f162f1501d3110bd0e0d99026551fd78be5a0247b2a10079ed35b0528443fe19

Analysis

max time kernel
69s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
03/03/2023, 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ashampoo_winoptimizer_free_30303.exe
Size

16.7MB
MD5

dc4e944c2c7ef0606467ebfa5723a3f6
SHA1

a5251e6c7f5aa7b50bbd8a1986cf55df494ecb87
SHA256

f162f1501d3110bd0e0d99026551fd78be5a0247b2a10079ed35b0528443fe19
SHA512

dfd0e1fd89adfd41eff8e26c160451558d3f91b47f3d5cc9e063595f2c696b90ac17d3ec6614077023c3398fc6aaaa6b3caf0c3fbd70fc2dd5ced4421ba3305e
SSDEEP

393216:7OxzgiRwq0J145/gv64U4y2ntQxhBVoHx7EQOOuefV:Chlifu/HAFWxhB2RWOuYV

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	ashampoo_winoptimizer_free_30303.tmp

Executes dropped EXE 3 IoCs

pid	Process
3800	ashampoo_winoptimizer_free_30303.tmp
4320	WO17.exe
1320	WO17.exe

Loads dropped DLL 12 IoCs

pid	Process
3800	ashampoo_winoptimizer_free_30303.tmp
3800	ashampoo_winoptimizer_free_30303.tmp
3800	ashampoo_winoptimizer_free_30303.tmp
3800	ashampoo_winoptimizer_free_30303.tmp
3800	ashampoo_winoptimizer_free_30303.tmp
5044	regsvr32.exe
4320	WO17.exe
4320	WO17.exe
4320	WO17.exe
1320	WO17.exe
1320	WO17.exe
1320	WO17.exe

Registers COM server for autorun 1 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\InProcServer32\ = "C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer FREE\\WinOptimizerContextHandler64.dll"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\InProcServer32\ThreadingModel = "Apartment"	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\InprocServer32\ = "C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer FREE\\WinOptimizerContextHandler64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\InProcServer32	WO17.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	WO17.exe
File opened (read-only)	\??\P:	WO17.exe
File opened (read-only)	\??\T:	WO17.exe
File opened (read-only)	\??\U:	WO17.exe
File opened (read-only)	\??\H:	WO17.exe
File opened (read-only)	\??\N:	WO17.exe
File opened (read-only)	\??\G:	WO17.exe
File opened (read-only)	\??\I:	WO17.exe
File opened (read-only)	\??\K:	WO17.exe
File opened (read-only)	\??\L:	WO17.exe
File opened (read-only)	\??\M:	WO17.exe
File opened (read-only)	\??\R:	WO17.exe
File opened (read-only)	\??\E:	WO17.exe
File opened (read-only)	\??\F:	WO17.exe
File opened (read-only)	\??\Y:	WO17.exe
File opened (read-only)	\??\S:	WO17.exe
File opened (read-only)	\??\V:	WO17.exe
File opened (read-only)	\??\Q:	WO17.exe
File opened (read-only)	\??\Z:	WO17.exe
File opened (read-only)	\??\W:	WO17.exe
File opened (read-only)	\??\X:	WO17.exe
File opened (read-only)	\??\B:	WO17.exe
File opened (read-only)	\??\J:	WO17.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\is-F4LB7.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\flags\is-64SH2.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-2NEHK.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-0B9HE.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-DPF1M.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\is-5P9LI.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-T4ICE.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\data\is-KG7MG.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-AVUC7.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-GTR64.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-1O87T.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\is-EDLKI.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\is-DJBL9.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\is-N0NSI.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\is-96SUN.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\startseite\is-8HDFT.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\startseite\is-IKR8N.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Startscreen2\is-MF5TN.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Startscreen2\is-2J9HS.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\unins000.dat	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-GA0B9.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\Startscreen2\is-QQR4G.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-1C5AU.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Translation\is-3E3O8.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Translation\is-0E13R.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-7HIM5.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-MLTEV.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-SQL9H.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-VLB17.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-1P70Q.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\LT_Icons\is-52GE7.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\flags\is-KDBO3.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-6OJC7.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\is-A252H.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-LK62O.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-DRG6P.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\LT_Icons\is-NBT7M.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\is-QK90V.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\is-ESH94.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\is-2I6QU.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\js\is-EREG2.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\is-PB207.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-502L9.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\is-AN18R.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Startscreen2\is-J8V2G.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-8IP1H.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\is-I3421.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\flags\is-JLLQ9.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Translation\is-BRQRT.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\is-7DADV.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\is-VHGNB.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Energy\is-3CVGI.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-5OQC9.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-1US7S.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Energy\is-BFQGO.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\startseite\is-UHFBO.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\is-IRKS8.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\is-U6GHA.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\lang\is-G0KEC.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\is-11K5F.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\is-N4S82.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\js\is-UNBTU.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Startscreen2\is-TKKQP.tmp	ashampoo_winoptimizer_free_30303.tmp
File created	C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\flags\is-7OT14.tmp	ashampoo_winoptimizer_free_30303.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WO17.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WO17.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 22 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\WO17.exe = "10"	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\WO17.exe = "1"	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WO17.exe = "10001"	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801\WO17.exe = "1"	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	WO17.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\WO17.exe = "10"	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\IESettingSync	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\WO17.exe = "1"	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\ashampoo.com	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	WO17.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ashampoo.com	WO17.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ashampoo.com\NumberOfSubdomains = "1"	WO17.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_Undeleter\Command\ = "\"C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer FREE\\WO17.exe\" -CONTEXTUNDELETERECYCLE"	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\TypeLib\ = "{87B9C42D-3317-4109-B7FC-802675ABC5DA}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_FileWiper\ = "Destruir el contenido con Ashampoo WinOptimizer"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\ = "Extension Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_FileWiper\Command	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_Undeleter	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{87B9C42D-3317-4109-B7FC-802675ABC5DA}\1.0\ = "WinOptimizerContextHandler 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{87B9C42D-3317-4109-B7FC-802675ABC5DA}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\TypeLib\ = "{87B9C42D-3317-4109-B7FC-802675ABC5DA}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{87B9C42D-3317-4109-B7FC-802675ABC5DA}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension\ = "Extension Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\ProgID\ = "WinOptimizerContextHandler.Extension.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\ = "IExtension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_Undeleter\ = "Buscar los archivos borrados con Ashampoo WinOptimizer"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension\CLSID\ = "{45495078-B36D-4865-A67B-45CD8742AA1B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\AppID = "{A74A65B0-DDD3-4399-8ED9-B9215BCD81C8}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{87B9C42D-3317-4109-B7FC-802675ABC5DA}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{87B9C42D-3317-4109-B7FC-802675ABC5DA}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\ = "WinOptimizerContextHandler"	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_FileWiper	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_Undeleter\Command	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\WinOptimizerContextHandler.DLL	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\ = "IExtension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\InProcServer32\ThreadingModel = "Apartment"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_FileWiper\ = "Destroy content with Ashampoo WinOptimizer"	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A74A65B0-DDD3-4399-8ED9-B9215BCD81C8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension.1\CLSID\ = "{45495078-B36D-4865-A67B-45CD8742AA1B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\InProcServer32\ = "C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer FREE\\WinOptimizerContextHandler64.dll"	WO17.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45495078-B36D-4865-A67B-45CD8742AA1B}\VersionIndependentProgID\ = "WinOptimizerContextHandler.Extension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}\InProcServer32	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_Undeleter\ = "Buscar los archivos borrados con Ashampoo WinOptimizer"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{87B9C42D-3317-4109-B7FC-802675ABC5DA}\1.0\0\win64\ = "C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer FREE\\WinOptimizerContextHandler64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\WinOptimizerContextHandler.DLL\AppID = "{A74A65B0-DDD3-4399-8ED9-B9215BCD81C8}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{4C2351D7-7CAF-4D5D-9CB8-815019A5ADB3}	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_FileWiper\Command\ = "\"C:\\Program Files (x86)\\Ashampoo\\Ashampoo WinOptimizer FREE\\WO17.exe\" -CONTEXTFWRECYCLE"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_Undeleter\ = "Undelete with Ashampoo WinOptimizer"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\WO_FileWiper\ = "Destruir el contenido con Ashampoo WinOptimizer"	WO17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinOptimizerContextHandler.Extension.1\ = "Extension Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\TypeLib\ = "{87B9C42D-3317-4109-B7FC-802675ABC5DA}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD165B0C-68F1-48EE-93B3-163F8595E80F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A74A65B0-DDD3-4399-8ED9-B9215BCD81C8}\ = "WinOptimizerContextHandler"	regsvr32.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	15	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	48	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1320	WO17.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4320	WO17.exe
4320	WO17.exe
1320	WO17.exe
1320	WO17.exe
3580	msedge.exe
3580	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3800	ashampoo_winoptimizer_free_30303.tmp
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1320	WO17.exe
1320	WO17.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3800	3640	ashampoo_winoptimizer_free_30303.exe	84
PID 3640 wrote to memory of 3800	3640	ashampoo_winoptimizer_free_30303.exe	84
PID 3640 wrote to memory of 3800	3640	ashampoo_winoptimizer_free_30303.exe	84
PID 3800 wrote to memory of 5044	3800	ashampoo_winoptimizer_free_30303.tmp	89
PID 3800 wrote to memory of 5044	3800	ashampoo_winoptimizer_free_30303.tmp	89
PID 3800 wrote to memory of 4320	3800	ashampoo_winoptimizer_free_30303.tmp	92
PID 3800 wrote to memory of 4320	3800	ashampoo_winoptimizer_free_30303.tmp	92
PID 3800 wrote to memory of 4320	3800	ashampoo_winoptimizer_free_30303.tmp	92
PID 3800 wrote to memory of 2960	3800	ashampoo_winoptimizer_free_30303.tmp	97
PID 3800 wrote to memory of 2960	3800	ashampoo_winoptimizer_free_30303.tmp	97
PID 2960 wrote to memory of 4800	2960	msedge.exe	98
PID 2960 wrote to memory of 4800	2960	msedge.exe	98
PID 3800 wrote to memory of 1320	3800	ashampoo_winoptimizer_free_30303.tmp	99
PID 3800 wrote to memory of 1320	3800	ashampoo_winoptimizer_free_30303.tmp	99
PID 3800 wrote to memory of 1320	3800	ashampoo_winoptimizer_free_30303.tmp	99
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 1740	2960	msedge.exe	100
PID 2960 wrote to memory of 3580	2960	msedge.exe	101
PID 2960 wrote to memory of 3580	2960	msedge.exe	101
PID 2960 wrote to memory of 2132	2960	msedge.exe	102
PID 2960 wrote to memory of 2132	2960	msedge.exe	102
PID 2960 wrote to memory of 2132	2960	msedge.exe	102
PID 2960 wrote to memory of 2132	2960	msedge.exe	102
PID 2960 wrote to memory of 2132	2960	msedge.exe	102
PID 2960 wrote to memory of 2132	2960	msedge.exe	102
PID 2960 wrote to memory of 2132	2960	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\ashampoo_winoptimizer_free_30303.exe
"C:\Users\Admin\AppData\Local\Temp\ashampoo_winoptimizer_free_30303.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Users\Admin\AppData\Local\Temp\is-FOCRN.tmp\ashampoo_winoptimizer_free_30303.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FOCRN.tmp\ashampoo_winoptimizer_free_30303.tmp" /SL5="$F0064,16841955,413696,C:\Users\Admin\AppData\Local\Temp\ashampoo_winoptimizer_free_30303.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3800
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WinOptimizerContextHandler64.dll"
    3⤵
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:5044
- - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe
    "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe" -SETUPCONTEXT
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linktarget.ashampoo.com/linktarget/?target=regpop_quickstart&edition=eid=30303
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcfc2146f8,0x7ffcfc214708,0x7ffcfc214718
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8368136279136876160,17059022887168713006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:1740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8368136279136876160,17059022887168713006,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8368136279136876160,17059022887168713006,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2236 /prefetch:8
      4⤵
      PID:2132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8368136279136876160,17059022887168713006,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
      4⤵
      PID:3980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8368136279136876160,17059022887168713006,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
      4⤵
      PID:5064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8368136279136876160,17059022887168713006,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:3784
- - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe
    "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\bg-bg.bmp

Filesize
822B

MD5
7d21814e53d6a99eb5928e66bb8700e6

SHA1
ac495db72cf8e3872fbcaf62d74657c632840123

SHA256
eeee136b2a8e674f4cf9cd18dcdfde1fedf3f805c60a7a5941b052d4ffed7bfc

SHA512
1354cc00bab97183b6d60b9c343f901a0937c967e0a3f2e837b5b273468fbfbb03745f70f361615bd0e7af771cadbd450545abbef1138f1528400ca9e6f1b2bf

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\ca-es.bmp

Filesize
822B

MD5
d0c88be718abc7457f93c786c3ac1054

SHA1
27e302b74b9beb604c6b8cf930706982c7330412

SHA256
8759520f8ae99dffbd10ee9bedfde0bf95755fa73867d696fb3951996e54a099

SHA512
971d0c078ef63237cdec4fda1411327c43e620d3838f0a2e5b94af89fa991a1266aebd6228042d0eae3dfd2e947e3da80dbe8eb5e19dcb203ce4d6e9af368909

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\cs-cz.bmp

Filesize
822B

MD5
d7053b964d34accc9bf5eff748dc8030

SHA1
03c733abb8b6f7c7f01eacfa0d8c6bdc70f099c6

SHA256
d640798318e7af84238aeae0a225862f7655c171d465592f28ceb4c53b4939f9

SHA512
b1a6953ec08f1184f7a8f4d61527e47e3366f049c0e7a3ddcf87b4a3500769fba5c4db13ec11bf326c8e990b97bd0546374109b7394e80f0193d8959a806b6ac

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\da-dk.bmp

Filesize
822B

MD5
ef0a0e67abed063fb417c8389e061b8b

SHA1
60b4e9c358c3d1e7ceba765e586e894d60191165

SHA256
26e321c63f9220d6e6c571294547736439104426eac6fa3f38b215d339e80256

SHA512
416e5d6bcfbc6b892c344dfc321ca81f0108ad97cc1d1a321486cdbf1ee1fb56481951f3a74a2b33251d7c00075f8905c5de44fe06775fc03e2ac87861a09142

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\de-de.bmp

Filesize
822B

MD5
a3a30265065ae7a6fec30a2f1e5d1ec0

SHA1
6cf85549c05aa408ef62fda29c8d91f32129fd01

SHA256
e5a0aaa8baada7f2d470d0af1650c39f6bf3a15d9b8ce4127399f333abf0f8dd

SHA512
40e5a7a49d62ac809a098ee1ee186b9a6a58d23b10f193f2eb7d92f24399818cbea8714b2047bf02523d0145e50e71c2b01188ff2fcb84d2526327c82a6299b4

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\el-gr.bmp

Filesize
822B

MD5
b8a72f3be4bd6a1742a4783eaa17f61f

SHA1
ee90a5cb55280126d85d6e37e17ee1ea59429a9b

SHA256
ac5c057a18fc216bd3540c487f5058159620d2a9b202d1dbd1bb8f9506eca4b4

SHA512
474c655466e0e7d392bb33826804f663fcd869f63a9ca6e3d83533fd71371e8c724f94155b981e693e901a40aa6b9741796d511031b2c4774972cb63f36d19a6

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\en-us.bmp

Filesize
822B

MD5
7f75a6d8aeb0a6aa3326c189caac007a

SHA1
e7dfaaa13adaca10ea574d1921736c2691e6d8f4

SHA256
65f5f37e4a287d7e50582b4e349c86492f0c6291e221d62fbd0bbfb492ad7d3a

SHA512
129dc10d2c3586f6651c285acc88d6a61f68ef938cf643328858c37b76fa49de65122818076cdefe333de343e992868b31f6b33f6420437e1c09a056bc4fd456

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\es-ar.bmp

Filesize
822B

MD5
880adc7d3e7bd795726489d3645674ad

SHA1
fb15fe0522c6afbcc79e794d6e87076daeb19c5b

SHA256
2917a0cf2e12e44180f01f0363cd6526734017149409855e6838e495ddde6d36

SHA512
56887a0ada012cff3875c5ee6b600122cb3e1dc1587df92a4c993edf0a6762a62ed5e8fdaa67518a5035f69e56ae5b5d3af2f76c9b3e136b1427151936e66fc1

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\es-es.bmp

Filesize
822B

MD5
6321807f69c434948361fa1be531e727

SHA1
1c748efae6d188ce0e5c4c6999fdf6e164d4e776

SHA256
659854ba48213975a609530b6da16c1cf6d29cb0b55bcde9ee7dd4ca371c26fc

SHA512
79b8fc953dbff2bbf1e54170c5e2b858c44bfbcc2e1cca1c9e289e9eb053666bd15f60dc4e17f6727f79f5a5069cb099bd44ba91451e17f5d5a4a48cd603bece

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\fi-fi.bmp

Filesize
822B

MD5
3152067821a060987cccd1c50d52c39f

SHA1
3e09b9637925a54a32234474a9f296cd951e2585

SHA256
87ef71e1ff1435c44c816c6208be7d170150391b71e8ab95519aea495e997095

SHA512
485e4b12e3589f978032695fced9977327bee6ec434d55e849f96f1eae02083085cb617be8ea9872e34ea9c332276b1b8e7f5ccfdca3270e3b2661d01ace1720

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\fr-fr.bmp

Filesize
822B

MD5
be19893f730a3bc11fe8ac9f35c3adf1

SHA1
bfd7deec99009793970d01ea6b001bad60a608dc

SHA256
3dde93a7111cb3276011f07077864fe89f30f9d29d42b844fc176a5881e726e3

SHA512
2af3aa1981f3399a596ce3e575270e55c2568a565e6874e2e820a3a0c57a03726db7c81398e44f265e09ab1ede7d3567165209aeeaa99c0276cfe934de33e640

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\hu-hu.bmp

Filesize
822B

MD5
ab70196663bad6afd3af979ddbd5d2fa

SHA1
0f3309e65469ef5f24e68eb41cbd5a29f5a607c0

SHA256
7ec30e164b6429b7eec7f89822251437c155a168d4d659c9b4421b2ba785e17d

SHA512
0f99bb4c37739c1457b6c0cfaf8c39ddd6ddba22b5612f76918181038fa7e211a9d0b27aca8aebdeaa8b5af8f542aa474542e5c38050bca2027e903cddfe8024

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\Flags\it-it.bmp

Filesize
822B

MD5
f4df8b0aea3e632dc0397c45ee57d1ee

SHA1
ac2b79579798b640975a012257a4c5cc3fe34578

SHA256
0ab6f900b9f31c92236b5bc46de2c2099b4e024d2c548a9f8e3538373da082e8

SHA512
17c186e2557f009468ef90822db19b04cfd53a8b3124629e8338e67fc54d392b8e7bd711c713453364a3c483b1b4ffb1b6f19ace397df11455b85cb10bd17a92

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe

Filesize
9.2MB

MD5
05b602eb69926ea2b0645101c28bbfe2

SHA1
91f39061de9131b9b8d1c2e2d6cb4797e3279077

SHA256
bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310

SHA512
4e62532b62f294039dc38bc0685f01ae56d5356dfa0260d9c4eea2306f324f4769bb9f7398ff21ce997bcdadb813b3a9a5ae39814e54c60f0e032b18b46f039b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe

Filesize
9.2MB

MD5
05b602eb69926ea2b0645101c28bbfe2

SHA1
91f39061de9131b9b8d1c2e2d6cb4797e3279077

SHA256
bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310

SHA512
4e62532b62f294039dc38bc0685f01ae56d5356dfa0260d9c4eea2306f324f4769bb9f7398ff21ce997bcdadb813b3a9a5ae39814e54c60f0e032b18b46f039b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe

Filesize
9.2MB

MD5
05b602eb69926ea2b0645101c28bbfe2

SHA1
91f39061de9131b9b8d1c2e2d6cb4797e3279077

SHA256
bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310

SHA512
4e62532b62f294039dc38bc0685f01ae56d5356dfa0260d9c4eea2306f324f4769bb9f7398ff21ce997bcdadb813b3a9a5ae39814e54c60f0e032b18b46f039b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WO17.exe

Filesize
9.2MB

MD5
05b602eb69926ea2b0645101c28bbfe2

SHA1
91f39061de9131b9b8d1c2e2d6cb4797e3279077

SHA256
bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310

SHA512
4e62532b62f294039dc38bc0685f01ae56d5356dfa0260d9c4eea2306f324f4769bb9f7398ff21ce997bcdadb813b3a9a5ae39814e54c60f0e032b18b46f039b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WinOptimizerContextHandler64.dll

Filesize
150KB

MD5
92ce48b84b508d1c857f1f0a1e8dc854

SHA1
5ada0f23afa06e377e0615fd9f150efe7add7e95

SHA256
156ae1bdce3b909277af961220ed177c851bde6dd9c3b0924ba55b6ea2acd16b

SHA512
b99935e9f679a39e18bfec35fb64da3ecf93f4a7966ab610387bbbd051a38aefa63571a6de3c5206e78b166a5154d912013644934d927f37b8d898598725daa9

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WinOptimizerContextHandler64.dll

Filesize
150KB

MD5
92ce48b84b508d1c857f1f0a1e8dc854

SHA1
5ada0f23afa06e377e0615fd9f150efe7add7e95

SHA256
156ae1bdce3b909277af961220ed177c851bde6dd9c3b0924ba55b6ea2acd16b

SHA512
b99935e9f679a39e18bfec35fb64da3ecf93f4a7966ab610387bbbd051a38aefa63571a6de3c5206e78b166a5154d912013644934d927f37b8d898598725daa9

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\WinOptimizerFW.exe

Filesize
3.4MB

MD5
cdb827a0cd9df3a4ef004f5e17aa076a

SHA1
f18792d69f29a64715463f24a7b8edcb7a25456c

SHA256
b85d5da157166e300ffa25cc8c09673952adbafde1de57aabdc18b7a72f6ca4e

SHA512
42eea4b07b0fee408012fec04f547375b6de261671d872dec46e6a0afb406f146ea68187bc941d2f114f12a4bdbe45bb11209d336b50e606faa3dd4b74791fbd

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\ash_inet2.dll

Filesize
5.3MB

MD5
052c50e3bc5a0c20483d6d8ba92bc040

SHA1
99b82857688d93857827a95ab204ef57d61fdb6e

SHA256
66a7fb41fe91b40f353210e34ecf243fe80fd2a0e0465222a82e74d35625b380

SHA512
11eb000761471d2c858ab99dd571430599382540947d94e68d755878806c7a999d68efac57c47488c70bcba40af082a2185e999db3b38b7ac0fab795cc53f1fd

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\ash_inet2.dll

Filesize
5.3MB

MD5
052c50e3bc5a0c20483d6d8ba92bc040

SHA1
99b82857688d93857827a95ab204ef57d61fdb6e

SHA256
66a7fb41fe91b40f353210e34ecf243fe80fd2a0e0465222a82e74d35625b380

SHA512
11eb000761471d2c858ab99dd571430599382540947d94e68d755878806c7a999d68efac57c47488c70bcba40af082a2185e999db3b38b7ac0fab795cc53f1fd

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\ash_inet2.dll

Filesize
5.3MB

MD5
052c50e3bc5a0c20483d6d8ba92bc040

SHA1
99b82857688d93857827a95ab204ef57d61fdb6e

SHA256
66a7fb41fe91b40f353210e34ecf243fe80fd2a0e0465222a82e74d35625b380

SHA512
11eb000761471d2c858ab99dd571430599382540947d94e68d755878806c7a999d68efac57c47488c70bcba40af082a2185e999db3b38b7ac0fab795cc53f1fd

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\ash_libcurl.dll

Filesize
1.7MB

MD5
b0ce1d849e7ba97a94b88a7b7e09323f

SHA1
69973ab8a99bb45bf5a1e8972fec951bb14577e9

SHA256
c474a26bf44c12085f8e6d327953eb2f7e219a2623de7e804caa816e9c266046

SHA512
07e212323f272103753a9f84f77ff0696054a9252a3afc5ffaca3c5414e133c18647df1e6597adff3960e4687d526ee289290c241b8b1bd1fb56031458c62f8b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\ash_libcurl.dll

Filesize
1.7MB

MD5
b0ce1d849e7ba97a94b88a7b7e09323f

SHA1
69973ab8a99bb45bf5a1e8972fec951bb14577e9

SHA256
c474a26bf44c12085f8e6d327953eb2f7e219a2623de7e804caa816e9c266046

SHA512
07e212323f272103753a9f84f77ff0696054a9252a3afc5ffaca3c5414e133c18647df1e6597adff3960e4687d526ee289290c241b8b1bd1fb56031458c62f8b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\ash_libcurl.dll

Filesize
1.7MB

MD5
b0ce1d849e7ba97a94b88a7b7e09323f

SHA1
69973ab8a99bb45bf5a1e8972fec951bb14577e9

SHA256
c474a26bf44c12085f8e6d327953eb2f7e219a2623de7e804caa816e9c266046

SHA512
07e212323f272103753a9f84f77ff0696054a9252a3afc5ffaca3c5414e133c18647df1e6597adff3960e4687d526ee289290c241b8b1bd1fb56031458c62f8b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\defragwrapper.dll

Filesize
234KB

MD5
43d5aed3175234bfb3035b1c0d16173f

SHA1
f4a426475c77ca4c1350843ab26ff84bb0afd397

SHA256
2c56cc4f90255dab2e0f39bb31ad8c0898b1e3383d248d27db1c8683e77e6ac3

SHA512
66a23b0a6e6eccefd9c0ef54affc484a40b0e9841051d2de1e4100c7637ff57f853730b56710939be86f1348d18aa96ad1cdfa1ef18af9d4bf4d2466bf691887

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\defragwrapper.dll

Filesize
234KB

MD5
43d5aed3175234bfb3035b1c0d16173f

SHA1
f4a426475c77ca4c1350843ab26ff84bb0afd397

SHA256
2c56cc4f90255dab2e0f39bb31ad8c0898b1e3383d248d27db1c8683e77e6ac3

SHA512
66a23b0a6e6eccefd9c0ef54affc484a40b0e9841051d2de1e4100c7637ff57f853730b56710939be86f1348d18aa96ad1cdfa1ef18af9d4bf4d2466bf691887

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\defragwrapper.dll

Filesize
234KB

MD5
43d5aed3175234bfb3035b1c0d16173f

SHA1
f4a426475c77ca4c1350843ab26ff84bb0afd397

SHA256
2c56cc4f90255dab2e0f39bb31ad8c0898b1e3383d248d27db1c8683e77e6ac3

SHA512
66a23b0a6e6eccefd9c0ef54affc484a40b0e9841051d2de1e4100c7637ff57f853730b56710939be86f1348d18aa96ad1cdfa1ef18af9d4bf4d2466bf691887

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\product.xml

Filesize
103B

MD5
61b2528c40bba30cc1fd308a851cbb00

SHA1
e190616bf034d12d67853770a97f1f38488accd7

SHA256
bccd77aa87e4eb753963e9518d946012f54e5f59ac3a3e5ab90737d0cf392772

SHA512
486faca6c64e181e4171159ed0fe6e275dd91ffaa7f89d8c2845b2177fdf2a3e2a4b4e24040ef33eac8c5b4fed6007889bf969a00629c09423b50290fbccd2fa

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\readme_en_us.htm

Filesize
1KB

MD5
d656556a286c9479179d40a67d54a132

SHA1
b13201a8f5a25a6cc8bfce5d80ebc8e94cc0ad47

SHA256
f4c5e35c449bfd35392a115fd3ef4872f8bacd6c5475edef2533b25016c3b39f

SHA512
3f40ed08afd36d2937027e83e1a119ca970917ddf47b66be617f249808ae42e954621d7128151f6a7f394f7ed32ced512929908b0f81234410e7bd3a4a231309

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_1.ico

Filesize
2KB

MD5
02411080f23e531660e924725a069c0c

SHA1
0344309f6ae0c51bd6b4f54a8b82fcda005d18a4

SHA256
7d278f862a593c51d9da50b1aca555f994d6de8460e7bb8c96adf8ba78cf678a

SHA512
28b3db5facfbdad51ce077f83e6de6544f6354327b8f72f4cd7db0adf34739a9ddda0d432ebe4f49829b3e58e4a529041c32c2b818e5f42284089c09c5f25443

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_1.png

Filesize
1KB

MD5
a2efff3f16bcf901bc6ee5dcf4b231eb

SHA1
92e4d640d900de6f723b7715217a5753cd9af651

SHA256
04a8228c6178aa247e47b1973d0072939bd918db235ba3af96614483e25d12ae

SHA512
28ac8697cb1e4e0bb42b75b071e44206a52cf9c7415e8f28a26ca1da45f29f279edbefa75665dfefbda7f9ea245214a4164e368e2fc582efb2a863fce6e38ad7

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_10.ico

Filesize
2KB

MD5
c042be22cfecbadc6e327277121ddd10

SHA1
c08742219780775eda1479fce8004ee91abf3260

SHA256
5e800bc3aca70732f600ab17b6a8f999048c5e434338420a86038ddb84a260da

SHA512
2a47949a6848bbfb583dc2c77d251175c0cef1f24821b6fcf713f9ccaa352945294b3a5fe1770b3c75e0d875914063090464b22b91c60578b868695799e140fd

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_10.png

Filesize
1KB

MD5
beceff11c59223114b564b430867a7d4

SHA1
7bf45c0b70a1a8ce59bc07d0751a5cb39e44fef3

SHA256
2bf545ded343474c2d935ab31306ce1ca639ac59cc0720a0445148754d6556fb

SHA512
c73692b0ddb8a867f46c2fee82dc79cf305ab7d87d50a6e5b730d07661ec5e79da7c06132bbf219129e9b3b0b26499c724e22ee741de05bd28ed50810167efe4

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_11.ico

Filesize
2KB

MD5
369038dab4cb253a1c322d1914dc4ef3

SHA1
321557d353415fc16a14432b46efed0f1b4a58e2

SHA256
17c99911199c760bd5c8f7fae3e4208b0a164ba06abfdecfc4da25035ae43d58

SHA512
347ecaa10f3fa3d80069abb9212ef2dcdc32a7326d759833a7c9c1298bdd93fb4f305e2805218995b0a141d4a0c82e01917456522d924ba279f11f5c9585844c

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_11.png

Filesize
1KB

MD5
928a8b408ca7d207da75e7485dff19b8

SHA1
c9e4687df997b4767b7d38fb76f3467090b9e67f

SHA256
f5db4196f5a2326a491c338ef201fa6026ace7c98c2f0107338656cbf1af63b7

SHA512
da8e0f97f6e0f4e1c24ceff49864ee7fcc0828648098acccf94b42d953210f610b552ad79e83376dc1459055aa314f30ffb63be3ce6b3cb08129b088204ec03b

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_12.ico

Filesize
2KB

MD5
9ea9e6f112d6b5d246ecb1b03c48477c

SHA1
097dfb0bf81c0f1cdc57cf7c4f62c38d7607cb35

SHA256
17a09b8f66da311c32bff69d1a33c6ffd2904ce6fe28e6a9e52a6de4b9ab08ae

SHA512
a4a900f48cd20fa41b8179568943f14155aa473f8372649f2788e194f6c0849427f5ca88aca13e02f0594d6d980ddfad37ad439dc3b348e5bd2f3756c30216af

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_12.png

Filesize
1KB

MD5
3220bbe79a2edb359a505392d8f76256

SHA1
5736cb441760124092a0db53c7ea84d3f02ea1b7

SHA256
7fef09a8568446fc80aa2782e5787b41bdfc29bcd368cb2bab90111e2e378c52

SHA512
b329a10f74092ffce26b525270202831b08a914fcce8ed56de67c978cd14e6437db903be26b5bf2236dc6f450004d057803387fe3542e3a424cf80331e028124

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_13.ico

Filesize
2KB

MD5
68bc7228549981845d235bf4f98cd384

SHA1
a006dd97a6d9e8f279f7feb2bd4cc094e35fafa3

SHA256
82e70076db0ad6104d4ae9400aa89d7066783f88615bca86bb3f9d18f25b5f36

SHA512
a37bf0f26aaabfddd70dcf65f7d96dec8732df34f1184fb06f48b6176ea7aa6efa7d92a2eb7a9ba84f097e5f730345a665240f7cf901a2d2929b271f1f9f45f8

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_13.png

Filesize
3KB

MD5
4440fc54b2dc99ad935f93eb82f0a610

SHA1
c548ec4d47a043b2ce053479d1a5ca026cb10873

SHA256
fcd8e155dcf9876051c3220878c56c7cb1081bfcb77e396ea11ac9e03db03bd9

SHA512
ff3c0d3ffb40139544d8e1fc2a367b585410602774fe6ed42dcabce715eec2a1760fa910d9a9e4e3c4c3342a5e6b156a45ead8680bbad275af848bb8e962dbdc

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_15.ico

Filesize
2KB

MD5
82e8df2a82fdce816a224255a3f2494f

SHA1
32b5620b8c584e1c74f4d472651034a5475dc391

SHA256
01026c5598c430e405bf9a7d45fdbf6b052d7343808c0aee508510f1e5d7652a

SHA512
d79f2ea8c4b5bd7c4d262760abeefd81ec0a51e6c6f41d34263c4a4a1f6d1b15c1cb7ba40ca1a1261ebc85f49b48b2ca5e2e8c6745b1cbcd576f8998b4c87d44

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_15.png

Filesize
3KB

MD5
c2fd9fa012904ff717d262c4c945f138

SHA1
1aea6d99bcf4cc669f8b9c59f4ee01ed911eaaf3

SHA256
152781d7f2a7bd790d18809d739b932738814ce4676fe98461369839637c676e

SHA512
f0ee2f6abf72e77f6456ff7c58610bc356bf69744ab81fbd677ff05712790ba2e8fa7ce60764a66b7acb9909171c468f4df4c21829741a776e98bc489bce846d

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_16.ico

Filesize
2KB

MD5
9b2c538f181be487694e414bf449c573

SHA1
c19c887d5d0e313cfd9411cc9bce5ed2f93e76e2

SHA256
63741d0229235f082509da28502af894dca2640577ceae618b289fbb0e5a6a4f

SHA512
bbe2e05961f7cf92e8ef6f70ca2db90d301a7cb22263b53fbcd3aec127b0e5a539fe159c7759c8928b58f7b7c31c9f8ba926ad7e3da15896e110d3ce5f71efc3

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_16.png

Filesize
1KB

MD5
faadbd3b08c9450d70ca993cc5242a3f

SHA1
7f0b3aa644923de7f6dd3cf23a8f9c18ea71dcbc

SHA256
de4ca0164becc92b6bdce0b012386f2e698eb8fd5920528a4ed90d56d4036243

SHA512
ab3409e209cb8d412e465018a33f31676a7bd1516520450d1dbcc2900567a7e877f957c84dfc035dffc7b16374cc2dd7abe1973c19128c6a039cca0cb7efabd0

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_17.ico

Filesize
2KB

MD5
a734b7e6cc0bbc38743a6dd6322752f6

SHA1
57eb6307d75ca484f9425700b7761887e90df9ca

SHA256
50727f20382b2dac500093fb26034974db377a9ae1e45a7377c465056b637304

SHA512
3533fb73a72ef57683093d297c1c82545eae43c07a4e096e02a1f448310131fcecfc9a46e186c0aa56b498a1e99df2c3586789697cd44710023edb8972a826e1

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_17.png

Filesize
3KB

MD5
97f2009b5ec38dc48f5b7c00746b38a4

SHA1
093bb556ff767f7cb7343aa06521bb4bcdfeff8d

SHA256
98029ca46e263c71bca1837b67fd9e73dbb0a115b566c28e288aca137f3a1d20

SHA512
751346fad4795e31d506bceb50f615ea9ad99c0df01ee41beb807b19d2649f1940d2f88f972827b60d0ffe38acaef0e1ef93e49d30d94f6a76a5c05dc7340385

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_18.ico

Filesize
1KB

MD5
d3cb8804f4b52e26ace9f756ad0e8e87

SHA1
645611533a28d36195365dc0a502587b321a73a5

SHA256
539328f8a2cb9f77d386e03e902e18c1a587c565ec350a10afe1c7cd6b4299e1

SHA512
a38cae04106d7090467e48e505d01505ec08ff9340077bef4e99726b33b45ffa20f9e7fec86b2cd877322c1fc9c3807aa29a23cd46ae4d6b2302cd2f3822e6fc

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_18.png

Filesize
780B

MD5
105c6bf983d14e28b64a8c756859c799

SHA1
54779ada3ef9ff0bf05916b954ee70356af9ebba

SHA256
5c6806997696d84262f993325a51636a495c809c0e07fb9399854d1f5e607d2a

SHA512
c9d436d0000c2b98a663f48ea31ea77279aec9413894a2dda7328ec13ceacf47adb82057477219077de7c25ff842160adea122660b9ff4e45d7cc00224a5739c

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_19.ico

Filesize
2KB

MD5
ace138f9da1fb68c86a6eebc4801e00c

SHA1
24367733c7cad9804757e862c3946cd56ed79fe5

SHA256
dba4ff90f656aa0e5d5cd6b1c2b9f1edd4070c641fe4148fb31892f96a314e08

SHA512
1fe211159474cfa528cb5943b8dfd121e14ecad6dae4526709c3f507d9bca95012c387392bb6c6cbf9a43124d41d70d9bd1f0375ad41db98bdee636fcd315018

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_19.png

Filesize
1KB

MD5
58ac1db2c74e088c697cce07c84cb934

SHA1
c6ac340872c82baddd0253491c51678fd91f2de9

SHA256
e88afc43f9b57b5c6b9ac8538186dfa69a16d6ce9b3c3aa0c0ec2b03638f444d

SHA512
0965cec8c5e04cf92673fc4686d73911660c71950ee90d1cedb83a375ff2bb279cd671b884025aa96f2c72c3dbf7bcdbedb046d39fd2fdaff80c7ef00ebcf153

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_2.png

Filesize
1KB

MD5
e87dca56697a61994665858c1698a1c2

SHA1
3c1708f3de7108f7c7b904d8d476d6ff864360c0

SHA256
aae3110b8828cc37ecc8dafd5f8f2fb26f7b05d853c37ade6794455346fb67e2

SHA512
63fc6342e354dd4e6335ea548596d93515d794cc5f0cac6c83d490ddc36ad6c35e73479d22583b38e0c08f37764aa5832e1d97a5c622dae8341ce1951bdbce96

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_22.ico

Filesize
410KB

MD5
2ae082b23a3f006510b8d39386f5fd77

SHA1
a54ad59a10f3570209ad759528faa88b7a4d82f4

SHA256
0e2eb0cf2431db2a76de32e43e2341d06c09e8a32b448bfb04a5ce9a09aa5861

SHA512
ec4ad1a2bf83553904985e05c8e41f59fb9adac0a8989cbfd9ea2c2a3b0c00b001e7ec6d8c09f63d6c5e1a51947c9667dc2e4e0f22596aaa9ad1194726cb4334

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_22.png

Filesize
436B

MD5
67a36b7205ed36b5ba321acc505c637a

SHA1
8822c02d4020fbfb55cb9a5647791e67f31e2f03

SHA256
83d2cd2a8c1a6796f6a35685e5e3440ab99bf7663fd10f526f7b96e7c956cf53

SHA512
70863ad033fcceb7f8861d1541166b8f70a5690a9d16cdbbf1b54a3c0998ee011cf316add45c72074ea610d5a2288eecc18062c0c2b3ed0d99e5b817db350376

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_3.ico

Filesize
2KB

MD5
7ad6c88e35c72c07ae3b05a8cde56dbd

SHA1
c85528f683eeef2b364f0ccf15d6540fa44dcff1

SHA256
a3e68adc66f0765de818b5d34f5f9df62b328a84f01b52dd7b1e18e55befb9db

SHA512
671130e05cf5535a58efc3b5917dfd84b0865b1daa91d0381a273eac04ef33ee4ed18145ae73cf280c387592ed616b3d2e13626e8e7c526368f8d6e5227874db

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_3.png

Filesize
3KB

MD5
23d36c42c5eb5d22a112edd280d5b843

SHA1
1fd11e3c7d71065dba740b79ddfe226e338b0669

SHA256
e8d7fcd1531cdd0f739e1e0f3ec984ef3cad3a2effc503996228e72664162b35

SHA512
62f6ccd5f88824be7fe47b109ca13d3ee6052bb589bc73ce35bee5677ea6ed043f6b5e9d1dc83e089cb90ed8713d30f04e14b2bf40494097b4cd47d94d95a26c

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_4.ico

Filesize
2KB

MD5
f65c6f2bab25959e748e9245783e47a9

SHA1
3e1f62356df1a197d11e3d4a43d853ad22d5f791

SHA256
dfea03f6569d448f6f95b5aaecc2d41ff327c9e0cf9eb144d9fadac396a2eee7

SHA512
0562d23c83ff21325d8265e1bbfce09527ea51f11ad2df4be06516927909807124c1459652db3fb640e4317774481992a2ad013575ce1ab6e7b368ba222614c4

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_4.png

Filesize
1KB

MD5
bdc4fc8e7481cacf664acc2ecb011d4b

SHA1
66cfa9065b579bbf72a6d66eb37e2f90785e3dc3

SHA256
94e0b9ba7e0a634ce48a03cb3a5e0fec957bb2eda095d455b550878be94d097c

SHA512
32da36b0448d12d373d1cf60833b2a446a9a106498e13326f96b08b3fde8e15e3b832ce9c73ba2d95989ba8b4b4e714159ac8373f04a11674a0025ce01e82100

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_5.ico

Filesize
2KB

MD5
836afc8d0a32e65a1ff72c9620505b73

SHA1
71d83ee237762a5a1601354fe9b39f7818de1666

SHA256
f02927071ca755f9b1a3a68b12462c2f48ffcc4197bd171f71bc109a9816f316

SHA512
293ab0ff2dbc9ea4eab77dcaa4acd4bbd4691cdf752f5a983f7c162491f210cb4e18998c1c26ca3ac0a146fcb6e43f0f4e7d04f2ee12639756292b80b7c63a0c

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_5.png

Filesize
1KB

MD5
a4d0bbf8edbc646bfc450a75f046f801

SHA1
301e61e4a6a06d3126383d26f68f99a896bc8788

SHA256
1aebd792bc9d2de674e5d89a65e3e9500fe2c0d700218a2e90e21f6ae8af8613

SHA512
54a146e3c22414c76f2f08b471b83c318c3befb8df04f08ee720ab2b0a6da65603cde2ce750db00e8b4d3e057c5f33623416a810dd003d4a83c8aff4df41cf32

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_6.ico

Filesize
2KB

MD5
1c747906c616b3bceaac034e148e2e75

SHA1
2c6ec8ecb290e8788617fdd2faae2e73c21810fe

SHA256
6e4956717900ef0711b9614db3a6e5cd86f6b2d61240390b793e729d8738f063

SHA512
9c8c4f1636fd1edefca4ccf14e2cf9feb379dd9cc46bfed6ae90c258048bbeb2471350d65fc2613c5091e16fd12fbe6d143516757397e98fa2c1e679833a7879

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_6.png

Filesize
1KB

MD5
c9701635f048c08c05f227b41810db60

SHA1
bcc4d33f19f4792b0b16eafae2cd3b52c76c3b6e

SHA256
9da9c5d391c24b1ac6540d4a0b5a0c275daf192f6b67024be06657da2f928a39

SHA512
bdaace2bea6ade2c23eeb582ce641e0b23b66cb67d8d8e8a115f9563dafc288fa7f098261e50ced09cc845897500cc3635b9874d71dbbc652ec092b159a2299d

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_7.ico

Filesize
2KB

MD5
1d7cafee31130e5b76119f3dd4231b1d

SHA1
36c1213309ae52d48974ccab7a7f5004cf5516e5

SHA256
596ce2974fd74a8cd5711829c85e970110dce2501f070e4cc67790eaa9162781

SHA512
cf1553d21471653e3bd4de67faea2dc8b5a6092ec91e6ec8a5bb7a0b899ccfd02bbb2d23454d08d55afcdbce458bc9151a8f3e1cb9fb789cb0fadae1d9fd925c

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_7.png

Filesize
1KB

MD5
c2f8e71c1ba9882fe6abfc898f982012

SHA1
ce7b4cc0bd69f9d357aafd2924cdb2c659bb0bb7

SHA256
7a89c9b9f78453af7699a22dc3a1a835d019559468393946930be60f0f6436db

SHA512
c94e1f311dd67b2db8b6e523afb893caeea3a4a1ddd4826fced64f014a12af743e4f74f73328cf9af873888797352e32f7106a4ba968c9ee4ca0c4549cc92eb6

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_8.ico

Filesize
2KB

MD5
09e7a5f3e47b4f7de61a4d7e152b9723

SHA1
6518f1558952906c812ebac63391020d10e1c328

SHA256
20662c3d3401a264e9703ac196c31e8102d110cddc9758175c370613444fb583

SHA512
dbca2442d18756c1570267e11e4e4bdd66134e731179f46f3926eee3c0e4e5ae292356bf7493da536788454120dbdb2d390930b467955c6e57fbd26e1b59e135

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_8.png

Filesize
1KB

MD5
ff16aff75a022179989fccdc825d74a0

SHA1
d3d1187a489bf6a07156eca7edfbb5410cf94b1a

SHA256
d7f4268fdd50aa11ceb0b069e56e3688343385a1c89fa79fc7d790755b229d2b

SHA512
61e5fcbd81fdca3a21be1242b0f9918a5671e3398e909f354d338e8dbbe529c5bdc08080e57f21316ecb3a968da09d03e353933182fbcda5e4699f87cf251da5

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_9.ico

Filesize
2KB

MD5
c27cbf31c0dbf781e0866e8205945776

SHA1
b1a382aca94cc6915a292b6ef76f1ab1cd37c165

SHA256
728fb50a2888e5323bc42e7eb5eeefd35066f78755e8816a0b723f0833435a2b

SHA512
e82e5df2827f5c0bda9cb2faf784a7fd1c6781614a712042345ec9ed41bd84adb127e7752028fd9b45a69bbd8e822f16dacd02bf0167fae7630f6ee74ccad8e3

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\ash_inet\v3\img\menu\menu_9.png

Filesize
1KB

MD5
5b9a5a82c041c28eef92f6e45d3bd7ca

SHA1
81443fa718c8be029f9e8db05adaaf69526eec09

SHA256
2549565d230de99d8185dcc4f003df3bd51eda0a3bd82d0a31274c6307681a33

SHA512
b7968747532abe33bf49dd5c4afeaf8d9db364b226ea798f16b1658475bee3d2126077412a9019cffb4de9bed51bed1fbf047c76c2cd3b4d01c2523efc41fb86

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\Startscreen2\is-SI8O4.tmp

Filesize
127KB

MD5
f2615edccc431a733e02bd830c283ce9

SHA1
d9fb365837522add8c81512e57b7be577026319c

SHA256
2335f40348cbf938f87d2ecbea33bd45489405c2f89711f0d0f1a645ea0a1c71

SHA512
09e71d60ab42dd71047f089a3f9a4270924700b15339566601c871c8a047ef5b0a29097b32a81eb17f983771c436b689cda99aef03af660720ae343c05dbfe51

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\Startscreen2\is-VHQH2.tmp

Filesize
127KB

MD5
9ff745c4b2d5c148757caad73feb4577

SHA1
616f17ddc7a824b70d313c537a3da276963f5973

SHA256
ac1e7166f6a5c2ef4f08f47eba1ec498eef0e47a4341523de7c3b7d15fa2e319

SHA512
b912c462cb6326de95ab9129faa2668758684b652e8d88a470c6d2502eee6a5b6e6d2153baa54e8f93ea9c796204ee1e92c3b5cd61ea1a66c6deeba5d672e2a0

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\breadnavi_down.bmp

Filesize
20KB

MD5
c4fbdcdf4b21ac4f88167e6735e0f15c

SHA1
428779dca76c5bd568e7c03d44b73747c0319c65

SHA256
581fdfb5b24218a022fb11be21b2380fd6f2f082903c813227b6d87b6dfb8c3c

SHA512
7e30414fe89ba70d9a6a7bf754d9a8bae1a4f769971fdfd58423c1efcc5be5b410f9f87cc8eb39f034acf4ce54d51e3065d62640a00d76d08a51632f7c5a3753

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\breadnavi_logo_FREE.bmp

Filesize
138KB

MD5
436e30b778ce82f654f31dc42f77aa5b

SHA1
b03c9464f865d9afb4f2257bcec4c698783c3782

SHA256
3532e8f4a59b67f9e56356019aaf1aa0e0a5a19cf9b6e08302a4970753b60a00

SHA512
94b162756a950f6e6d49266530c38bbd0345cda0085f12981cb3f94208ee08c0b0a365b66ce6ac57ab637b6f4acca2746acf288b08af0329fd905c4a86ba39b1

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\breadnavi_tile.bmp

Filesize
13KB

MD5
fbad9b2e8cc632ce1400fa5ab7bdc328

SHA1
4ae0d509d1d9cab73a6124eb6b23b0c5eb9ff1ad

SHA256
59be27ed3090b9e67a8f3be278904c70f2cc7e40fdee74735350c8db8d418768

SHA512
1186a6cbdf26f53a57ab8dd619ce5a1a5d166ae99671fd799086b2a006b5777985ffa45a470a304794e695efc0f82057a9a20ed107330335885503e39dcb6050

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_back_disabled.png

Filesize
320B

MD5
f9241cff07d7cdabbada086283419a6f

SHA1
06e32f1041b63ac8c896bff4047c72a2856a5d08

SHA256
a82164e3ee5889e56777993a55793ab2654206c3d5d71f8f41f4ddc17709b56d

SHA512
63accaf5779d3af7e2967c6d17ba9612cb2f0f56e909e63622b980b07626738b6eb82ea4a5a7637e1c369475b54cea1288b4a7a650478726d9b7d928268c177e

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_back_hover.png

Filesize
378B

MD5
d6470ba1cc8f756bc5af6bdcd22e4f09

SHA1
cfb18738aaa18bb1c5f449f14086eb697612f28d

SHA256
206a5ce59018e0e6add4da336119f40b359e561c5be182b310ee6244dd8d6fdb

SHA512
276a4b41f335e124e4fb6f5b18dc7861793d57e576a1952b501d76c721d59630ba1355a217074cb3dbff8d62e692c86b9aade47f7ddf4f0826843e7ac23166bd

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_back_normal.png

Filesize
378B

MD5
853f8ae07b1bc7724bd370056206532a

SHA1
391324862d85266782baf1da21718f83ad65e916

SHA256
be8b9433c8d3fff74e214dee3e1567c9e8d1b7610b2bf7a0fc0e9f1c53639dca

SHA512
1333f967f904e41ba399705560e48717d9035533d4d82022f41aaad90afc04e6cf94c5393092c5ac2be2cf01bfcfcf4178da92f7de338183459e56e3a71d4388

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_close.png

Filesize
398B

MD5
2b178ec6652a78e3b7175096468c4808

SHA1
ffc4a849a32890d192014656e7f1d81325d13278

SHA256
55178f512460d7889a43d0b37d6554c55252a55ac26ea376ea9e28a567fbf739

SHA512
9e0d795e36a7199c92c1ed373c47ac9b7a2a2b5fdbb4704713493cce13216b96ac6798d410c21ad7d020fa24b4b900ed8f539b4950611d6dbd7d6271b399a713

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_close_hover.png

Filesize
428B

MD5
1aa6edcfae726f80cd18090809cf5a1b

SHA1
a2bc70d9d3596b2bc18ac10a6c750daf2cb7e67e

SHA256
f49d445da307081abd4605d48d389449a3c2d160694b0ec42d0cd0a8523857ae

SHA512
55bd91e5cbcce86374ba923e704f8065b7535aacd530519422965b2bbbc7e7452ff5e598e8cb1950ef657fd7ec4b3769137a248b3b5a042c56a7845299177384

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_feedback_hover.png

Filesize
293B

MD5
9f568291e36c5a6f42bb471ea597a864

SHA1
2dc967999fe14c73b4adc0874e8c981fb74a4199

SHA256
2798b77a299d9948b779f110ffed0bfd32b6e21fc4f458bcd540f038415d8ba9

SHA512
4e0df6642bfa2cf97b4521d7c04357d8ba5e40fa53ecc096632c909e20def7a56c2163d1397a8990aaf136660197a37873c895bbfa71b6d6ba33b6e1b8923152

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_feedback_normal.png

Filesize
293B

MD5
b3f6ac431d2e7825fc008d7cd23cf143

SHA1
9e82062c3d28809afc80f832a7b5978a3b1c925a

SHA256
cdbe4213227026f25af69795bebcd22277d2ee09f5ec2b7060266ef939510761

SHA512
57e5777e00585785799da28a0e469806d5912a8f59ce1e4f94b9b263740151e4d177bbcde02228deaf448598e8076490c84b262fc5d7ee06a8ee5183ffb4ef97

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_help_hover.png

Filesize
270B

MD5
0df788111b82152bfec89e1c70ff821e

SHA1
28f4a1fa7d49e88b26fc941c959e5a660099abc1

SHA256
3066f5be6f00147b452d8561f55e895bfbafb508bf797771da46dfa6a301c92f

SHA512
8eb500c8db1208dff647b5bde69fe5523d26ec3010083b274960eb7b571774b04bbcd1ac6df3d970f46bbb1f550e5814216042dd13af66e3af1469eb80239970

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_help_normal.png

Filesize
270B

MD5
1ca016141aaf781dcbc76311676dd34b

SHA1
64e1bbbe08df0f772671d5af09652e97d4f5412c

SHA256
21c8219100bad0c86458c19d5384ebc36002bc0c8a11301db737c100f335eab8

SHA512
882b3d4f352f6b38a3e9c3aead85069fd0d8f21b64d0ddcb9738a611ce7505df07134798728348089572f60a35fa2674f1a758ac08548a6dfacb11e28ed6dce4

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_internet_hover.png

Filesize
304B

MD5
ee2c4c2e6de79abd4d9e588bde16d4fb

SHA1
2297d24661caced3ccb72e4a6884a4023e226dd9

SHA256
208673cd33564805afccbf56bebf9f6bbe5a127de9c620bdba1dff4513f999bc

SHA512
3ea05f05636a50fd0aee8fe5bd92c3239503e53088b7d52c1be183af2b8b510f6cb143e3de6485ac4f5f2f524ed527b113ad884473ade47d8b7bfb7d0f7b5874

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_internet_normal.png

Filesize
304B

MD5
abe4404872828070ffc5182e27beb910

SHA1
ed687242b662bc320710c6f6681045a71c431de4

SHA256
d3b228defec4c6c825a08a1c6d59b145a3b379ad1a9a7fdffa362f2a23005638

SHA512
df7d56fccc89d51123ddaa616db90b65b86b12cc1ac3b3c3170f66914f7d29e8b1a39473e3eac34909f2b3f504d3a4eb47ab7f894919fa614965e8e17297ad9f

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_maximize.png

Filesize
181B

MD5
38e9a7368e6feebda1ff2ac619d9dc76

SHA1
2b619d8927120a511a9ff04592c88453a558255f

SHA256
b96558161c09f773044074751ab677e9265567a21bdb59c79d6d0dab00ad9de0

SHA512
17e77e65d67530e0907980bca9671bf1c2401adae163e25512f8fc0d35e01a0780848109fdf70974607010e3d257cefedb1c29e924da9e064875de6dea9c02c7

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_maximize_hover.png

Filesize
181B

MD5
b602c97e6768e241f822c418845a3603

SHA1
a344f59141ddff040db5fd1323bdcdbdb7fe9069

SHA256
d608f3a73b7ede05b305899f3e8e1186bdbe07a9492ae85a2f4643627399e7d2

SHA512
006579192c4961978fd2954cc4c1449b20cc8fededf6ce402984026888e91b199aed142322477ed7250604a7ca9bfd089b166dc6f17a1cddc1e9714e7cda04e5

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_minimize.png

Filesize
170B

MD5
edf4128c6ba201a02b5e9891c8a26aff

SHA1
7fb4706497ec58fd525e0ea205ac8aa7551a7fb6

SHA256
31d13482bcef4444805f36675d0e5c0e158d29a3aa539ca1a13dd0009fd717aa

SHA512
2a01a413c6bc7c5beb8ae1f72f4c76100e137d581164220a55ec518345b63c141a2a2ffa4fc76eaa6a77fa862b599a6a4d1a412dff64c5a387dc6de50d75d507

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_minimize_hover.png

Filesize
170B

MD5
22073e40c7bb012f5f430a4ae62e48fe

SHA1
8f3e887bc6fcb469e4a0853957e93bfcd0fb9a40

SHA256
d3c15bdeff3888a7b80453eb30707b92664cee0808cf216b57d3c5ec264f1671

SHA512
9b73c8e41455fec9ca652715bd2fc08b35862f132e1ed09eaed3c1ff9318bfdcfed0e29de0acf5927dc1f0fbeb7786b98791ebe78f599b136ee6ecabbd4acf44

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_settings_hover.png

Filesize
481B

MD5
47e35e809eeda6293d9163745d6bbe85

SHA1
d668598ca958418d47b643a1191b0385beeb6df5

SHA256
507f1a5b97f4cdcc45fc43ff2b656a2ef51494556ca8dfddd84e9b8273f1fdd3

SHA512
18ee1a2b74ef9c83cd7733fc95e5d5993eb1772241c3ab086bdbcadc688a573d609195306b66f08ae3ce69e3a403a0930b849fba9d9e61f19a7164d032b55fb7

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\but_settings_normal.png

Filesize
481B

MD5
6d032b29ba99836735ebb177ac2195a8

SHA1
d75f753d5704b79aaa41bed4a291a17be4b9854b

SHA256
4d80c925c2d2d87a5e081e1362d3db5c3f8d3d29db9b357e4c2096fab7b6972d

SHA512
1cbcb6049c80548e888e0781f3f76891ae9d56fa7bf0fc998e095d08f80526ed20a90ea821d74d010914a6f5dfc3366f39c47fdb4f3ea5fdcc0ef2b256ba2da5

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\grip.png

Filesize
1010B

MD5
c55c70baceecf61a4d6b704ae4a9818f

SHA1
4467ff17b45a50d4663bb648c1cb5e578768b457

SHA256
5ada4a96338b8ea08bf00e08148ece585aa33adfe570ea1f3c767ad00456ada9

SHA512
bfab6d15f16ba8a4594cc35db240220d2c183a575f46e5028e0afbecd0a78f393c3ec5db624dac5e002a35bdf6d44157c010824a93d008cfb0dfad2591c5fc72

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\is-PNLCK.tmp

Filesize
103KB

MD5
93cfe074a4119d68eb8eb5997ace3e9a

SHA1
a2c53524073f3b623d527eabcbdf98128e8e9360

SHA256
ee5c902440ce18bd302ee29638b342cca561e1f97f195b448f5dcd4d6191e20f

SHA512
b697db42fe7858cc7976349566e42e5ab8c36855d386a1e1a8e10f89b4054fdee311d5bf23b1c513e578ab8285baf290bfbd2939a7ba7b34f75a4ff225483c88

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\menu_active.png

Filesize
1KB

MD5
fc26563ce98f71fe827f4f758f1f6583

SHA1
68767cc989d1c9fd3b4fb90bd4390a8eca6048df

SHA256
2e37ac076b164b6c6eee1b7c8959e04bd600a8160d7eaf338c15d8230015a55a

SHA512
e6191296ce8e55864dbab22cd3ead66edb5cdcf2c979a49a6abb9f9d7141721957fbc69f1100cc6eff1847a9220ab91462fbd347c1552e92069d93a4333b7864

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\menu_hover.png

Filesize
1KB

MD5
7c70d601560a3a112d1cb3589c4dbcd8

SHA1
17fc8f04e4d640364e4236f4cbc760c22cda6e77

SHA256
4e6da6822881b8c28f96c8df35afa70f2fe087ee0ac35ae94644eebc4000f4ce

SHA512
2e3f95bc4decf9663becb4134f0a8e9598a8fffc0f8eac9566415b17e47d4f64f0ec5958b36f3ce3952f8c8ad84c5cc80fa39b14a405c37cf24887c1b5bf84e6

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\navi.bmp

Filesize
272KB

MD5
0a8fc327c00cefd04fdc487c6c424fc8

SHA1
cee1f4b09156eee0f2f58144e4d4065d26d476f8

SHA256
8b21e5a0f410f6c730559c59f19a248451ae987efd82af58b1593b38850547ed

SHA512
579b4c768d33ac66f3c972790361d8e85838d46f16a4d0f57d1e1c2d8f9c7a5c881f3386d4775cdc7b3adfbb1358bf8975d554a0bdd68d76824814bd4c83c925

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\skin.ini

Filesize
2KB

MD5
879d34856ed199dbb5688439bcbe16d1

SHA1
5e4ff57f06cdd0a802d416f63d92605ca82d7958

SHA256
ffed4b3e61cfd9bd12e24dbcb1730c57617ab79cdd55b8f56c9211eb80bbbdfd

SHA512
c125dcf686044ba82741007ca29bd6209d96ea66ec9a1674c1f5a040e0c460ff1fea1f53de138e982a10b372bcc4c2f05acc8308df826c5a4d6c71993a69506c

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\default\startseite\is-AGF6P.tmp

Filesize
114KB

MD5
6350adb06deeccda3bfa9dc9b0e26c16

SHA1
012d4f9345f962a46c89ddec73fb359ff38bf720

SHA256
6a6470c26756017229893e41d9648c9728cd9a3e18c8cd60c59e24e73b928a13

SHA512
4905f2a8c434ab3c6a7cae9f5020d3c7521534f1d695965196e10ba00f20f3ace92fa247d3b9a93b08a375cd0c728d3f39731a7999c92e90842575d66c05bed0

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\Startscreen2\is-05O9A.tmp

Filesize
127KB

MD5
481a31d20c705c94e40c9094e6d554ab

SHA1
8ba8d68775652e8bc79b154c7855a7a18b697236

SHA256
2dc0b1f982ea6f82f50d0e4739b1e07cfdf0f84b3c7c4b4be734c80463d73ec7

SHA512
a329dae8f8a6805de023013769d5aac8856e82876a8345ef64527b74ef2468779ad42bd322f7c526293cbe385cfdfa28e43063dbed8bd9e953bc19774039e9a8

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-22M34.tmp

Filesize
398B

MD5
2b178ec6652a78e3b7175096468c4808

SHA1
ffc4a849a32890d192014656e7f1d81325d13278

SHA256
55178f512460d7889a43d0b37d6554c55252a55ac26ea376ea9e28a567fbf739

SHA512
9e0d795e36a7199c92c1ed373c47ac9b7a2a2b5fdbb4704713493cce13216b96ac6798d410c21ad7d020fa24b4b900ed8f539b4950611d6dbd7d6271b399a713

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-65PRO.tmp

Filesize
428B

MD5
1aa6edcfae726f80cd18090809cf5a1b

SHA1
a2bc70d9d3596b2bc18ac10a6c750daf2cb7e67e

SHA256
f49d445da307081abd4605d48d389449a3c2d160694b0ec42d0cd0a8523857ae

SHA512
55bd91e5cbcce86374ba923e704f8065b7535aacd530519422965b2bbbc7e7452ff5e598e8cb1950ef657fd7ec4b3769137a248b3b5a042c56a7845299177384

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\is-L7INM.tmp

Filesize
103KB

MD5
8a1fbd0d0ea243d052365d3bc0288dc2

SHA1
d99994262cd85671cbf93bc5bb423aea4760c23f

SHA256
b6301af880b9c8a95d30553ce08b1f616135cbd73c75a62e6a8faac57b488986

SHA512
fca2a061b770d228cf8a18b6e8bceba75cf2a7f67236d5d8ded1b088f9e5574bc6fcbcd9769d9b680bc560c67cb712abb16d14a6d34f57e5899a48ee383898d6

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\startseite\is-PQJ08.tmp

Filesize
114KB

MD5
d37fd964bbb4363db1b9c812d19f9a39

SHA1
71d9ead32c76bac804b83e01823507c0355c9b6f

SHA256
76548adc4fe0a15ff6a73435dd28fc428f0b19db65b693e803e0b85c4825245a

SHA512
9f5d50a118fef2a909053d3364e14cd002c4d7a813ad25aab75917869bc6ef50b473f40f9ebbe8447cf701e5092a78b8f834b62dbad160df852b224d305c12f5

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\light\startseite\result_green_normal.bmp

Filesize
114KB

MD5
29be958bf732af6825657ec5119e847a

SHA1
fbc283cb300e6f3f8a033b510419caa299c12ad0

SHA256
703f0627cd16c6ca0485f30391a50b445030288d232289600936ba7ff4fe8a39

SHA512
5d01984ef3672ddcb7f38b184952fa0a4af9c8bdb1434210b351f57e98abf7c5859b43690e1c76c833cf203aa97c3abf8bd49236742c30bfd5e4d895dce02523

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\skins\stripe.png

Filesize
326KB

MD5
4b2929f41df99a847a526a1de3f02375

SHA1
ee0b34bdae30097dedaca9a814bdbb5ce21e3162

SHA256
ce2bdd315096ced73023c39b6f4e83f9e1dd3292f8776cc8043f14033c009743

SHA512
26aa4ce25c2e70d3775ad3cda53a1d95f5766eeac7c2d2b78f59201e332e49be8e95023f019733933b3c6e84688e22ae08e2d2ced58011859f3134efd905f2d3

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\translation\es-es.nlang3

Filesize
526KB

MD5
5480ae9a03e72b67804d6a5583fa5572

SHA1
61c08bb773ffe25a5eb7c798766d7be6a0250bca

SHA256
900dcff3ac9ea38d851503c61f460b1ecef5aa71b7fd0a7571cb654159fa7580

SHA512
fc8323cd7f0fbf414e8f49967cd5bd037b9df9bfa95d3d1e13d2cc4e4bfbbf55a9639d4c489e8efb1fc4105a103c35539b03ef60c6023b536ef75d6e8e69878a

Download Submit
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer FREE\translation\index.txt

Filesize
160KB

MD5
5360f82bcb9fd95f099327fc36a865fb

SHA1
8db47d1f2fe9cb26bd8041d04cafc71179863cdb

SHA256
d74260b1909244bf73e85d7c4fab2d74b80ced76f57cf104b5380c9dcdfffb7f

SHA512
5b847df073cbbd74d9e3c4da67ab609dbecb352885081fad0a7643bd756cec8be002ea6bf68b983934efc904ff42710593c1f8d55fda13f35d6bcbaa64c9519c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
919ca8f7d738a52448c080b4359b8bb6

SHA1
5f711e0ddb65933821a0a9edad743d2df42f384c

SHA256
80c408c30c61d14ed2d59f2af422976c5e4b4c0f7a2d00a69712940034715a18

SHA512
257b178b3ad019b489798f9b4dfabc81e1bb14e262a70854b00f8c270ab78735852ab3f3e6e137db35db2c25d4eb80f548921474c48f924f07ddd34d9bfd6eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe578685.TMP

Filesize
48B

MD5
ec51674ce9ebe3f9aad12f240eca3330

SHA1
130edd4bfd361b79133653717bead65f0abffd22

SHA256
be286afc01a13be7ff0d159f92818e5f498b11c6276ec72543a45e1fe37ca92c

SHA512
1ef0486b4f80f31af7c4b4e11e019fa4ea1d24df8d9689148837c06e8c6516a5e495879a5b10c4b801c2a1c576c07c4bad6115a2e7638e0470c7a8c4b8d06570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8f7bf5cb97284080a5a5d712494fbf07

SHA1
c0bddf68418f080a09e3e9f558b156d646033b62

SHA256
1ab0cc9566d714d96cf0126d7c2685e6860b898590334a1291ffcc1866615d8f

SHA512
d9bab421a1377af800420a90d9b8fb7b19d1c2a9ac25b0d682c8955136596dcc2979d41259f0540aceb1e6eca341151288b340b55c6bebe6eeab06c1bc122f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8693a6da2d89d85dc69a883c8086307b

SHA1
0bf7db5a0c1c169a1e8903951053a209ef9b9c62

SHA256
26dade034e76f5033c90eed8cce1cceb49a28bdace54c7312e3a809d6a5a7751

SHA512
b5a9355f9761e1bc6c117eff373df1b6a5397786f65b7a3b8dc12573fa1654761ba17a53ec65bb693ff5a69247cb0dec2c56925d1f302222d3e02c87c7d7f1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
75c9bcd680c2839f46370e0b6e045228

SHA1
f9e39e212f05f184544a1add3c29efda7c0e056d

SHA256
1d5ca8a47c27e678cd7755d7e85bffacb0cc0fb71afcafce0686add9172c79be

SHA512
98d81b1b1998b46fe97d2ca6a81b54c3079ff6ba72a02304aeb85015f930215982a60e20e7f7277706c3d0ed769f9d6818a2656fd60d4312f328cbb9e8f8d557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37be90de08ad11b2b2e263fc4801ac8f

SHA1
b4cb9cc02e631e774fc7fb563439fbe3694d92cf

SHA256
b864603e3da26aaa6cb52dd6d3830de633fe4507edce974494ae4039fc0a7c8f

SHA512
f4dc464b89f2019153d908605bf8e139d2e29ca30d65fe3a1ba09475fe0e0096ebcde67fca1c8d7e0807e2aa9bbc359941c2a2924b38ce63deb795a0366039ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
3751755ada8bdc124e84539804cad333

SHA1
5fc974f46154eaab6927788211edfa9e6deb00a9

SHA256
75bc1de7c3d2e72d9d3291851e51a4d046200b9896bbcd46a851c1257539a369

SHA512
06d9fd5bf20c805df2dac8f5a326ff6739a535b5b5cbc84958d7d3313704231ed09cbc2aa8a6c2d72b027451faf53a75171ed7e17a1be4592885c0c1bbf00488

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9GU5S.tmp\ash_inet2.dll

Filesize
4.5MB

MD5
9b9659c742489f7cff6bfce34e377185

SHA1
1fc6e3fa38c6cd8e7dfd5db6aae8e42f318eaf17

SHA256
6777da0865a355e0fd7cda0af1e0535dde96fde144436029158473e6f7b8b0ce

SHA512
9639fe12dc86be2af0bc951aff9c8cba5e7b77761fc1afadb2e7f4b2a8171e2d6bc16470425275a80c470b690b478304a07cedcfeed242e068910d688b96f076

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9GU5S.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9GU5S.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9GU5S.tmp\setup_01b_bg.bmp

Filesize
1.3MB

MD5
500fc4e3db1f28d93a9506580d71df66

SHA1
cf1584f68d868d458f50bc43bd0a55f48661b2ba

SHA256
365dc91b696d97d46fb52ba7b6d19e1e2803e275e9331741ef73a7a2b4c877dd

SHA512
e99ce8c7b0c39219af338d0da1193779baeab35997d49f6b81e47a700075624093dc9842c4f34523a1d2ffd542e194d719a31d77b5e965c4d9ce71af931ad908

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9GU5S.tmp\webbrowser.dll

Filesize
569KB

MD5
335a04b52df322aac8cacf89a9a2bb62

SHA1
86136d1ca55d20e6231aa2c7551540fe0e5358e4

SHA256
f842454e5545010b847937d98985b689600bf7077c1651b4872ba46591468c04

SHA512
c39ce6aa13f4bed9ac6f009167f8f3375f9d3819f197d0872f7860b4a499466eb3ba7eed01fe0d9fe9621d40a159599fa46f840b5da4235336f8e4548c44375c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9GU5S.tmp\webbrowser.dll

Filesize
569KB

MD5
335a04b52df322aac8cacf89a9a2bb62

SHA1
86136d1ca55d20e6231aa2c7551540fe0e5358e4

SHA256
f842454e5545010b847937d98985b689600bf7077c1651b4872ba46591468c04

SHA512
c39ce6aa13f4bed9ac6f009167f8f3375f9d3819f197d0872f7860b4a499466eb3ba7eed01fe0d9fe9621d40a159599fa46f840b5da4235336f8e4548c44375c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FOCRN.tmp\ashampoo_winoptimizer_free_30303.tmp

Filesize
1.4MB

MD5
993857af8ebd6524bbe1dcce3ffd3be3

SHA1
5ebd381e23a51b9f9831a31653428ff1bec5c432

SHA256
4b7d9899b273f4196a84a0fc5af5a4d613704bc9afb3949f3e666f360a20403a

SHA512
84362961684217a552d77a7fc76f6a6220da908dabc7cc30bd11221d61a9b8b047bc6638c635495a35ce7866ccc2aab312a10ebdd26b3f8e5f95c124997bc250

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FOCRN.tmp\ashampoo_winoptimizer_free_30303.tmp

Filesize
1.4MB

MD5
993857af8ebd6524bbe1dcce3ffd3be3

SHA1
5ebd381e23a51b9f9831a31653428ff1bec5c432

SHA256
4b7d9899b273f4196a84a0fc5af5a4d613704bc9afb3949f3e666f360a20403a

SHA512
84362961684217a552d77a7fc76f6a6220da908dabc7cc30bd11221d61a9b8b047bc6638c635495a35ce7866ccc2aab312a10ebdd26b3f8e5f95c124997bc250

Download Submit
memory/1320-2105-0x0000000000400000-0x0000000000D69000-memory.dmp

Filesize
9.4MB

Download
memory/1320-2099-0x0000000001090000-0x0000000001091000-memory.dmp

Filesize
4KB

Download
memory/1320-2098-0x0000000000400000-0x0000000000D69000-memory.dmp

Filesize
9.4MB

Download
memory/1320-1705-0x0000000001090000-0x0000000001091000-memory.dmp

Filesize
4KB

Download
memory/1740-1743-0x00007FFD18820000-0x00007FFD18821000-memory.dmp

Filesize
4KB

Download
memory/3640-478-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3640-133-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3640-1704-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3800-647-0x0000000000400000-0x0000000000575000-memory.dmp

Filesize
1.5MB

Download
memory/3800-1703-0x0000000000400000-0x0000000000575000-memory.dmp

Filesize
1.5MB

Download
memory/3800-648-0x0000000003B30000-0x0000000003BC5000-memory.dmp

Filesize
596KB

Download
memory/3800-651-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/3800-668-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/3800-1677-0x0000000000400000-0x0000000000575000-memory.dmp

Filesize
1.5MB

Download
memory/3800-1675-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/3800-1673-0x0000000000400000-0x0000000000575000-memory.dmp

Filesize
1.5MB

Download
memory/3800-139-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/3800-145-0x0000000003B30000-0x0000000003BC5000-memory.dmp

Filesize
596KB

Download
memory/3800-151-0x00000000035F0000-0x0000000003605000-memory.dmp

Filesize
84KB

Download
memory/3800-153-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/4320-1672-0x0000000000400000-0x0000000000D69000-memory.dmp

Filesize
9.4MB

Download