Analysis

  • max time kernel
    694s
  • max time network
    688s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-06-2024 15:23

General

  • Target

  • Size

    396KB

  • MD5

    13f4b868603cf0dd6c32702d1bd858c9

  • SHA1

    a595ab75e134f5616679be5f11deefdfaae1de15

  • SHA256

    cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

  • SHA512

    e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

  • SSDEEP

    12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i

Malware Config

Signatures

  • Executes dropped EXE 20 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Windows directory 40 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: MapViewOfSection 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 61 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3012
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5004
  • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5044
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3276
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      PID:1016
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe" "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      1⤵
      • Executes dropped EXE
      PID:4728
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
        "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe" end
        2⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of SetWindowsHookEx
        PID:4556
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SendNotifyMessage
      PID:4112
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
      1⤵
      • Executes dropped EXE
      PID:4320
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /7
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SendNotifyMessage
      PID:4984
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      1⤵
      • Executes dropped EXE
      PID:2312
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:596
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:5160
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:3656
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:5572
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
      1⤵
      • Executes dropped EXE
      PID:64
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:4236
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:5264
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:1300
      • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
        2⤵
        • Executes dropped EXE
        PID:5332
    • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
      "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
      1⤵
      • Executes dropped EXE
      PID:4688
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1772
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4912
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.0.421375641\1742135201" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b444f6be-def8-42c6-9138-bf248f02bb58} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 1828 29f8a1d5358 gpu
          3⤵
            PID:1052
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.1.1722765182\1779663181" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8ceba36-d12e-4a90-9a7e-0cf096ffb02f} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2184 29f8a1aeb58 socket
            3⤵
            • Checks processor information in registry
            PID:4208
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.2.2120995052\327944328" -childID 1 -isForBrowser -prefsHandle 2764 -prefMapHandle 2776 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4680794a-bd42-42f3-9c67-6f703b537060} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2760 29f8a15ae58 tab
            3⤵
              PID:1824
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.3.315143362\932186378" -childID 2 -isForBrowser -prefsHandle 2768 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05eb22d9-87e4-4372-9895-76f4cb7e27f2} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3484 29ffee66858 tab
              3⤵
                PID:2196
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.4.1033068604\753315456" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e575878-dd7a-4a6a-b404-499f3dee2338} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3872 29f8f543958 tab
                3⤵
                  PID:3452
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.5.856365399\556600148" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ff734d-5bb2-45cc-b281-ab338955bf3c} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 4888 29f908ee358 tab
                  3⤵
                    PID:5004
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.6.1215387722\1567007870" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09993376-0031-4e2a-82f4-257240e3ce14} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5008 29f908efb58 tab
                    3⤵
                      PID:1916
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.7.155692162\529231728" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00919f7a-b134-443f-8a72-d1df3ecf3c78} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5208 29f908ecb58 tab
                      3⤵
                        PID:4020
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.8.2019552525\1871191409" -childID 7 -isForBrowser -prefsHandle 4700 -prefMapHandle 3220 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0e0f90-fe75-4456-ba7f-3479057b0c85} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3236 29f91d3f158 tab
                        3⤵
                          PID:3432
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.9.1549950828\249230110" -childID 8 -isForBrowser -prefsHandle 5628 -prefMapHandle 1612 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9174bc5a-e6e7-4eae-8594-2f27031943e8} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 4700 29f9295ae58 tab
                          3⤵
                            PID:4328
                      • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                        "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
                        1⤵
                        • Suspicious use of SetWindowsHookEx
                        PID:2192
                      • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                        "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
                        1⤵
                        • Suspicious use of SetWindowsHookEx
                        PID:2540
                      • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                        "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
                        1⤵
                        • Suspicious use of SetWindowsHookEx
                        PID:752
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of SetWindowsHookEx
                          PID:3668
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of SetWindowsHookEx
                          PID:1780
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of SetWindowsHookEx
                          PID:4952
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of SetWindowsHookEx
                          PID:5076
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of SetWindowsHookEx
                          PID:3684
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
                          2⤵
                          • Writes to the Master Boot Record (MBR)
                          • Suspicious use of SetWindowsHookEx
                          PID:4928
                          • C:\Windows\SysWOW64\notepad.exe
                            "C:\Windows\System32\notepad.exe" \note.txt
                            3⤵
                              PID:1944
                            • C:\Windows\SysWOW64\control.exe
                              "C:\Windows\System32\control.exe"
                              3⤵
                                PID:5164
                              • C:\Windows\SysWOW64\explorer.exe
                                "C:\Windows\System32\explorer.exe"
                                3⤵
                                  PID:5460
                                • C:\Windows\SysWOW64\explorer.exe
                                  "C:\Windows\System32\explorer.exe"
                                  3⤵
                                    PID:5728
                                  • C:\Windows\SysWOW64\calc.exe
                                    "C:\Windows\System32\calc.exe"
                                    3⤵
                                      PID:5820
                                    • C:\Windows\SysWOW64\control.exe
                                      "C:\Windows\System32\control.exe"
                                      3⤵
                                      • Modifies registry class
                                      PID:380
                                    • C:\Windows\SysWOW64\notepad.exe
                                      "C:\Windows\System32\notepad.exe"
                                      3⤵
                                        PID:436
                                      • C:\Windows\SysWOW64\notepad.exe
                                        "C:\Windows\System32\notepad.exe"
                                        3⤵
                                          PID:1620
                                        • C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                                          "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
                                          3⤵
                                          • Suspicious use of SetWindowsHookEx
                                          PID:5508
                                          • C:\Windows\splwow64.exe
                                            C:\Windows\splwow64.exe 12288
                                            4⤵
                                              PID:3416
                                          • C:\Windows\SysWOW64\calc.exe
                                            "C:\Windows\System32\calc.exe"
                                            3⤵
                                              PID:2824
                                        • C:\Windows\system32\taskmgr.exe
                                          "C:\Windows\system32\taskmgr.exe" /7
                                          1⤵
                                          • Drops file in Windows directory
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:3352
                                        • C:\Windows\SysWOW64\DllHost.exe
                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                          1⤵
                                            PID:5208
                                          • C:\Windows\system32\taskmgr.exe
                                            "C:\Windows\system32\taskmgr.exe" /7
                                            1⤵
                                              PID:5428
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies registry class
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3116
                                            • C:\Windows\system32\browser_broker.exe
                                              C:\Windows\system32\browser_broker.exe -Embedding
                                              1⤵
                                              • Modifies Internet Explorer settings
                                              PID:5464
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Suspicious behavior: MapViewOfSection
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5340
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies Internet Explorer settings
                                              • Modifies registry class
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5764
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies registry class
                                              PID:5772
                                            • C:\Windows\system32\AUDIODG.EXE
                                              C:\Windows\system32\AUDIODG.EXE 0x3c8
                                              1⤵
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:6020
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies registry class
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1264
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies registry class
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5136
                                            • C:\Windows\system32\browser_broker.exe
                                              C:\Windows\system32\browser_broker.exe -Embedding
                                              1⤵
                                              • Modifies Internet Explorer settings
                                              PID:5020
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Suspicious behavior: MapViewOfSection
                                              • Suspicious use of SetWindowsHookEx
                                              PID:32
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies registry class
                                              PID:6088
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              • Modifies registry class
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5200
                                            • C:\Windows\system32\browser_broker.exe
                                              C:\Windows\system32\browser_broker.exe -Embedding
                                              1⤵
                                              • Modifies Internet Explorer settings
                                              PID:5100
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Modifies registry class
                                              • Suspicious behavior: MapViewOfSection
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5152
                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                              1⤵
                                              • Drops file in Windows directory
                                              PID:1092
                                            • C:\Windows\System32\SystemSettingsBroker.exe
                                              C:\Windows\System32\SystemSettingsBroker.exe -Embedding
                                              1⤵
                                                PID:5260
                                              • \??\c:\windows\system32\svchost.exe
                                                c:\windows\system32\svchost.exe -k localservice -s SstpSvc
                                                1⤵
                                                  PID:5624
                                                • \??\c:\windows\system32\svchost.exe
                                                  c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
                                                  1⤵
                                                    PID:5384
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
                                                    1⤵
                                                    • Checks SCSI registry key(s)
                                                    • Modifies data under HKEY_USERS
                                                    PID:3992
                                                  • \??\c:\windows\system32\svchost.exe
                                                    c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
                                                    1⤵
                                                    • Drops file in Windows directory
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1660
                                                  • \??\c:\windows\system32\svchost.exe
                                                    c:\windows\system32\svchost.exe -k netsvcs -s RasMan
                                                    1⤵
                                                      PID:1560
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2108
                                                    • C:\Windows\system32\browser_broker.exe
                                                      C:\Windows\system32\browser_broker.exe -Embedding
                                                      1⤵
                                                      • Modifies Internet Explorer settings
                                                      PID:5376
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: MapViewOfSection
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4460
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      PID:4056
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3416
                                                    • C:\Windows\system32\browser_broker.exe
                                                      C:\Windows\system32\browser_broker.exe -Embedding
                                                      1⤵
                                                      • Modifies Internet Explorer settings
                                                      PID:1372
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                      1⤵
                                                      • Suspicious behavior: MapViewOfSection
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2796
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      PID:4744
                                                    • C:\Windows\system32\OpenWith.exe
                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5752
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4124
                                                    • C:\Windows\system32\browser_broker.exe
                                                      C:\Windows\system32\browser_broker.exe -Embedding
                                                      1⤵
                                                      • Modifies Internet Explorer settings
                                                      PID:5268
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                      1⤵
                                                      • Suspicious behavior: MapViewOfSection
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5772
                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      PID:5908
                                                    • C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
                                                      1⤵
                                                      • Drops file in Windows directory
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:996
                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                      1⤵
                                                        PID:5396
                                                      • C:\Windows\SysWOW64\DllHost.exe
                                                        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                        1⤵
                                                          PID:396
                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                          1⤵
                                                          • Modifies registry class
                                                          PID:956
                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                          1⤵
                                                          • Drops file in Windows directory
                                                          • Modifies registry class
                                                          PID:5304
                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                          1⤵
                                                          • Drops file in Windows directory
                                                          • Modifies registry class
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:2584
                                                        • C:\Windows\system32\browser_broker.exe
                                                          C:\Windows\system32\browser_broker.exe -Embedding
                                                          1⤵
                                                            PID:3016
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                            1⤵
                                                            • Modifies registry class
                                                            • Suspicious behavior: MapViewOfSection
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2732
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                            1⤵
                                                            • Drops file in Windows directory
                                                            • Modifies registry class
                                                            PID:5088
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                            1⤵
                                                            • Drops file in Windows directory
                                                            • Modifies registry class
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4424
                                                          • C:\Windows\system32\browser_broker.exe
                                                            C:\Windows\system32\browser_broker.exe -Embedding
                                                            1⤵
                                                            • Modifies Internet Explorer settings
                                                            PID:3628
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                            1⤵
                                                            • Modifies registry class
                                                            • Suspicious behavior: MapViewOfSection
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:5768
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                            1⤵
                                                            • Drops file in Windows directory
                                                            • Modifies registry class
                                                            PID:5908
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                            1⤵
                                                            • Drops file in Windows directory
                                                            • Modifies registry class
                                                            PID:4708
                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                            1⤵
                                                              PID:2000
                                                            • C:\Windows\Speech\Common\sapisvr.exe
                                                              "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX
                                                              1⤵
                                                                PID:6104
                                                                • C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe
                                                                  "C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe" UserEnrollment,en-US,HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{B9DE3ED6-BDDF-42E8-B88A-53FB3F92D8F1},65552,0,""
                                                                  2⤵
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:4364
                                                              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                1⤵
                                                                • Drops file in Windows directory
                                                                PID:5272
                                                              • C:\Windows\system32\OpenWith.exe
                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                1⤵
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:3472

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

                                                                Filesize

                                                                74KB

                                                                MD5

                                                                d4fc49dc14f63895d997fa4940f24378

                                                                SHA1

                                                                3efb1437a7c5e46034147cbbc8db017c69d02c31

                                                                SHA256

                                                                853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                                                SHA512

                                                                cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri

                                                                Filesize

                                                                171KB

                                                                MD5

                                                                30ec43ce86e297c1ee42df6209f5b18f

                                                                SHA1

                                                                fe0a5ea6566502081cb23b2f0e91a3ab166aeed6

                                                                SHA256

                                                                8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4

                                                                SHA512

                                                                19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                b8da5aac926bbaec818b15f56bb5d7f6

                                                                SHA1

                                                                2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5

                                                                SHA256

                                                                5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086

                                                                SHA512

                                                                c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\18J4QIHC\MeControl_v6QmZT1KIHvYorogrcRgqA2[1].js

                                                                Filesize

                                                                16KB

                                                                MD5

                                                                bfa426653d4a207bd8a2ba20adc460a8

                                                                SHA1

                                                                1c3777307ca89baffe14769945eb2215c0c2700e

                                                                SHA256

                                                                f07fdce076d91c554de135674b5ea92a3b72348d33c72d43f93e7ff9a5bfa490

                                                                SHA512

                                                                56643373ee5af3f6f1ec20da41998b99a5d311aa9b550492683e2ea2a07146939e3abec9c10b525f5a312bbe2b6152d6c8ec3b9e2174c79c316cf21db764c8ee

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\18J4QIHC\wcp-consent[1].js

                                                                Filesize

                                                                272KB

                                                                MD5

                                                                5f524e20ce61f542125454baf867c47b

                                                                SHA1

                                                                7e9834fd30dcfd27532ce79165344a438c31d78b

                                                                SHA256

                                                                c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

                                                                SHA512

                                                                224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AGT29K55\js[1].js

                                                                Filesize

                                                                277KB

                                                                MD5

                                                                e1071235219132ed39558b4b6ebdf269

                                                                SHA1

                                                                2d60688ad86c9439ea54527518b6a9c3f30c6e77

                                                                SHA256

                                                                257a9f419ad9955e5d2b79191dd9d06491041e16a500259e38d05ff301149f10

                                                                SHA512

                                                                acd0b3294c441f5b3d0a71caee993af3b7026d3092187b2e59a00033a798dc70f3f3a8045e868089844a47d4815dd12bcbf8ca19a12eb6645269beeec23247ee

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\V6FNNLLL\answers.microsoft[1].xml

                                                                Filesize

                                                                13B

                                                                MD5

                                                                c1ddea3ef6bbef3e7060a1a9ad89e4c5

                                                                SHA1

                                                                35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

                                                                SHA256

                                                                b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

                                                                SHA512

                                                                6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\65ES3H0J\favicon[1].ico

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                b939aee911231447cbd2e3ff044b3cce

                                                                SHA1

                                                                0f79060358bea92b93ded65860ffbc9ecae3dc14

                                                                SHA256

                                                                f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c

                                                                SHA512

                                                                8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\65ES3H0J\suggestions[1].en-US

                                                                Filesize

                                                                17KB

                                                                MD5

                                                                5a34cb996293fde2cb7a4ac89587393a

                                                                SHA1

                                                                3c96c993500690d1a77873cd62bc639b3a10653f

                                                                SHA256

                                                                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                SHA512

                                                                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H4BZ5K4X\PCOP[1].ico

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                6303f12d8874cff180eecf8f113f75e9

                                                                SHA1

                                                                f68c3b96b039a05a77657a76f4330482877dc047

                                                                SHA256

                                                                cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e

                                                                SHA512

                                                                6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JODXNRY6\favicon[1].ico

                                                                Filesize

                                                                758B

                                                                MD5

                                                                84cc977d0eb148166481b01d8418e375

                                                                SHA1

                                                                00e2461bcd67d7ba511db230415000aefbd30d2d

                                                                SHA256

                                                                bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

                                                                SHA512

                                                                f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U0U3T4VY\b80692[1].ico

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                ac0cd867e03ed914827807d4715bdfe7

                                                                SHA1

                                                                4051a8c23756c10d9cc00fcde6f7215c780fdf6f

                                                                SHA256

                                                                b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c

                                                                SHA512

                                                                fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U0U3T4VY\favicon[1].ico

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                f3418a443e7d841097c714d69ec4bcb8

                                                                SHA1

                                                                49263695f6b0cdd72f45cf1b775e660fdc36c606

                                                                SHA256

                                                                6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

                                                                SHA512

                                                                82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

                                                                Filesize

                                                                512KB

                                                                MD5

                                                                b4b4201fe05ed105782af69160691843

                                                                SHA1

                                                                94ed60e21b2bbcc11c74a82e5a4f0b8dbacdf4a1

                                                                SHA256

                                                                2be4864f963739dd6b336572aca9639d50eaefe0ad1cd6f9366324ee003ab526

                                                                SHA512

                                                                9d9120a9c78a1e945b30b753f807f541fbd3fad2005bbff47ab507bde47a5268d6b68c89dd63fa61bd2722cc3d5ee38cdadcd2d2d8ce26e916fa50cc4bad4b16

                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF02D5BF1AF0A61ACF.TMP

                                                                Filesize

                                                                24KB

                                                                MD5

                                                                3cb73187f095a480743da38333f0e29f

                                                                SHA1

                                                                14f7228c55a3125664cef1acbdabad0a68bc3970

                                                                SHA256

                                                                efbb438d7aea9fffef9aa6178b704286411cf69870d47485bf289b9bff0bcaae

                                                                SHA512

                                                                2ba160bd0120ce5704142f0cead33aed12f0a9ed2973085a05a0b91099bf9acadd24d7efb610c51cf34afaa9f227fa3845c340cacc13cfe819bdc8ef23eeba31

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                55d13419ef7e00979888e1f36e85667c

                                                                SHA1

                                                                9213fd7f1bfe3399f11d8ce56516c9ecfaef50c3

                                                                SHA256

                                                                99a431ec4372e147cbb89b186806b63791ccac196e7c21362affa2da3dea5883

                                                                SHA512

                                                                4cfbbde7606ea5d8c56ab0a540ef2c4c84d3feabf5b694d41838f00cde9fddac90cac1a2d095f53ca597288a48adbf080f1196fe4c179e5b86be7b6ba4968da5

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

                                                                Filesize

                                                                471B

                                                                MD5

                                                                837922a3aef2726e8274fd56034fa4a3

                                                                SHA1

                                                                d8da55042c6766da2a83374d8f1bcfad9a4b7288

                                                                SHA256

                                                                86dcf75b1bc623705bcb2cbcf5e24d5a67d993660c4153becd0478008ae46f7a

                                                                SHA512

                                                                944668386a36856b556804ed7c83cfc930c5c26a180bcb47b8944247ab4190ead7bbf5dadfd0ff8a4cd7a5443ee5f04f0d7c232e1eebf77cfd43765bc113034d

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                                                Filesize

                                                                471B

                                                                MD5

                                                                b8bbc463c1cce84a304e9fdbc64d819a

                                                                SHA1

                                                                bf92d1d96c04e7a06787b314c9ab947e473c049d

                                                                SHA256

                                                                a264172c1f386ad788d6723365584799cd5775f339d06599dcc52e971e0cb3ce

                                                                SHA512

                                                                9a6ecd73a1922bb6ea1cb1982df940d04d7dfd51b988d28c540e1a8629b37b748907cdc047a656fcda78f93519e1380695196a0271bcc0d1b2e63724dc3c87db

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                                                                Filesize

                                                                724B

                                                                MD5

                                                                ac89a852c2aaa3d389b2d2dd312ad367

                                                                SHA1

                                                                8f421dd6493c61dbda6b839e2debb7b50a20c930

                                                                SHA256

                                                                0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

                                                                SHA512

                                                                c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                Filesize

                                                                471B

                                                                MD5

                                                                c8516a74e879ccc135d6607c07de9c3f

                                                                SHA1

                                                                34565a9a50cb7cf9ad973131c2eecc3cf7ebd487

                                                                SHA256

                                                                b689a915a75f5af1e69c557c565b595fedeec09fb3bd96f41633e39e04ecd73b

                                                                SHA512

                                                                379e624f55eda7ef1df73bcfa4f0c61974b0b59662c8e2440aa2e0e72b149689928be14182ed2a57bdcbac596639da708464036f21de074bb77c3fa2dcf04543

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

                                                                Filesize

                                                                410B

                                                                MD5

                                                                e66f00e331c8d91185551e8d4991b197

                                                                SHA1

                                                                6619025746726c5b2dde1fc1920aca3af26dacfe

                                                                SHA256

                                                                b2ae249ef5a5248f5f3abbd3fdf950d8739ffba2ae50ac0518d46d1db6af3971

                                                                SHA512

                                                                272082afb5856dd616e9b7761f2edd5bf2946dfebb27e184be7e5903108753401e48059123298e2b90c4a83179d3ec7a3ee7896d70b3318b761653cf74095f2c

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

                                                                Filesize

                                                                406B

                                                                MD5

                                                                f6516171928772353e96e616066ed148

                                                                SHA1

                                                                e9f48270bb19007202ae540888c6d84285b623c6

                                                                SHA256

                                                                e7de2b00f53f92ab7b59d657dee8d490c49c4ea28f936d796776a1c80ea274f0

                                                                SHA512

                                                                3eb023088da9fb53326990313b7a8c483628156aa632a1e6ab30824edc0ee475f8db04c8be45d428a35ed66e5f878a8164ea95bc9cedb04c463350391230fa16

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                                                Filesize

                                                                400B

                                                                MD5

                                                                007d71d0775cde7636ae7932473163c6

                                                                SHA1

                                                                410f3510aaddcb1342e9f3d927371aecb7d86bd7

                                                                SHA256

                                                                a232dd3ac0d02966d8782b3ae7c412dd82b4bdaae9524c2647b2f1003a6370b3

                                                                SHA512

                                                                af7d3addcf96da57d92f557efa364ccb3b0651200f45669d64f047fc7f05a0aa014dc34d67a023868b1e173d198ad0a59404c4613c04cb5edd89413e1fac7290

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                                                                Filesize

                                                                392B

                                                                MD5

                                                                a9bbe67bc23d2da5891604b0bd687237

                                                                SHA1

                                                                449e12c49fed488553cf5b8b7dafea83e6e2b1d9

                                                                SHA256

                                                                a5ad8e6026a87d347b220b0e9ed8afabc0201262f56db70442b31fbe682de065

                                                                SHA512

                                                                ad00328362c95d30f06b373dbbe020c5e55bc86ff39da6743614d44e3941fcc0011be303840f2e1da212120dfd882463d6ae3319b28deafa57cad27a7b5ad835

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                Filesize

                                                                412B

                                                                MD5

                                                                f476d3b7b941b215fc57645e5ceb93dc

                                                                SHA1

                                                                d5b5328f01c274b64ed7081273cacea39adc95d4

                                                                SHA256

                                                                5bbc6a441903100177735157d750d0ccd9f7162c7b6bc2c49a7e332b742896d9

                                                                SHA512

                                                                59d359d47b50c79d259f5c077e486cb9bf129776596b448fe21cc182134eef20ae8dbfc46aa4a55a8d650fa51a8dd0acdce4ba491375d3ac15824908749b71a8

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

                                                                Filesize

                                                                512KB

                                                                MD5

                                                                ce1b29b23248c9dd497a5d0ad49497ec

                                                                SHA1

                                                                8e01fde217c598b905bbcd1446055c2d1d4242cc

                                                                SHA256

                                                                4e12b5b35c989de56293059fe72f8d049b9cfb59efa6de6cfc5b9fed2d99289c

                                                                SHA512

                                                                abea3cb32c4070898ffab0cb412f0cff58ac6ef189d575fc406680f5bd8700f0e577bfbddf28deb22c88f3158ac7a025c1edbed36ec99f630337101df9162eb9

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

                                                                Filesize

                                                                512KB

                                                                MD5

                                                                f3d528bc857ea4223d857d1c18cb9b6c

                                                                SHA1

                                                                1f14bf0a6504c3df691cb86e1c2937c14d139be4

                                                                SHA256

                                                                70d2e1b92678ae6cb0832a28ddeb04b2af40c3ff28e61d4050f92ab26a6835bb

                                                                SHA512

                                                                e4ee9fa39a9880c9a81baa414dfe2ae92063cd0603deb4d6aa58718029a94866fa4b1220282867a0ee469b92c0e4b57100b570c0f054998938d7d853d6e15bc5

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

                                                                Filesize

                                                                512KB

                                                                MD5

                                                                719f454da0c9224afccd583ab93b16ab

                                                                SHA1

                                                                b803f2647899d9f8ff5c58ec2daf65fa8880affd

                                                                SHA256

                                                                74c4f4b9a81d46987fe9671682d4988855e50301f47463fd818b83dbfaa690fd

                                                                SHA512

                                                                2692b881e418e16dbee29fbfc4fab93d62734431b060cd4143451100f485fc48defceb874e20caa012dfe5129dd5768102c80b98351fd7f8caa2cd987c2a5064

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                bd01ac722c82ee062e1393b9c8b0c0f2

                                                                SHA1

                                                                9f4d2b0ed5bd1fef9b8dcdae06b5d8cbcfb6571d

                                                                SHA256

                                                                be49b971cf6c580322a8079ff677b2385c75a9fa3c68dcb6fe41084b2e769a99

                                                                SHA512

                                                                3142f019423c5e68a8f5ae90c45a86d0d44f36526332e820ebac2452b660e7e39dfc5b5eae5098ba03dab351df894682fd46ca0527c4c201aa36de82b445d3d7

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                0523bab43d9466af2fe9c8c6a6766d46

                                                                SHA1

                                                                5b3ad67789e4d5015e51e99de3842759a790fb46

                                                                SHA256

                                                                8777ef29433477eace85409191673a2d5585a3b6a9d77e7c307c44521eff3047

                                                                SHA512

                                                                6a194aa71bf691ec76b9793ea2d23be7bd6b8841edbfa8dfab8ca74ea5ff140328be3fd250dbd6c8973e02d9175c6954f793ab941f24f38af05e3a4965da1b09

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                7d91d20f531438a7532820a10e3a6be5

                                                                SHA1

                                                                cbeb808a38d0a3e2854f16b514649fad16f2ee2f

                                                                SHA256

                                                                0c23d58d4cf74581bc7b4a6eb42916a711c18a23a322d4cb51c7a1d87f0c33c3

                                                                SHA512

                                                                07750a9ed24b3fbdaa0975a684b3d16276599aaabe62f46088f0f1292c01859b8435ec8b160c21eba65deffb4e1f25d37565f01ca2a6d637e1a3b546440d7ab8

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                c79e9949b316c4a4488bcd1c34350b83

                                                                SHA1

                                                                3931715d0346ea20715714526c41a30d659d97f1

                                                                SHA256

                                                                9ba90b6e71288aa82de201e83cd5ca46713d9540a7df8cc79a1f5054d8ad1293

                                                                SHA512

                                                                4fd4b882e06a7795fb26d47efbc0ddfa9f1d2dc17d263c51630b00581260c482ccbfe10d30886f6eebb1afba61cdf696cf0827bd06c14536d2a02dc379e21867

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                beecd1bf71ce15ab9fa4238801864453

                                                                SHA1

                                                                c0693a0c94d482791497fe7bfbace21368e16175

                                                                SHA256

                                                                9c0c90a188bd7e719c6c75038c335f705f935497134f3fb9a75251bbb78c18c8

                                                                SHA512

                                                                c51ef19352c4517cf1dd2bfa601dd5426a2ca89d956c536a6f651644afc599b4a826b4bbaacaa7bbdedef2d0abe8586671fe47f7dff46f1f0a9e1665ff1ee63a

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                cf55cb9e7c1c4d8b973ad1ebadf8c241

                                                                SHA1

                                                                da1be5fb7cf6f36c0897426efb0b411bf5d0138c

                                                                SHA256

                                                                673e220173199a5623f8b44086010256a1a32c4c1dbdf0d0efa9bac3eca81f80

                                                                SHA512

                                                                e2f69dfb2345c8fcedb069e85a6c610f114d6f12756fb1d30a111cf60aea10b6c101c6426e2b58325820e5f55580c347fd9da98afb4e839c9cce0fc44d37c482

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                d3f745047e48dd1706a607210d458ad6

                                                                SHA1

                                                                f69cdc299ad8c67043739865a8c3e26964a26c6b

                                                                SHA256

                                                                aabb88f8805b94ea8199ce8a5e722acdcb38d24f4a82d064a311f54ce9f34b45

                                                                SHA512

                                                                8b547cfe7d8103def2e80c9023d3e09e19c1b1b61e9a807e06091ec5317f51f8bdf56f5385fa3a27dfb2f9108e11e390f0ac478c544a84790657b6a440b34b48

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

                                                                Filesize

                                                                16KB

                                                                MD5

                                                                76c79d0c7ebf3a81345f7c8cfd1645b5

                                                                SHA1

                                                                b6ba6f75a89adbb4fe95401be5472e669bfa60db

                                                                SHA256

                                                                35a24ad8516ad334cda7cbc953938b3a2eee81a5d1e9e1aa4d48daec0cdfea16

                                                                SHA512

                                                                5b292dddd00faa1130003deae8557b539b3387ef14b81dfcb1d4ff6b5482a39419f165a63b25de0a30749624b93f840cefc470f616e3ba2d9fc737877f6ed7e7

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

                                                                Filesize

                                                                16KB

                                                                MD5

                                                                38695bc5913878e88fb9c2516b4903ca

                                                                SHA1

                                                                fde98669109fac2f4809e69df42909ecee3c8efb

                                                                SHA256

                                                                76f7cc2b83ed76cfd2e924ab3efd303d8ed0ebf53b667ec99a0130151d8beaee

                                                                SHA512

                                                                2cf558030a71f8062680f634d90a4bd8dd24c208fd31ae4c32e1c1ed7715e96f18b28fdd6f4369e814eb3d46fdea60199c93c5e9fde6a1b585df1a3fb7e3af73

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

                                                                Filesize

                                                                16KB

                                                                MD5

                                                                49c490971cbcfaf5a1bbe85c15066631

                                                                SHA1

                                                                f49478d8653d1ff56bc618659b0fe47411f15102

                                                                SHA256

                                                                9cc6b9889f37dc9f1a9ad22d9d55081bb2d9fd068ceddd2673057b59193422e7

                                                                SHA512

                                                                984c126d1846b31f4475f19697a78f25657942f894d707b588c8c18a92a005cc389e3ae0e070ae1f6186c375c8e7123e73df642c64fb2fc5ef7cea6346ed681f

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\3lcf90e\imagestore.dat

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                1244bfbcc0b2076f0dd0d00eb5ea7bb2

                                                                SHA1

                                                                5000efe46cf42b4fb5700fdd3bcf1ef1fae83080

                                                                SHA256

                                                                db1759f1aaedb0dc132e5c9cf7d06fa1150b39ada5ec4d185bbe5154bb3cede4

                                                                SHA512

                                                                f73724f3ea9d449be6d24d2b04a2bd79cec61150f07fcc235b6ee5509596e5d8e73f65ea44fc72cc1772cdc336c18a7bf631a32acc47d52067a5083569c5ab35

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\3lcf90e\imagestore.dat

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                af70861e97d1ca7386e5d5d6743491b4

                                                                SHA1

                                                                80506cbfb70a21a1c8d827130550691348494b33

                                                                SHA256

                                                                1079eca91d68f524c16b21705d1c025dab4eee0bab2e648bbb5d7905ce6706b5

                                                                SHA512

                                                                eecbf912364e2cd21d4e5d096ca4ca96890f3024b493c8a7a4998ad37e06edee72e4eaa88b04cd30905b5bd37a12896bdaf02e13639cfe57dc78d52f16e1845a

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{49923839-2FB1-4D4D-98DA-19B7E363DE75}.dat

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                6da8637b774513e843e6dbf6602951ad

                                                                SHA1

                                                                f9470e2fcadba961ac4aaa474a720e62e026710f

                                                                SHA256

                                                                f87abaa6bd93c81fbe53acca0946ab36fbb567ba052597c13bcac4d0c3eb7358

                                                                SHA512

                                                                b6dd1ef74af7c10ae8bbd98dab1321521cd6e3b52decbdaade7cdda838b49042a58d1dbc62866902fee58bb91d139c43af486f493e8d4cf62c0886df15e43bd9

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{976432A9-04AA-4B71-80DE-D408A4CF0970}.dat

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                0af159212bc4e1c571b2597df9b33153

                                                                SHA1

                                                                def10106c5a0170a945177b47069ede63b1f2cae

                                                                SHA256

                                                                8226059ab2182073fdeeba6650e458f736230cc1e2037fedc10bdd67331c5ef0

                                                                SHA512

                                                                a057ffe8d63378407b927bc06ddd519bd7818d2991682b9e687571fa7daee162b56476a8395c1af967ab39fcadca462c515d368551f0b7c1085304490a43585d

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{EE3CFD07-D4FF-4D50-AE34-332D7DF02CE0}.dat

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                61cda172bc1fda88075d379887bd7b3a

                                                                SHA1

                                                                097567d470361404ba65ba50448f9214a4d559eb

                                                                SHA256

                                                                fa20b328826fc3b07d6b2c5cf08dcfc4e18fe99c2f644e290d44a2ff68b787d0

                                                                SHA512

                                                                22d602f928698ef6ca943738bbfe336b6bda39ef9a69c0673da1ffee61f7f6e3c5a9b6226cd128ecdbdcfb869dbb2b78284df601885acf513197ac7ae0c4293b

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{099E7469-D943-4484-B22A-7ABB23916706}.dat

                                                                Filesize

                                                                29KB

                                                                MD5

                                                                f145c4db62aee02d73b1de097acd22d2

                                                                SHA1

                                                                d71e050e32687c6bb4f15e4144867372784512e8

                                                                SHA256

                                                                7751bbb5d7c4177514e9a2c37974928de95065c75590a0aa4130ac9fc6708a18

                                                                SHA512

                                                                893f03768094423c6f02b0bccf14fc3b6ea9b5d2e2ac820e9222b910f88af7e6310e896bbdf9b02c2d66c5cff47056027de1a9b6c80e8b0e46cc483530ac6d77

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{1B4D61C6-526C-4E0B-9373-C1EFCD4E24AC}.dat

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                5320935c90f74ced113a2aa727ea86ae

                                                                SHA1

                                                                e16223d253c4dd42443b850586395c74e95933d0

                                                                SHA256

                                                                a40e91b18f75e56a7547fb8f3d2bdf2db2afbd9fc23567b7bca5e685e00a5893

                                                                SHA512

                                                                0ecef51b58152d4a881b2da0e335cdb9cdb8bdb51d1866742f9acff8440e2be8cc15ff74e6ef06032b4d9e3ba8ae59b5f586d68ac764237d5a798177bd67c961

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{1EBC532C-FE3B-4329-952A-FA3AB59DDBAC}.dat

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                449ba2f08a30fc9dea5b9f69704871d4

                                                                SHA1

                                                                deae9d3eae0c0845396a356addcbdc97eec3ced4

                                                                SHA256

                                                                ad6f852673c5abda9816f850f9ee1669225dbcb0c66912b4648da9dfa0d417ff

                                                                SHA512

                                                                8ac9fb74a299dd65482b615d74257f416da0bca400265252c1534e1ae44b84aecbc78b0cbbf0962e23a4a1aecd8208cbff5302ddc52157b8e8245f2f7ca48e63

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{2BB5529A-C43B-41C2-8942-9127DC9C62C3}.dat

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                99c50e4d7526c5e4e23ca0434a3cc1ff

                                                                SHA1

                                                                64a535535ffc2b4328d2d9c47224a765053a1731

                                                                SHA256

                                                                4a46a8d6e1a7b2bd0cf1543492e476224107fead628c78b4f117864efdfcb0ef

                                                                SHA512

                                                                c873e3b4fb7bdc34e1df3df75dc45d5de3a17e3c3c265b6e4a3be0848fb2201707eebf35259bb960e80655b294c63a4455e5647f06928e4a393336e30e90699b

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{8A93F331-1FDE-47F9-81DA-9893C351D70E}.dat

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                e892deebbb7c8daf1d3503285ef0dad8

                                                                SHA1

                                                                5884f56022cec2b18a64fb931bdf98887cd8ffc5

                                                                SHA256

                                                                4400cfdd781d589be8af29e912da11effca3b36eefbcc109a538f4bf7b753a91

                                                                SHA512

                                                                0a0c80df9d28479704eff871ac3a9cde4e781e42e51025df845f0dbf158dbc45fb6b68d863af4e4632247b929673cafa2c4eb9830c44e79eb996c2ecfb3e418e

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9D0188A9-89FB-4AD1-B14B-527785ACA21F}.dat

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                da381bf7c67ad23f459d3b66b3f3f002

                                                                SHA1

                                                                887f841c598a5a0ec86046195351270d65c059a6

                                                                SHA256

                                                                f3a482d521f034d230ea4f42d3da9770ab140c98fcabf649352a33e996b7074c

                                                                SHA512

                                                                38e6c5ca8c62951ca2ceda60f99016ed175810fd088bc387bf5691f8e2d17ff5674451c32d3621295f91b738d9917663f35f713b002e39162333a79bc4acf08b

                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{E7B753F2-BEF0-4F25-9A10-E64BB336C255}.dat

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                dd51305e36bac51420506abd2d293f69

                                                                SHA1

                                                                ac546dd38575070b2a0119c1e1dd0c91c2cb7af2

                                                                SHA256

                                                                34e51553e58cd915b4e01acd2b7f66a1b4dbd803e497ac99ccda1a7eb9aad7ff

                                                                SHA512

                                                                08a38382efe40fa2b5df51874d755626ca9f6ae77681cd3f46515da29fd76daaf6b43f3fbb1bc4ad9adf3d36a8d6a82062450fb0e814a95c104d30bce15b20b8

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                053f6e158b092d6401ad0b8a112e8a1f

                                                                SHA1

                                                                bedb4037b906b78aadc787b15d76b6558552aaef

                                                                SHA256

                                                                ed04b7fbe6735dbc1b5ef3420e849ee93fb8900b84aa83db1a8e6ea4c811f3b0

                                                                SHA512

                                                                6e57dc5baa60a61d93298c23e7d44c8165d68d62d1913b8a5ab010c229ef42d959dc10d736a11d9b3c738ec8791d196ad14b916cd0e58ec6bd4bced2b09d05b5

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\93ecbd7c-67df-432d-b313-7c4658d1ad66

                                                                Filesize

                                                                746B

                                                                MD5

                                                                6226cfe67c5ca79cd1e9f5f32d54e587

                                                                SHA1

                                                                59805ea585a6e0b8985dfcb06d349e9b7877b6c5

                                                                SHA256

                                                                caaad8b73943365a429eff39c261620db6e29fd95403738dc27ab540c68cdd8c

                                                                SHA512

                                                                54467e6a0e9c719500b62b45387f8fcc6c73f976e01389366d91f3bfa4e846748cf7d88be8af54788bdf44a8acfcb39245c0741ed6386c80ad3ec2115290c589

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\df39960d-59ed-4dad-90e3-79a6376c54c1

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                0cfd20d63c3f278271cd22052d4da776

                                                                SHA1

                                                                e77b22a85b502926c87da5557b437270123fb0d7

                                                                SHA256

                                                                4b0707979c233615e2edc7f5a68056e9e5e18676a0058d8d9656055ed52bc0cc

                                                                SHA512

                                                                a042081b60d36055e6f64c125daa0b921d015a00314a5a4574d64ce101be862f5c9acd9575f8ab2202f6b4f72cda6b895c931fc610c709f103db060347da0ade

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                bb6d42697b3e5513380e5abcf088a882

                                                                SHA1

                                                                ba7394ed1db7803b412110f6e9bbb29d9abb99cc

                                                                SHA256

                                                                d95682ca96db91bf93765c4ecea50fa243ad768a1095b9ea929fe1c80a5e613a

                                                                SHA512

                                                                f7c95a8aa22f68a119feef31d79c66a6fd9da61be6e06fa4cada93acfb9841e96fa3b974b667fe14cc2460657ae964356c4bc19ccabbdbabbf9feabd985b88d0

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                3a1fd290c31688ddf6b008144423af32

                                                                SHA1

                                                                f5c1cec11b8c0c95ad69985f32a4eec4cab1f67b

                                                                SHA256

                                                                4010f482511c036e732be6ce3d30bf976e46a231e839c7466fa09592a210b807

                                                                SHA512

                                                                77ba76297cb84c3119ced9ee80c6efb08a7c5eaa7af9a997c03e22a562be831ed22c0a8201d344640b5169f6a82372ea9d585461ea180887cea5339dc439f654

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                e47881cc860d03c1725a51abfff28c7d

                                                                SHA1

                                                                a70882129652804bb4649b1bb8f3dc10a9fc2fb1

                                                                SHA256

                                                                a0fa37599a77dc241546b47f90b72fd01d61cf6cdb9f38b25d71f7090ad8010b

                                                                SHA512

                                                                1c0fb2b3a8f11d81ff3a301568c4da1aaa145242728001480794eac348465d18879e1d97cdcbbb3dd15fa1dc32096c0b047de87f77806d847d070ec0fd564629

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                4791cb35401e54ee9422fd869ccedcb8

                                                                SHA1

                                                                a7b28a19a29b3fe62ca15f4f01fc45999af1bdff

                                                                SHA256

                                                                1cbf3a1edac5b03b6a98c268613d2c66b76a13cbdadf9b9703b09386b66ce5ed

                                                                SHA512

                                                                05c2675a05a34511dd312a6b53da78c5e7d731451e4c1ea8bab7600a48fc852f5ff6f0d4fe1b57e6b86c8defa974927ddab7093e8dfb6387cb8b12295ec30e1f

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

                                                                Filesize

                                                                259B

                                                                MD5

                                                                e6c20f53d6714067f2b49d0e9ba8030e

                                                                SHA1

                                                                f516dc1084cdd8302b3e7f7167b905e603b6f04f

                                                                SHA256

                                                                50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                                                                SHA512

                                                                462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                520e436c3a8ff64ede3767c19a96e154

                                                                SHA1

                                                                33895a23833102547208d7cbbb99d78c743f620c

                                                                SHA256

                                                                a1d5cef544eac314c146ed64be3047bf49f2d728cb54a20174ed786232696d09

                                                                SHA512

                                                                7543c9ff218ce03f1312495f43d6f07691e1ce66d84bffa49d6c480b77769df6ef41d4d92ce770e29d5315745f3f84cac10e82e27f4deedbc5a90b4eb141c679

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                6681a05a342c6bea9c670449943639bd

                                                                SHA1

                                                                7964aa1378f5aa5ae37d15427e697055dcfcb924

                                                                SHA256

                                                                97e063048f87df0a3ba4965f4312d12592c55248f2024c9f7d72cd21aa34f202

                                                                SHA512

                                                                d2f8c7ae3e6f8dfb4b79b100011d33995fd80344294e139fa8283ff6c27b105a4adefed553bf6afd030a09825012083cd49e9db1fb0580e2253ee692b36d5d82

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                0c30e8bc2f41f59d2d82521c770d1805

                                                                SHA1

                                                                6ac7e24af7248d9cf401843be3435e172440331c

                                                                SHA256

                                                                a1b0c577f4d31bb97fad930ee6e6e8e8bd2acae3d33e8c27a840fa7aef8a48a1

                                                                SHA512

                                                                96bae94a849bfb959d06e1935b96159f1ec8fb0085c01205198cda5effd624d706bfad1477bb423614d3f778e952bc4625949b8e7658672cde9516f9989b29c9

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                5a3697e4f72da4d938b9381acfa0ca0e

                                                                SHA1

                                                                1ec2abb9f25f85a96adff72dbb49503dd54cdb64

                                                                SHA256

                                                                e5248db832b6a12c3477cf419cb87791402eb9639d9bd56b6164130b109ac5ba

                                                                SHA512

                                                                12ceead63008ba3f5382b6737e8625f30f245a1cf202547ff49528efe7a7b50e4152c25c25d58f7bf3cf4e4585ba589ece53f13bd1cff996e22119d03544510a

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                1aa39b8424b290e2df9e68a3d319ded8

                                                                SHA1

                                                                3e5d006bea8cf842dbfbc305a83fbbe367f1b259

                                                                SHA256

                                                                6a7b593fb6fc8e0d1199a9dea1f60332d1ee6718867270879be11fa95056e7fe

                                                                SHA512

                                                                d8de80b618bf82028bd5c4fc8b2c5b7e7a3bf630512c1953ba4fc870080cb80c411d3ce15595c327b47cf34896da448b4a41ea58792a7e737ae636cf9805ac0c

                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                Filesize

                                                                184KB

                                                                MD5

                                                                0ed2663971e8051b2bcb574926400fa8

                                                                SHA1

                                                                467756bf41c377bdb07c8be10d5391f1df1d80a7

                                                                SHA256

                                                                0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

                                                                SHA512

                                                                e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

                                                              • C:\Users\Admin\Desktop\Free Youtube Downloader.lnk

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                882c6e1ee782e921cccb8c699eb26a90

                                                                SHA1

                                                                303d08c4f3455ab2a62fe4ab4686bff06acb5c00

                                                                SHA256

                                                                4c11bd26f55c3f667d520fa52649f6042e8d072676020f4fb7c70ea49a233aba

                                                                SHA512

                                                                dab61f0d9d437f63efe99a53e9a2f83638b73a22798da4dcad6ac9788d365306ebaa3ad3accb7e2a6085c5f13582d09b675023d1d3d7f7e35e925dac2357a609

                                                              • C:\Users\Admin\Downloads\Yk-g4KVy.zip.part

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                69977a5d1c648976d47b69ea3aa8fcaa

                                                                SHA1

                                                                4630cc15000c0d3149350b9ecda6cfc8f402938a

                                                                SHA256

                                                                61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

                                                                SHA512

                                                                ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

                                                                Filesize

                                                                438KB

                                                                MD5

                                                                1bb4dd43a8aebc8f3b53acd05e31d5b5

                                                                SHA1

                                                                54cd1a4a505b301df636903b2293d995d560887e

                                                                SHA256

                                                                a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

                                                                SHA512

                                                                94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

                                                                Filesize

                                                                153KB

                                                                MD5

                                                                f33a4e991a11baf336a2324f700d874d

                                                                SHA1

                                                                9da1891a164f2fc0a88d0de1ba397585b455b0f4

                                                                SHA256

                                                                a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

                                                                SHA512

                                                                edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe

                                                                Filesize

                                                                110KB

                                                                MD5

                                                                ab648a0df4fe7a47fe9d980c545b065d

                                                                SHA1

                                                                ce28ea7dd117289daf467467a592bc304c72d4e6

                                                                SHA256

                                                                905a849721ec95ab08754aeee9a60b3ed435d36962466fcbe5cfca63dfc455cd

                                                                SHA512

                                                                7ae99da55fbf1c31c5281e5f4e10ab2bc33b89effeee82b574eb4b60541c5ea2913d5d99836608873da372c78e75436ae7e535568f48d81cb9dd26d2cc1b3a8c

                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                c92a1d4d0755c886dd137c6cab43c35e

                                                                SHA1

                                                                fc16175e58ad1f67c57e7fdf55333fdd0e01d936

                                                                SHA256

                                                                6ab1ee65e6c9c5e31fe3680fc92a2a0ae73f216e966f5582a2d9c265357238d4

                                                                SHA512

                                                                0525880a1f4cc7dd912ca4006fe4bd02bf1218931fcb56489a0ec728a682fdf1ecd35e8797c665c63dc19d8236942d9b832a6a8c46e00df02afa2c65327dd9de

                                                              • C:\Windows\INF\netrasa.PNF

                                                                Filesize

                                                                22KB

                                                                MD5

                                                                80648b43d233468718d717d10187b68d

                                                                SHA1

                                                                a1736e8f0e408ce705722ce097d1adb24ebffc45

                                                                SHA256

                                                                8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

                                                                SHA512

                                                                eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

                                                              • C:\Windows\INF\netsstpa.PNF

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                01e21456e8000bab92907eec3b3aeea9

                                                                SHA1

                                                                39b34fe438352f7b095e24c89968fca48b8ce11c

                                                                SHA256

                                                                35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

                                                                SHA512

                                                                9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

                                                              • C:\note.txt

                                                                Filesize

                                                                218B

                                                                MD5

                                                                afa6955439b8d516721231029fb9ca1b

                                                                SHA1

                                                                087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                                SHA256

                                                                8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                                SHA512

                                                                5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                              • memory/1016-37-0x0000000005DB0000-0x00000000062AE000-memory.dmp

                                                                Filesize

                                                                5.0MB

                                                              • memory/1016-39-0x0000000005950000-0x000000000595A000-memory.dmp

                                                                Filesize

                                                                40KB

                                                              • memory/1016-38-0x00000000058B0000-0x0000000005942000-memory.dmp

                                                                Filesize

                                                                584KB

                                                              • memory/1016-36-0x0000000000FD0000-0x0000000001044000-memory.dmp

                                                                Filesize

                                                                464KB

                                                              • memory/1768-26-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                Filesize

                                                                240KB

                                                              • memory/2616-47-0x0000000000400000-0x0000000000423000-memory.dmp

                                                                Filesize

                                                                140KB

                                                              • memory/3012-28-0x00000231EBF80000-0x00000231EBFAE000-memory.dmp

                                                                Filesize

                                                                184KB

                                                              • memory/3012-27-0x00007FFFE5A23000-0x00007FFFE5A24000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/3012-29-0x00007FFFE5A20000-0x00007FFFE640C000-memory.dmp

                                                                Filesize

                                                                9.9MB

                                                              • memory/3012-30-0x00007FFFE5A20000-0x00007FFFE640C000-memory.dmp

                                                                Filesize

                                                                9.9MB

                                                              • memory/3012-33-0x00007FFFE5A20000-0x00007FFFE640C000-memory.dmp

                                                                Filesize

                                                                9.9MB

                                                              • memory/3116-749-0x00000261D7620000-0x00000261D7630000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/3116-766-0x00000261D7730000-0x00000261D7740000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/3116-784-0x00000261D6740000-0x00000261D6742000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/4556-160-0x0000000000400000-0x0000000000423000-memory.dmp

                                                                Filesize

                                                                140KB

                                                              • memory/5764-792-0x00000200CFC40000-0x00000200CFD40000-memory.dmp

                                                                Filesize

                                                                1024KB

                                                              • memory/5764-794-0x00000200CFC40000-0x00000200CFD40000-memory.dmp

                                                                Filesize

                                                                1024KB

                                                              • memory/5772-814-0x000002129C6E0000-0x000002129C6E2000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-832-0x000002128C200000-0x000002128C300000-memory.dmp

                                                                Filesize

                                                                1024KB

                                                              • memory/5772-1014-0x00000212A1410000-0x00000212A1430000-memory.dmp

                                                                Filesize

                                                                128KB

                                                              • memory/5772-1128-0x000002128BDB0000-0x000002128BDC0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/5772-998-0x00000212A0D10000-0x00000212A0D12000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-810-0x000002129C600000-0x000002129C602000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-919-0x000002129FA80000-0x000002129FAA0000-memory.dmp

                                                                Filesize

                                                                128KB

                                                              • memory/5772-812-0x000002129C620000-0x000002129C622000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-1037-0x00000212A1160000-0x00000212A1180000-memory.dmp

                                                                Filesize

                                                                128KB

                                                              • memory/5772-994-0x00000212A0CD0000-0x00000212A0CD2000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-996-0x00000212A0CE0000-0x00000212A0CE2000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-992-0x00000212A0CC0000-0x00000212A0CC2000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-986-0x000002129DEB0000-0x000002129DEB2000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/5772-805-0x000002128C200000-0x000002128C300000-memory.dmp

                                                                Filesize

                                                                1024KB

                                                              • memory/5772-960-0x000002129FAA0000-0x000002129FAC0000-memory.dmp

                                                                Filesize

                                                                128KB