f291ffbbf668037f00c412715bcfe7

SHA1
055d3c9c7a048ce38a89400c46b3c1e56c91218e

SHA256
fc2b8cea89ac82d3021d5ccbd49e1040aa7afcf7509f052c35706ebc4ab9ef8b

SHA512
db41ff76b3bf6edd5569914302f0a57111f8bc72fe1794d6b8507c8d31149cded4e87494f386599322640322ab693a630ad1cc52fc5a835759bad9e5f1ed8c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75007bb2cc49f048d6f9f7f061b8f7c8

SHA1
a1e9a9f65469a44401e36d216f369ef5d74e1aaf

SHA256
6d1ddaa3ad1cce6ada6e063a9d47d3baa0eecb3acba23e54bcc85de4c726785a

SHA512
7a60f3df44de8c6370798d33e789ba0335b6326a43ad872a2fc69e376b531b184f9b99f2dd054f05bb3c8bd2db5e9cf5d7f06617dfa5481d978fbf66d92245b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
412KB

MD5
2ce083723c18e854ac96e8c76aa7ee55

SHA1
464a70d5afaa39b8a8095d466679d19b9b6ca25d

SHA256
5f4293d3ee9d4008600804782202d57d6fb30fab95e88ce7bc6371280363dd20

SHA512
1eb0289b7308ef09fdfd7b853f543ce4e7e868aaeabc499573fc1c92bdebee0b67942403d3050a6424d29b14871e54db909e15d4313839f64817423b077103db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
7b99a9bb63022e3d32136676e71d7c3d

SHA1
d6706b0a41256a42e57e885f28581a8f8bd86d82

SHA256
b9554e0a1ad6ce899c00b28d801b19b2a57ba6e04191ace89b880a15228e2ee7

SHA512
611c2bf9c211ac3ea51de63aeb42547424037719a7b02cd00bb5971740fb95252403e5024d5d0aa9bd402da1a741d8560ef07e36b0a452f67c72595be407c8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
c757fee58bcb5374827983b23edd1206

SHA1
cd5509e3c6e5a54e3880ed21429f511a2702d6b5

SHA256
4460cc014c365a790f74882bea35bbdc23991396f884ba1595abb956782beb91

SHA512
7b01ed74c45dc65bbaffb09ff6d37cf4e7d42f523a38ff1859f77b20579f055ef933235bfc83f77eadd75da92df40e340c25d9c1b020c2a8d8dd369ab57cce8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
79355041cf7f4a79282aeefc9bb81c36

SHA1
37669ac01a20c10bca8772c93705cfda25199886

SHA256
c3ec4fc47b65c665245bd774418b120352691b847bb887fb7bf6135d8cfbf3ca

SHA512
5edd7bf942217c2f3412b89a35fd6d17962c1be6fd760a5ae006ee3915278f4b7ac3ba76ea3986be7b57e1ceb8f1990a327444cf5b17d82b50b8e140ee5f0ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e67b4bd624ea173e975f3b607f6bbc6e

SHA1
ca844cb181a15778a25cb1a8413fc6448f878a28

SHA256
2f86cbb92f9ceee7527d444bbf9fccc3bfeb0da492e5822d0c7b0355a7c94c8f

SHA512
b898eb4093d4a5c0c63d810f5195f4c9605631bab5c36bbedad2ae9ee75418429f1ad9dde0ccd9444c39fb7efe5fb781c460fc1609f6b130103674f2b1ecd820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d17bde7ff6bbf92afb3bc083fc1a3ddb

SHA1
795ff03f12b5c3257ec5cdfda44efacf7d540a48

SHA256
9d64e924df76bcf78678790e5106b5a6b5c71eb3d1b81caceb97e1fc81cc4778

SHA512
c910bfbb040e4ee3cd7e5b9c64567b1f9658897c4383e715810235ed9d1b773ca082a6bc3062308ce7909d6c1534a7abbc6910ef05be1bf6c8296d1635913c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
751576b4288e3778aadf49718fd480dd

SHA1
2326d8a82cec2ebd29e7055b76c67eb9ecde82af

SHA256
8ef26a86da03c78a0bdb0d5eb5f8b567d7a163f33be06814412b56272e5e0447

SHA512
74709fb49e69799c160793c63f01c80d85366ae8b358d45319b1e3e178fff270b55c3eac158e35618b7359fc08ea2d7ff23aa7b62010095852208f21965b6e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ca153ccda87beb571647e36f54de91a9

SHA1
0439cb84b628c08d06acf03919f5525223d21cc6

SHA256
83865f9583f3b58947743f18aa7fa916bfd4e5fd44f0c1687763676237f3b93e

SHA512
f4d134653a2984c1418e09a289835afef7cac61fa1271a275a6c2be35d176672e11aae3c393da58469db489c1c1c49237df0cfdb2f649783c0aec9577711b625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
3320d8d12fdbd2ac1d6139bfc06dde31

SHA1
0638923faed4105a4a45106dfaaf56f51f5fad19

SHA256
32701c5f9afc6879bcca382a6d5604de0216987b867ae6d00a0efc1197c89bcb

SHA512
116de229f05c6798737bdee33045350a09d39a46ae7b4a9480aa1982937111259cd718b3be03e9129cc84dc29146c89380d47a831ac3b6c98c67221cd30cb669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ca9ffec6eaef4cb504ac2ebe7b850910

SHA1
c034735cc5c90922f497c36f528817e5ef7c9e6f

SHA256
2f37b7d4cba747e92e39be9df6ea73607a4b4cbcf4f3b706cd65e819f35fd14d

SHA512
683624c3448a14e46247763140bc17528d13258023c8001690d88f60a10b89218a46277a859d9538e5c4fe5ed5a263aeff9d95f812353842b3b689f52f743d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
7da84732adf0f2a0d8650f4d7cbdc683

SHA1
10fa0ac8898a966c4a8ff29236dc2cecf94c5a9c

SHA256
f6aa32ba1a6bab6d51898f6df36a08d61c92e660df65472fc4ca087268876c77

SHA512
acb6a71afe793cd496fad0e71a388d8d0f1d2cc3e6e089dd7a69972d5f2f9034d7ee9b661cecd75f5f416f61eae28bb9231692a8f55ca69bce1262c9d0d70d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
db54f28da8a66a86cb0cad349f3325c4

SHA1
8d511050a47929ec7f687601992dca488530cacb

SHA256
170baa73d4250285d9740730714a91803a7caf05c085c5593ce474626b0c1b7a

SHA512
7fd68ec06a1f1a4fef8c850b92ece0cde31cc7008ccaf95a4f2bcc328f05033eb5876f7cb792eed73be22794aa9191c4039416fd9a6de087883e5469a522369b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
4725ff28622fa1d001e05ef61411c035

SHA1
cdd7a0ccc0473bc32ba0e614e5d101390c28bb0c

SHA256
063643bc7dea4d16b7091ee703bf4204db9b582d4f83768ebfcb18bb250f85d5

SHA512
6d786f93b0e0b74c9ec23d16bd2cac317dbb7987ba9ba1111ea0bf7772c1f6df104e07d0bcd00121685836c0333873ce54b60ec10788c054a4bde74217bea8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
54502b12749f309e9c34505ec383068e

SHA1
2b034f61d50383562dec59cc5d9fe481fc9d6d6c

SHA256
d069ec4c809d04c32911f807caa33fe26f4b613722fc8be8d959040a782f0b8f

SHA512
0b3ecf3af5bca962efdbe317525520e17028d7ccc290dcaf1121a339ef1f81a766585e43b83aef0ed201a2a0ebd58c792bbd6d7b88e2a7f90e620f91d944f5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
2099b667b34c30d18fd9d50d8842cae0

SHA1
6613b40cb1077880ba06a738c6e4a523315b1a6a

SHA256
c828e47e7c82995bd96a839c9320d6a58f543cb2630af8155be0d3a102cf04e8

SHA512
02056f97cc063085f6a03b61a8852fa083f1801fd6a53a641280fe40d94543f01b4e2e685a03817f74a1a7a8897eb05a489692a526897409446f211a60bdb1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
eed70606e5cb51baf3146a63c4b26a88

SHA1
e35e86f38de1bf141806818f919dbf775e2b5d41

SHA256
74046f07fd317f3b0ffc076b4aee0feafe79a23e7a1802f1b85408f5ff0f3873

SHA512
63dfd3b6973ad955c222e059c182454889bb1eddca9a7dd1ef4d8429faa39ae280aa420bc52d97f1ff3cbecbecc3ea887ad34e6515ea15a0973910b7f3e00422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
04f881b10263bb7964f8f1c6133f2eaa

SHA1
6fe011bf14341a277247f82d05c430ecebb45102

SHA256
4ea08fe05f329537b1132dd543c72358385040c3d3762e387a7b697cc0ad693b

SHA512
fe0ad3dcbf2aab3c93b50b4f575b2cafa04f3243c33c453d6c52e5d35539477f56aa51a8dad54e090ababeacee8b5f033714f304c2e4c53f130bbdf03874bfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
f65eb2937aeec2a9d85ef77709c89f50

SHA1
16c4f0427ccc2663634866f23aa786c60293a801

SHA256
5891de4ce21f49720ae7a76501925c8fefecf358061be853f31a6a47bc1ce4a9

SHA512
28208c474f786bc389f8d26c297389d84ce15010c12d4202ee09637a35a86719c8f00a9c510a847e82b84a717525873a7218bc37bb79cd6dc5a5511d43bda57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
3d423cd09096273ab5e7c5d012c5ceb0

SHA1
47bbe10f2d9369010c3eee6154903861e3484f80

SHA256
0c167d47f72a30b28a8219f9b5a154a876f852a53cf513c335014e16daf5913d

SHA512
07ce6632b682220559dab2a39437f78a90a9d7fb0b288d70e0d15bfb3fd4d34c5cc0c8b2b766dc28bdcccb2cada9755c145502bfd893a2a83a5a7da54ff81adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
6071822cd8e0802358d245f147a0d191

SHA1
d8a67262371fc3d0956f29eca97d8ae02be1ae53

SHA256
62c9d8dc3def9bf6fdf1591182106c893974f1466f4540902111439c6ba4f2d7

SHA512
6eb2c556ea4e1cd0a6d934fcb63fc196e4ce0558116e2c6af536e02f95aa73e0804b94302eeae4938bbf46912043a104a3ef2fc0e3540e6b9a552f8c41e5a5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d47c2714535a8ab7df5809630fb13b47

SHA1
2ef861e65e2d9f5af26ea868c2a1035534c461f1

SHA256
ecd48fee79d29714baac9b8ce99009a8ba9f454e4fb1ee35269aae87e13c1df9

SHA512
4d5fee05d3c8f739485d26dc29f21c75b1479c81caa852042ada0c05065fea4ca35b577bc3540d8fc71df9d5afa63d49347f97fa1c6b8ac9dc379a8a7e483d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\b32ff910-3326-4dec-8d6f-efcd05bda2b2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\Downloads\Fantom.zip:Zone.Identifier

Filesize
231B

MD5
f190f7b26f980ed75c3336406e54ee4f

SHA1
42a66e16bd4701345010ec9559d04d0a7bb01f37

SHA256
2b74ee22cb1187c86386cc2768c16cc990273f713e9d96222b036cfdb994362c

SHA512
22fedc6dad1b41d5a7b4c376091a77dd12d79b96446dd8363ab6aece92986c4aa1900ec39e578d2e62444ba7ea09687332dab55aa9967f277099c52d57476cae

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_546139163\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_546139163\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3048_738077123\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
memory/692-1451-0x0000000000D40000-0x0000000000D4C000-memory.dmp

Filesize
48KB

Download
memory/2328-1256-0x00000000026E0000-0x0000000002712000-memory.dmp

Filesize
200KB

Download
memory/4544-986-0x0000000004A30000-0x0000000004A62000-memory.dmp

Filesize
200KB

Download
memory/4544-985-0x0000000004A00000-0x0000000004A32000-memory.dmp

Filesize
200KB

Download
memory/5944-880-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-878-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-862-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-866-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-868-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-872-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-850-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-877-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-886-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-852-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-894-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-896-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-898-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-864-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-870-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-874-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-884-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-1441-0x0000000005740000-0x000000000574E000-memory.dmp

Filesize
56KB

Download
memory/5944-849-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-882-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-975-0x0000000005420000-0x000000000542A000-memory.dmp

Filesize
40KB

Download
memory/5944-890-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-892-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-889-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-904-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-908-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-973-0x0000000004D30000-0x00000000052D6000-memory.dmp

Filesize
5.6MB

Download
memory/5944-974-0x0000000004C30000-0x0000000004CC2000-memory.dmp

Filesize
584KB

Download
memory/5944-912-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-900-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-902-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-906-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-910-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-854-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-856-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-858-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-860-0x0000000002500000-0x000000000252B000-memory.dmp

Filesize
172KB

Download
memory/5944-848-0x0000000002500000-0x0000000002532000-memory.dmp

Filesize
200KB

Download
memory/5944-847-0x00000000024C0000-0x00000000024F2000-memory.dmp

Filesize
200KB

Download