Analysis
-
max time kernel
262s -
max time network
252s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
29-03-2024 23:53
General
-
Target
Patch.exe
-
Size
917KB
-
MD5
e434437bbcfa95a0e809f2ab2d8d4b05
-
SHA1
304774b335b987979157c9c69b17caf6ac9de059
-
SHA256
05732b23340450e6e58ffe3964b0c7581987b8fbe69999e2e772918babab38f6
-
SHA512
5d08e51c57cc1178bd0f2928c4deaebd967d2772d4b25b2b1fc726bedcbfbe92107d3426c00dba22289a81b877628d01e3bd5091570190ba8472ff0ab324e3ca
-
SSDEEP
24576:tcKS/DI6xofeQoYRbWW9UQkTLzKyvFMOQ49Ve:qM2ofnoObJo9V
Malware Config
Signatures
-
GoldDragon
GoldDragon is a second-stage backdoor attributed to Kimsuky.
-
Downloads MZ/PE file
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 44 IoCs
-
Registers COM server for autorun 1 TTPs 13 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 18 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 3 IoCs
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 56 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Patch.exe"C:\Users\Admin\AppData\Local\Temp\Patch.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd3113cb8,0x7fffd3113cc8,0x7fffd3113cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3420 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\video_editor_setup.exe"C:\Users\Admin\Downloads\video_editor_setup.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-5Q8UC.tmp\video_editor_setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-5Q8UC.tmp\video_editor_setup.tmp" /SL5="$20298,71765481,232448,C:\Users\Admin\Downloads\video_editor_setup.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\is-DA6LV.tmp\install_webmmf.exe"C:\Users\Admin\AppData\Local\Temp\is-DA6LV.tmp\install_webmmf.exe" /S4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
-
C:\Windows\system32\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Common Files\WebM Project\webmmf\webmmfsource64.dll"5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
-
C:\Windows\system32\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Common Files\WebM Project\webmmf\webmmfvorbisdec64.dll"5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
-
C:\Windows\system32\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Common Files\WebM Project\webmmf\webmmfvp8dec64.dll"5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://icecreamapps.com/Video-Editor/thankyou.html?v=3.174⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7fffd3113cb8,0x7fffd3113cc8,0x7fffd3113cd85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,6921585006211547871,4832471026616150789,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5928 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Icecream Video Editor 3\videoeditor.exe"C:\Program Files (x86)\Icecream Video Editor 3\videoeditor.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\dxdiag.exedxdiag.exe /whql:off /t C:/Users/Admin/.Icecream Video Editor/log/dxdiag.txt2⤵
- Registers COM server for autorun
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Common Files\WebM Project\webmmf\webmmfsource32.dllFilesize
327KB
MD55a4aecb37c68f77040d4455a37b88617
SHA1321211f97da1c02e72ae08181f1365abe76f8875
SHA2565bc05bb2af53519316381a691ae2e223579319f8827ed2635568d8be3e89b484
SHA512ea29309ad4456d52b9b0004e26e58e1bbad1514c15270c7aa3bf2366053b24dec3cd391bd4ff741d6693115d3ec140414ec307a748ecfeab5bf609d85f0b3f2f
-
C:\Program Files (x86)\Common Files\WebM Project\webmmf\webmmfvorbisdec32.dllFilesize
329KB
MD583030f92d7ecce3a68092a0d283b2ab5
SHA17ff418192c8ef65a00c295554646cc3f9cc84add
SHA2562f4c39a93eba890f144bc3921c082e6a93834814d495518788efc72de5fa9923
SHA512cff3d657e61ebdf42f0bdf3ae6ab883ee579f90df8f8d4ce51d71f5043471011a0ab48fe21a7160f5bc84130b9d969716a66c53f0e9ac0926684f67cab537405
-
C:\Program Files (x86)\Common Files\WebM Project\webmmf\webmmfvp8dec32.dllFilesize
377KB
MD5f21b43d6e09e9ab36bc288ddec600bfc
SHA132f20a744029dfaf771b2eda957898cb33abe2d8
SHA256f27b43bbae0c376e750f700665ebb0c2300f3a8d5e77f288fa5544e4041adef5
SHA5125b28ca3d91928bb38131aa3af7f76ecff248c9c4324242bdcbd45b5ee59050e2288c5acaad9cf413178dab0288e692be2a6513f58320cc03f64871bbc9c7fd07
-
C:\Program Files (x86)\Icecream Video Editor 3\CrashSender1403.exeFilesize
1.1MB
MD56d3011544e0cf9cfc5b1b2a9d917398a
SHA18288e528fce3ff58c756fbee3faa0910fea5c072
SHA2566ad3088b64cdaa25fbb115daa34b2699bc99544a692d3df54985438982641fc5
SHA5124b47f5ba2c29619c7a89624553e0325faa39d55880e7b48735008d0b70cd6fd44d963585f6c134eb13cd110d05d1ebcc84880b55c68407d65f07ce89490adacf
-
C:\Program Files (x86)\Icecream Video Editor 3\D3DCOMPILER_47.dllFilesize
4.3MB
MD59b1148a147fc307a501e8c540048991c
SHA17bbdf247051937141121ae6132b0d4f2458ae7b1
SHA25621df5696011156fe64f2dff47c8ed5e90817021f91f70b6d9707fd58cd1b0b81
SHA512e06185401efcf84d2be23c0afefd241eef89414f68133c99cbc67d55d865ca9aec24f94b735afcbb5975fa2f2e56118a8a980f1473ebd248b265dee477111ee5
-
C:\Program Files (x86)\Icecream Video Editor 3\avcodec-59.dllFilesize
15.1MB
MD56586504b45132854e8dfd43254c1fd00
SHA1bedd0178fa5a4dabffa718f0095c335a32549c96
SHA2564430b2f823a0a4f115f65ecc8cc44ac1f7b8050c4abf9db1b14ef701e683b0f0
SHA512af052afcb4948f5cab0d5b431fc99675634720fc76b3fcb53dd613f97c3934f1b43f547786499d251b1271a7963f56eb9fd379b10b655ec684c9aa7bd55bcc35
-
C:\Program Files (x86)\Icecream Video Editor 3\avfilter-8.dllFilesize
5.4MB
MD5c498bf5236b13d63b635e9ed8225d0e7
SHA1b908330af676da96eb3b85d2eed7f98e00ac0110
SHA25660f3aacaea86f554453f7b0de7258a023a03d8e0a34b2b83712ead9de5ef015b
SHA512100d374fafb9d8ad6183fb0a300133a05596f656b5f0aff7ada4f88ffb1d706793217cf8231fbd0efaa8855dbea25ce8e9cf506c6d25a62ee479229a8234a447
-
C:\Program Files (x86)\Icecream Video Editor 3\avformat-59.dllFilesize
3.7MB
MD52f0c05437ccca5f0cc7aae2b36ff26a1
SHA1eb2ea91fb733d39c53b59686f72336c2f2c01f57
SHA256c36a914648f17cdd20923c2f17c27ead9f7e42e0c4393ccd36da92c805c03c90
SHA512150983409395985477662fe94bcb74a538ac4a9a1d6d0d378d50b270edeec57a273faed81b601fa6bf7d44a69e80c41e8d93299292f8e61482fcc5966db3370e
-
C:\Program Files (x86)\Icecream Video Editor 3\avutil-57.dllFilesize
1.6MB
MD59a19dac84bdf814a6d29493d5a524caa
SHA16e10a44be7f2a4bcd0469e4f8556c14378fed3a0
SHA256deb38e074c9ff9f0cde6052d0263572a242bbb2daba873e27af03550aed25dba
SHA5129b3bbfbab6ad2092107a1b0b98eec71de8f7fbe734fefe007f7eee4847cbe27e80d1777636904aacc1786643d2ee7d1a67c47e519018d3e37a67857035ae2899
-
C:\Program Files (x86)\Icecream Video Editor 3\libcurl.dllFilesize
499KB
MD5a93b80d23d43ffa00612a8acc7189d9b
SHA11bdd950d0b8dd826ff1d0f23d6b786aa06e3d1a2
SHA256f38d70c4007a2dddc52fcf28de654159060590d90ab1ad49ee05afa81f6a4d71
SHA512a208c86c80603b6a2251e429e0f660460147a12fde219409b7357f386fa0e5693c8b2bd1be58810051542ac785b40f0d5dc6602af3864b55c0b1e96dd80dd86a
-
C:\Program Files (x86)\Icecream Video Editor 3\swresample-4.dllFilesize
684KB
MD584693836811cf2011aee19987e88df90
SHA1ae70433e5df5915843fcbc3c1eea3577dd4a99f7
SHA256816929e86d086b885942812a979b8fdbbba33159b501681d4c19722bada05f1e
SHA51270d126c4adec6c808b0ef5b8622cc15a23297d183deabb4795eafb01b60f77bf734a6dbac4ec1508a3fb444a7bc1540e253302d97caabe5b06c9e1d016ed2f5a
-
C:\Program Files (x86)\Icecream Video Editor 3\swscale-6.dllFilesize
1.2MB
MD5b4ac980856ba3f0d7be5613425e0f555
SHA19f5f2959b87bb9e96f19d2804aee57c1473bb123
SHA256f30abef694b5bb3c9a2deb421a47c9d026795b74e6f4eeb8c47a9ba3941e3584
SHA5120dc678a7b378f8ddd2a78d64295009af8fbe6f79aecb5e4ba7dc0e05d5edfa862555c9855d3a976d0a7c36ba49308e9b93bcbcc950a4a5019761dbe8531fecb4
-
C:\Program Files (x86)\Icecream Video Editor 3\uservice.exeFilesize
192KB
MD5950a312a1dea1f6ccdd1fe8f81eb8f00
SHA1e18237267b906bc497492687cfe711a470fba8a6
SHA256fc7bcefa106f583b3ef105ef5df792800aa6d5819095819337ff213bd6693301
SHA512cfb95e7e018d33f0a608458c6a495d3d375761932c581961fa6ef0484d494e83c3473e3f2d6d5c444b22d5d22a1029b7908f6a22137c6058576ae525bd20c64e
-
C:\Program Files (x86)\Icecream Video Editor 3\videoeditor.exeFilesize
7.5MB
MD5df5e7bcb6a01f01888ff4d46693da06a
SHA15c8fa3382458fa336ce64f2dee43c9f1f08361cf
SHA256e8c50267ab6dc7cf4fec9cc94e1a4815fafdd1cea0d7fc1732af73286202c677
SHA512ccd9a7f7698fd8ba7413d11b19689d246e9311ad35196b518f9ba75ae84f764e56ed968c008a4943e70711bad0f5448d69f618f8d84c75ab6e0ba09c06dfc8c0
-
C:\Program Files (x86)\Icecream Video Editor 3\videoeditor.exeFilesize
7.5MB
MD50a1e0dc38eb8a9d4c0f0c8fa09940549
SHA1382b5efa89e4ee790ab42385a5b9b9f9c6f5fc1b
SHA256be8301788ab94776e6fc5ed35c8eb6b9f35493639c802d79c36619dfe6d4dfe8
SHA512d0b19d26cb5366d7f9d0703ad1c2b85db22bda33a58b9050ed0d7010b9b8df79b1cee33ef436078a16eb29b95be37ce10e11b1c3a9779cf55eae4fe529efb0c5
-
C:\Program Files\Common Files\WebM Project\webmmf\webmmfsource64.dllFilesize
218KB
MD50fc60ac80e2c1de2f7807d3b90bd2a1a
SHA1046eecb532a7fbe25cfe03a1e95bdb5f4a481275
SHA2565ef9beaf9df4c66f0522609fbd49d8c53f11bdf93573eb1da367e31a6a69af59
SHA512c01185d97c30d39d79a36f822eb37b2807623b9acdb7691cb7f8d3ed1212690d5d3c60106e536af17d0f0dc37fd9116fce7b33ec467c11bd9e96daf399db8a4e
-
C:\Program Files\Common Files\WebM Project\webmmf\webmmfvorbisdec64.dllFilesize
343KB
MD56c951bf14543d253131bd9f7478286fe
SHA1a18b2b50f7c378747f090d94b293f02f9c5cf955
SHA256fb7099c4221a09daa98c43223b5fbfc8572dda1bca7b3ec24d9f2d55c6925a83
SHA51208d6ae3b782537a7fe87ccae2a9accd4a25eedf77b7321f19644785364b2e45709d42e3d98ffeea48b8444858ec17b92c5ec35b093312f54c84767e10c8cf460
-
C:\Program Files\Common Files\WebM Project\webmmf\webmmfvp8dec64.dllFilesize
411KB
MD5f18a9cfc088243448f873b4cf30384bf
SHA1e64b2561c0aff950d7be281fc18d23d7c84afe41
SHA25696f5961b125445e9fcb612a5266f8e34c3503e9b720b70c56d33e71085c9ffe0
SHA512fcefcbbba91b8b491ab4b90d3b360fc6feafa03831b0a859e92c52679a94f3cb21ff55623f4ecbff875e08bf2619f5a0288f5a1dade95006b520a5e02f99d45e
-
C:\Users\Admin\AppData\Local\Icecream\Icecream Video Editor\icevideoeditor.ini.lockFilesize
64B
MD5d7768e29b8e6d1ae801bfdd43bf429c3
SHA107bce26544ecc7812e57cbd030edb360bfd87387
SHA256bdb37763ea300fab75d7034584a031789c8889e5979c2d22ee3c830e4a84ed08
SHA512d9163917bc9aa386a6a0c8d82ba932effa2718814c6fa68a35b6709099b39b649ddd1f1464cb92bd631f9bc695f4a33b4c671966c1add6bd5541ed2afb3ef977
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c3ea95e17becd26086dd59ba83b8e84
SHA17943b2a84dcf26240afc77459ffaaf269bfef29f
SHA256a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc
SHA51264c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c65e704fc47bc3d9d2c45a244bb74d76
SHA13e7917feebea866e0909e089e0b976b4a0947a6e
SHA2562e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110
SHA51236c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000dFilesize
45KB
MD530a274cd01b6eeb0b082c918b0697f1e
SHA1393311bde26b99a4ad935fa55bad1dce7994388b
SHA25688df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
SHA512c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
32KB
MD5057478083c1d55ea0c2182b24f6dd72f
SHA1caf557cd276a76992084efc4c8857b66791a6b7f
SHA256bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
SHA51298ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5e5075515bf2f6d9f09a6f398906c5068
SHA1186b2e89ab3ee0230e5fc9689f7d9cf509e4951d
SHA25681c4aed82c0a33cd74b8a7d2a5187471f0d5dd56ee815378e09973060c322fb8
SHA512a3644a603263238e4ca0305f5d5ed3803074d23a83417ade69b47045b7c42de4030776748571a969056875f7f69337bed16d032fe9204899af0cb59ed06b53cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5d0bf92a04af53883dc145f4029c10fc5
SHA148e0e25148b1e2c5a7c678cf24338d64307587cd
SHA25697ddcbece2a85324b0d8e2f861319cecb5efb9ce68b54bbfeab4edf157da73e1
SHA512d655e4eacf62f41bd52f6c1549810b302e81e8f071f2147ca1ab56711e8239b62ed6c3be92dd00cfcf31874e96787c5e324b27d8f67689862f8a12f21284a3d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD50a02f5736ebe8b16577007feece11130
SHA163a6052aeda6d6942fd89bd6115b73b477fa5565
SHA2563a9e91b163e1f60132aaf0b65b26f134e2efa77c31d21fe44a5be0d3f30ceeab
SHA5128980d5a9a15ab79f8a6108d836d5ab725dc309a7c70cfc3f9423c8db7c24dea087d8ffa7f3437dde4b0813480e82a74bca2582b89a0f3e118e52c8670bc57acf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5b924d37872b4e0b906b87dce6de0dc6d
SHA18ca5ad414ee631d0f836f8590c6a8b77d518ebf4
SHA25636a467849e26d5ae3d59d752bfe2c46a259c72d953ac1c400bd441f3e0e92d6a
SHA5123b1087a569a01e1c91326533879cb8ef65bda22885e9666ff6f0248a3580ca67e05b0f8e5647295b8eecd3acc0836f4c228470776ef36f3878872118ffd1fec0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5fa45780712511c93b129a6ae729d5857
SHA1215f31f76a035e56849c07f6073e712f3898b80e
SHA25646a0ef47ed7e1c320a5fbd1849b57db5a745b307b249865241b41ea8a10efede
SHA512595d44fbebe930c0a92bf56f060549b48e1e901b137b4d27df7cf4bfccf55f8beae02bdf6b7ed6508e34da27a702157bb2985df504db94c3445a54cec279014b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f07f3795a9c20b5fc49c6cab384c45bd
SHA1a29fc9d82f8e4681211929039baac8951730e09b
SHA256dd0f1f0ab6c165df64a9b674d8ceea4d8b81dc95ae748a30214387668b6c43f8
SHA5122a0d28e55c7cd97fb3867be568f89a1516dde1e240b432f212960d3aeeaa6554d764a61c79bb7cf1fdc73d30b0ab4a940511450056326208aced8d4783953efb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD522a13c1546c44c0da9b54e0850a02660
SHA13f41bf6e89d35e956254acf63cda98f779cc7cd7
SHA256301033d47296b4a4d63430aa2b3f803464939183058f897fb21106095962ec16
SHA512e434f3b7eb63d70c82e1130e3b1b02c56851eed1af61c76226262ffbe95bfdd9535d792e3498f89ebff8d245b911dd587e83c0ad7b62813261ee2bd515c5a751
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5387dac722546150e01fec5a5d339f1d2
SHA100d4883ea41d3b3cc7cb188ff7da534e18f4637b
SHA2565424d3960fb87fdb0d7920f1890047931cd3ee8db40237722560fa4e5b2caed3
SHA51260b1c52ec99c4d6d8dff8f65b896af92c93815a7e34e7df575025332f2301aa317d564cd6f4a48847070a143e94db80aac23ef7caabd1e5b9a5706c90d0df784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fb48d60dd0d0c0d98efaf4ce9cec7c24
SHA19f78210a0744b9ee582d016836efaf9ed6512efc
SHA256469e08703aba0ae5ff92a4a861074576c6b781037e6d956b2641f51cfb352a49
SHA5128bbb20701b2a63f98f702645349252337bbaa52feba669eacb47bdcfea4220b3f6fd58fe23d802ae20f618548ef5761b4c2f86075fca08c9881d2c6c53b7f19d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c0d4cc5e0f1e39044ec4ba0184e1bb1f
SHA1a5d923e5cf66a46c4fb0cbf40ca62c1b42f67e72
SHA256da6350aa2ae1898ddb39cf5dd3fced83f53d44a7288ea480f85d78bcea8316ac
SHA5125aa7f5a9334dc3273f779281c1876db2959c95c72c07d353538ed500c11cc9abc7a0c5e295e99c697d22e4996d119ceb941f277cdfea2335091b7b7e8c23a061
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b752e9a3f0c18f1e7e52fb6ab88c0ad9
SHA1b29efc3ad330b3e63456defae8aeedc0c571fbe7
SHA256ce5e2cfebf0e7a49e0a7149741b03186d3a1484f6f0b5d06913197a7d4d5e582
SHA512b3ff94368f09fb584dae8468647b2f1ebd00a5514465c4708a4525ebb48ff4efe19d21b3f6b1233f477a48ebac9f695c8b6c6efec663450b8dd1d7f4b2722783
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD54ff713f5709d50c678ba6e1b3460a19d
SHA19657412b0a16b1e333fcf20a05822881bf9143b1
SHA256216eaa8aa684d70917af894efc891e2ea3aad99717a36f4625810ccaef18668f
SHA51209d0c3bdd109b28aeaad0f5bbe73d9a860891bc81b0b918a02d939f4fdaf4d94b9f722ebdd3816e5ba2cbc5f877d9cb51f3d8ab93dcd7667f7a9e612db8d3086
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5bfbfc9fde81ea90683fe95a2d710d708
SHA1316d55a62ce825f14d68ddb862871931623fae16
SHA2560fa43dc47bf5bcd73d7f2e13efe8dca5abfb5a9b73a40abea84a29102ea1ba5b
SHA5126ac23a13087894f62ad0b8b6dce68b06877490ba57dfac89cd90dc8473b7fcf072b17c640ac95896ee963751d53bc206b9c30c7d9d3b0b0af05943321147f5b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c8aa.TMPFilesize
1KB
MD5a60e12beda64cd46d1dd9a8460ca82ab
SHA1d943a3ee7fa5eee21f9f41b06a81c6dc52a08b3a
SHA2568ba245ef39a2fd609d0d5b8ee46c8f8a8d381bc08641a609076b793969226773
SHA5126e717bf5fe7b47e6da2564ceb47388ce7989f3af98e4aad2a69d07f73f680ec253be1f1ab72d6a2ffe6379244836c07aa835a5e2a639754bf9fbdac3a295de96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000012Filesize
26KB
MD58235f98068f731038d8520df4727c625
SHA16ef1e3ca36d59de490e593ec195b632e8e09565d
SHA25698280dcf81e7ed7a29b2d383c12027481bf771aa6358012ee5ffcc8b3af21e38
SHA512d75d4b688898ee9c9ee07f7be6e9dafd0154518ac54042270666969dd15dbc3b7c8cf92997c510f42f20a5ad8270d5324dd8f2ef91666a9d6d0450d60bacfd83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000016Filesize
18KB
MD5a777891dc919545b9d210f4da59255f8
SHA1a90c1cd167c87be11e01c64bf3c7b222392ffb5f
SHA256c9ab3fa8ba5f2ac57a7c87293960e24a877cf26c0f98a5ecb45106d332e36346
SHA512da9dba0c5e55bccf9e414fbb2543b486020604a52de5ad4f462d26bc7bd4c2805fd8c0e74210338f0e207b8ca3bd883d31bd58cea2f60e2b5341131a92776757
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b4c7cae10002cc760eb2f1565de1f4b6
SHA113050b92e150a65097c5c41c4d3ed70cc3b051e9
SHA25685c42c336e2764e1f7af8458a0c7a317ca1d272635780dafde076319062f2239
SHA5128b15c4af84b65ec4f0526d8e286cd6fab8d12d89dc4b36345bf1546b46ee1cc4a3f33e4424ece346a955859f3928b5818aff360cf68b05252b3604de2bd3369e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55462afe84aebcb789f9370d51f66d1e1
SHA13558913e033117fb223d3f3a07367ca562d8b4e2
SHA25620363266afd64721cbef4b8069600123a4f3a52a2502a0cee07dc1f9218f4a74
SHA5124c588eb7ca03d54cdf9b4fca2cd2a28b6c0994ab96e090421819f3ea2aeb7a1e2b441023451c135aec78efb1692bdff522d3af080cef81c361bcfc4aaedb23d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD52cfbb30a68467226ee24a5da6a3e1f48
SHA14828dfaf4fa4be01472674cd316d6c130810ccb3
SHA2567537cf215441b96031cc416847dd2598c9e790a2e1e8ff425fd9cc619e80f52f
SHA512b74fb5049d6e4c48b0c91c1323f566ba28458eaacbeb13c0ec9db9e6de59a431536e9f73ab0ed4afc5ad766a0b929545a7b2647f2513b8b31c4a2dfce47b13bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD560a1374cd4d873c8bbca5002fd96b081
SHA107da30d77cc4cf78f24d3a7e0198ae999b83d9eb
SHA2563f81d0b010f8a4a808be844bf8325ff1eb42252e7796b213ba28c6218f8955e8
SHA512e06ca408572ab6081449dbe0f10c3a2189c6b09d11c4d4e568b3e95d547e0c7fe8cfd287da559553f9c756d0ef61846716d561c6d6938b177a2c36d68236b95a
-
C:\Users\Admin\AppData\Local\Temp\is-5Q8UC.tmp\video_editor_setup.tmpFilesize
1.2MB
MD557014e8e67093872ae0b00209c9fd497
SHA10d8d5f8a9852a9b3955d56c989e5902206ec11cf
SHA2566195f2bb53441db263a58a583bf803c59eaa277d15de191844c976473e7f8888
SHA51231f69073a04dc8bab1762b622d41586957b0a40793590ebda22c06341ad0ec561e3ac5376b88a111bccc762c065eb39d6f401d6406a2ac9a160fce4be457fb1a
-
C:\Users\Admin\AppData\Local\Temp\is-DA6LV.tmp\install_webmmf.exeFilesize
701KB
MD5ae6b9ae87f88a6aca974d2eed932938a
SHA19705acae4a461b06bd68d4ddc349ca5365e79730
SHA256958f249888e50cd54d8eee4dfb8203f7ec9d07205759b816237e1aed70542829
SHA51257a8588855e15b35edf7960ef2242209566aee7fbc4d88150cadffb80b2f34668a037d1dfbea9287d39e5b4df00420d0c51a82efb848b20a4c8af052d37f6317
-
C:\Users\Admin\AppData\Local\Temp\nsy3ED6.tmp\System.dllFilesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
C:\Users\Admin\Downloads\video_editor_setup.exeFilesize
69.0MB
MD5c12e8a3bf193761868dd5319882988ab
SHA18032f1de9dfc3d97b00f60ca2d71e849323809f1
SHA2565ecc3788aae277215f073973999b46a04dea04a30f3f5e62b6db0643eff42963
SHA512025b79d672eeaea92128e798a273fccb04dd33e021755e4eb06bef14266fbae0abf3f3d2ce6de64bebc53a5094947dac120a044b979ed19c2c9e457c1a514600
-
C:\Users\Admin\Downloads\video_editor_setup.exe:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
\??\pipe\LOCAL\crashpad_3308_ZELZVCEKXGFQUWEGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1796-1-0x0000000002670000-0x0000000002671000-memory.dmpFilesize
4KB
-
memory/1796-730-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-769-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-2-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-779-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-780-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-781-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-785-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-786-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-798-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-800-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-4-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-5-0x0000000002670000-0x0000000002671000-memory.dmpFilesize
4KB
-
memory/1796-36-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/1796-0-0x0000000000400000-0x0000000000667000-memory.dmpFilesize
2.4MB
-
memory/2348-729-0x0000000000400000-0x0000000000548000-memory.dmpFilesize
1.3MB
-
memory/2348-418-0x0000000000400000-0x0000000000548000-memory.dmpFilesize
1.3MB
-
memory/2348-765-0x0000000000400000-0x0000000000548000-memory.dmpFilesize
1.3MB
-
memory/2348-767-0x0000000000400000-0x0000000000548000-memory.dmpFilesize
1.3MB
-
memory/2348-763-0x0000000002310000-0x0000000002311000-memory.dmpFilesize
4KB
-
memory/2348-395-0x0000000002310000-0x0000000002311000-memory.dmpFilesize
4KB
-
memory/3164-883-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-885-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-880-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-881-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-882-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-884-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-886-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-874-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-875-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3164-876-0x000001D4B71A0000-0x000001D4B71A1000-memory.dmpFilesize
4KB
-
memory/3392-417-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB
-
memory/3392-768-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB
-
memory/3392-380-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB
-
memory/4124-816-0x00007FFFBCA90000-0x00007FFFBCFD6000-memory.dmpFilesize
5.3MB
-
memory/4124-818-0x00007FF6DAF40000-0x00007FF6DB6CB000-memory.dmpFilesize
7.5MB
-
memory/4124-817-0x00007FF6DAF40000-0x00007FF6DB6CB000-memory.dmpFilesize
7.5MB
-
memory/4124-821-0x00007FFFBB520000-0x00007FFFBB521000-memory.dmpFilesize
4KB
-
memory/4124-819-0x0000022B863E0000-0x0000022B863F0000-memory.dmpFilesize
64KB
-
memory/4124-957-0x0000022B863E0000-0x0000022B863F0000-memory.dmpFilesize
64KB