Overview

overview

6

Static

static

3

windhawk_setup.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    244s
  • max time network
    246s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 01:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    windhawk_setup.exe

  • Size

    10.7MB

  • MD5

    a7699df432c7a074cc1d26bac0579c1b

  • SHA1

    87ceda7562e1ff4a8771beac0d51660e51af3ba8

  • SHA256

    85dbfda445ba4b23c167e9c3767fb812366642c6f40d3b4d1ba00040595cec30

  • SHA512

    88acad7947592510d954c6d17b03d8f952fc63e85dadb701c3420ee5f103de853648c4529e2dc35cdfdd514c8638033cc27e2b01960f9d5feea72740958c5f66

  • SSDEEP

    196608:BLK+C3ttDNXsHFGKzt/Lxdd8tC/r7M/3DdVdBp1xVzqOri:BbC9t58XzphM/BNTVri

Score
6/10
discoveryexecution

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 24 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 11 IoCs
  • Executes dropped EXE 54 IoCs
  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 48 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:2696
  • C:\Windows\sysmon.exe
    C:\Windows\sysmon.exe
    1⤵
    • Drops file in System32 directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    PID:2824
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
    • Drops file in System32 directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    PID:3116
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:3440
    • C:\Users\Admin\AppData\Local\Temp\windhawk_setup.exe
      "C:\Users\Admin\AppData\Local\Temp\windhawk_setup.exe"
      2⤵
      • Checks computer location settings
      • Drops file in Program Files directory
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /delete /tn WindhawkRunUITask /f
        3⤵
        • Loads dropped DLL
        PID:1596
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /tn WindhawkRunUITask /xml "C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\WindhawkRunUITask.xml"
        3⤵
        • Loads dropped DLL
        • Scheduled Task/Job: Scheduled Task
        PID:4452
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /S /C "powershell -ExecutionPolicy Bypass -Command "& {$ErrorActionPreference = \"Stop\";$scheduler = New-Object -ComObject \"Schedule.Service\";$scheduler.Connect();$task = $scheduler.GetFolder(\"\").GetTask(\"WindhawkRunUITask\");$sec = $task.GetSecurityDescriptor(0xF);$sec = $sec + '(A;;GRGX;;;AU)';$task.SetSecurityDescriptor($sec, 0)}" -FFFeatureOff"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1268
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -ExecutionPolicy Bypass -Command "& {$ErrorActionPreference = \"Stop\";$scheduler = New-Object -ComObject \"Schedule.Service\";$scheduler.Connect();$task = $scheduler.GetFolder(\"\").GetTask(\"WindhawkRunUITask\");$sec = $task.GetSecurityDescriptor(0xF);$sec = $sec + '(A;;GRGX;;;AU)';$task.SetSecurityDescriptor($sec, 0)}" -FFFeatureOff
          4⤵
          • Loads dropped DLL
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3828
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /delete /tn WindhawkUpdateTask /f
        3⤵
        • Loads dropped DLL
        PID:3368
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /tn WindhawkUpdateTask /xml "C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\WindhawkUpdateTask.xml"
        3⤵
        • Loads dropped DLL
        • Scheduled Task/Job: Scheduled Task
        PID:2740
      • C:\Program Files\Windhawk\windhawk.exe
        "C:\Program Files\Windhawk\windhawk.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1248
        • C:\Program Files\Windhawk\UI\VSCodium.exe
          "C:\Program Files\Windhawk\UI\VSCodium.exe" "C:\ProgramData\Windhawk\EditorWorkspace" --locale=en --no-sandbox --disable-gpu-sandbox
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Modifies registry class
          • Modifies system certificate store
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:116
          • C:\Program Files\Windhawk\UI\VSCodium.exe
            "C:\Program Files\Windhawk\UI\VSCodium.exe" --type=gpu-process --disable-gpu-sandbox --no-sandbox --user-data-dir="C:\ProgramData\Windhawk\UIData\user-data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1692,i,2571590118421965957,9437196900553787141,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4568
          • C:\Program Files\Windhawk\UI\VSCodium.exe
            "C:\Program Files\Windhawk\UI\VSCodium.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\ProgramData\Windhawk\UIData\user-data" --standard-schemes=vscode-webview,vscode-file --secure-schemes=vscode-webview,vscode-file --bypasscsp-schemes --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --streaming-schemes --mojo-platform-channel-handle=1892 --field-trial-handle=1692,i,2571590118421965957,9437196900553787141,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4092
          • C:\Program Files\Windhawk\UI\VSCodium.exe
            "C:\Program Files\Windhawk\UI\VSCodium.exe" --type=renderer --user-data-dir="C:\ProgramData\Windhawk\UIData\user-data" --standard-schemes=vscode-webview,vscode-file --secure-schemes=vscode-webview,vscode-file --bypasscsp-schemes --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --streaming-schemes --app-user-model-id=RamenSoftware.Windhawk --app-path="C:\Program Files\Windhawk\UI\resources\app" --no-sandbox --no-zygote --enable-blink-features=HighlightAPI,WebAppWindowControlsOverlay --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2636 --field-trial-handle=1692,i,2571590118421965957,9437196900553787141,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --vscode-window-config=vscode:238f527e-9ea3-47f7-a3f2-b63c49ffcf78 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:2976
          • C:\Program Files\Windhawk\UI\VSCodium.exe
            "C:\Program Files\Windhawk\UI\VSCodium.exe" --type=renderer --user-data-dir="C:\ProgramData\Windhawk\UIData\user-data" --standard-schemes=vscode-webview,vscode-file --secure-schemes=vscode-webview,vscode-file --bypasscsp-schemes --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --streaming-schemes --app-user-model-id=RamenSoftware.Windhawk --app-path="C:\Program Files\Windhawk\UI\resources\app" --no-sandbox --no-zygote --node-integration-in-worker --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1692,i,2571590118421965957,9437196900553787141,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --vscode-window-config=vscode:5026e806-a042-4535-ac04-a4e17d854bbb --vscode-window-kind=shared-process /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:4216
            • C:\Program Files\Windhawk\UI\VSCodium.exe
              "C:\Program Files\Windhawk\UI\VSCodium.exe" "c:\Program Files\Windhawk\UI\resources\app\out\bootstrap-fork" --type=ptyHost --logsPath C:\ProgramData\Windhawk\UIData\user-data\logs\20240715T011752
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:3240
            • C:\Program Files\Windhawk\UI\VSCodium.exe
              "C:\Program Files\Windhawk\UI\VSCodium.exe" "c:\Program Files\Windhawk\UI\resources\app\out\bootstrap-fork" --type=fileWatcher
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:4772
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
              6⤵
                PID:1248
            • C:\Program Files\Windhawk\UI\VSCodium.exe
              "C:\Program Files\Windhawk\UI\VSCodium.exe" --inspect-port=0 "c:\Program Files\Windhawk\UI\resources\app\out\bootstrap-fork" --type=extensionHost --skipWorkspaceStorageLock
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:976
              • C:\Program Files\Windhawk\UI\VSCodium.exe
                "C:\Program Files\Windhawk\UI\VSCodium.exe" "c:\Program Files\Windhawk\UI\resources\app\extensions\json-language-features\server\dist\node\jsonServerMain" --node-ipc --clientProcessId=976
                6⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:1608
              • \??\c:\Program Files\Windhawk\windhawk.exe
                "c:\Program Files\Windhawk\windhawk.exe" -new-updates-found
                6⤵
                • Executes dropped EXE
                PID:1672
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"mspaint-dark\"" "-DWH_MOD_VERSION=L\"1.0.1\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target x86_64-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\64\mspaint-dark_442138.dll -lole32 -loleaut32 -lruntimeobject
                6⤵
                • Executes dropped EXE
                PID:2148
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"mspaint-dark\"" "-DWH_MOD_VERSION=L\"1.0.1\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "x86_64-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\64\mspaint-dark_442138.dll" "-lole32" "-loleaut32" "-lruntimeobject"
                  7⤵
                  • Executes dropped EXE
                  PID:4312
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple x86_64-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model pic -pic-level 2 -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"mspaint-dark\"" -D "WH_MOD_VERSION=L\"1.0.1\"" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=seh -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-d6df8c.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:1384
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pep --shared -Bdynamic -e DllMainCRTStartup --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\64\mspaint-dark_442138.dll" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-d6df8c.o -lole32 -loleaut32 -lruntimeobject -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:3332
              • \??\c:\Program Files\Windhawk\windhawk.exe
                "c:\Program Files\Windhawk\windhawk.exe" -new-updates-found
                6⤵
                • Executes dropped EXE
                PID:5612
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"taskbar-volume-control\"" "-DWH_MOD_VERSION=L\"1.2.1\"" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target i686-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\32\taskbar-volume-control_787936.dll -DWINVER=0x0602 -lcomctl32 -ldwmapi -lole32 -lversion
                6⤵
                • Executes dropped EXE
                PID:5280
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"taskbar-volume-control\"" "-DWH_MOD_VERSION=L\"1.2.1\"" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "i686-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\32\taskbar-volume-control_787936.dll" "-DWINVER=0x0602" "-lcomctl32" "-ldwmapi" "-lole32" "-lversion"
                  7⤵
                  • Executes dropped EXE
                  PID:5288
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple i686-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model static -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -target-cpu pentium4 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"taskbar-volume-control\"" -D "WH_MOD_VERSION=L\"1.2.1\"" -D WINVER=0x0602 -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=dwarf -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-018de5.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:5264
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pe --shared -Bdynamic -e _DllMainCRTStartup@12 --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\32\taskbar-volume-control_787936.dll" "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-018de5.o -lcomctl32 -ldwmapi -lole32 -lversion -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-i386.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-i386.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:5520
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"taskbar-volume-control\"" "-DWH_MOD_VERSION=L\"1.2.1\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target x86_64-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\64\taskbar-volume-control_787936.dll -DWINVER=0x0602 -lcomctl32 -ldwmapi -lole32 -lversion
                6⤵
                • Executes dropped EXE
                PID:5796
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"taskbar-volume-control\"" "-DWH_MOD_VERSION=L\"1.2.1\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "x86_64-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\64\taskbar-volume-control_787936.dll" "-DWINVER=0x0602" "-lcomctl32" "-ldwmapi" "-lole32" "-lversion"
                  7⤵
                  • Executes dropped EXE
                  PID:4548
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple x86_64-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model pic -pic-level 2 -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"taskbar-volume-control\"" -D "WH_MOD_VERSION=L\"1.2.1\"" -D WINVER=0x0602 -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=seh -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-8859ec.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:5760
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pep --shared -Bdynamic -e DllMainCRTStartup --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\64\taskbar-volume-control_787936.dll" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-8859ec.o -lcomctl32 -ldwmapi -lole32 -lversion -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:5244
              • \??\c:\Program Files\Windhawk\windhawk.exe
                "c:\Program Files\Windhawk\windhawk.exe" -new-updates-found
                6⤵
                • Executes dropped EXE
                PID:1424
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"notepad-dark-mode\"" "-DWH_MOD_VERSION=L\"1.0\"" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target i686-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\32\notepad-dark-mode_326716.dll -lcomctl32 -lgdi32 -luxtheme
                6⤵
                • Executes dropped EXE
                PID:5336
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"notepad-dark-mode\"" "-DWH_MOD_VERSION=L\"1.0\"" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "i686-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\32\notepad-dark-mode_326716.dll" "-lcomctl32" "-lgdi32" "-luxtheme"
                  7⤵
                  • Executes dropped EXE
                  PID:5324
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple i686-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model static -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -target-cpu pentium4 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"notepad-dark-mode\"" -D "WH_MOD_VERSION=L\"1.0\"" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=dwarf -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-0d7215.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:3604
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pe --shared -Bdynamic -e _DllMainCRTStartup@12 --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\32\notepad-dark-mode_326716.dll" "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-0d7215.o -lcomctl32 -lgdi32 -luxtheme -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-i386.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-i386.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:2464
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"notepad-dark-mode\"" "-DWH_MOD_VERSION=L\"1.0\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target x86_64-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\64\notepad-dark-mode_326716.dll -lcomctl32 -lgdi32 -luxtheme
                6⤵
                • Executes dropped EXE
                PID:6100
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"notepad-dark-mode\"" "-DWH_MOD_VERSION=L\"1.0\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "x86_64-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\64\notepad-dark-mode_326716.dll" "-lcomctl32" "-lgdi32" "-luxtheme"
                  7⤵
                  • Executes dropped EXE
                  PID:6044
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple x86_64-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model pic -pic-level 2 -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"notepad-dark-mode\"" -D "WH_MOD_VERSION=L\"1.0\"" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=seh -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-b98162.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:5412
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pep --shared -Bdynamic -e DllMainCRTStartup --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\64\notepad-dark-mode_326716.dll" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-b98162.o -lcomctl32 -lgdi32 -luxtheme -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:5592
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"aerexplorer\"" "-DWH_MOD_VERSION=L\"1.6.2\"" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target i686-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\32\aerexplorer_850623.dll -lgdi32 -lcomctl32 -lole32 -loleaut32 -luxtheme -ldwmapi
                6⤵
                • Executes dropped EXE
                PID:5240
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"aerexplorer\"" "-DWH_MOD_VERSION=L\"1.6.2\"" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "i686-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\32\aerexplorer_850623.dll" "-lgdi32" "-lcomctl32" "-lole32" "-loleaut32" "-luxtheme" "-ldwmapi"
                  7⤵
                  • Executes dropped EXE
                  PID:1764
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple i686-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model static -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -target-cpu pentium4 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"aerexplorer\"" -D "WH_MOD_VERSION=L\"1.6.2\"" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=dwarf -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-5d35e6.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:5524
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pe --shared -Bdynamic -e _DllMainCRTStartup@12 --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\32\aerexplorer_850623.dll" "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/i686-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-5d35e6.o -lgdi32 -lcomctl32 -lole32 -loleaut32 -luxtheme -ldwmapi -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-i386.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-i386.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/i686-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:4980
              • \??\c:\Program Files\Windhawk\Compiler\bin\g++.exe
                "c:\Program Files\Windhawk\Compiler\bin\g++.exe" -std=c++20 -O2 -shared -DUNICODE -D_UNICODE -D__USE_MINGW_ANSI_STDIO=0 -DWH_MOD "-DWH_MOD_ID=L\"aerexplorer\"" "-DWH_MOD_VERSION=L\"1.6.2\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp -include windhawk_api.h -target x86_64-w64-mingw32 -o C:\ProgramData\Windhawk\Engine\Mods\64\aerexplorer_850623.dll -lgdi32 -lcomctl32 -lole32 -loleaut32 -luxtheme -ldwmapi
                6⤵
                • Executes dropped EXE
                PID:5468
                • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                  "c:\Program Files\Windhawk\Compiler\bin\clang-15" "--start-no-unused-arguments" "--driver-mode=g++" "-target" "i686-w64-mingw32" "-rtlib=compiler-rt" "-unwindlib=libunwind" "-stdlib=libc++" "-fuse-ld=lld" "--end-no-unused-arguments" "-std=c++20" "-O2" "-shared" "-DUNICODE" "-D_UNICODE" "-D__USE_MINGW_ANSI_STDIO=0" "-DWH_MOD" "-DWH_MOD_ID=L\"aerexplorer\"" "-DWH_MOD_VERSION=L\"1.6.2\"" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp" "-include" "windhawk_api.h" "-target" "x86_64-w64-mingw32" "-o" "C:\ProgramData\Windhawk\Engine\Mods\64\aerexplorer_850623.dll" "-lgdi32" "-lcomctl32" "-lole32" "-loleaut32" "-luxtheme" "-ldwmapi"
                  7⤵
                  • Executes dropped EXE
                  PID:4208
                  • \??\c:\Program Files\Windhawk\Compiler\bin\clang-15.exe
                    "c:/Program Files/Windhawk/Compiler/bin/clang-15.exe" -cc1 -triple x86_64-w64-windows-gnu -emit-obj --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name mod.wh.cpp -mrelocation-model pic -pic-level 2 -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -mms-bitfields -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb "-fcoverage-compilation-dir=c:/Program Files/Windhawk/Compiler" -resource-dir "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0" -include windhawk_api.h -D UNICODE -D _UNICODE -D __USE_MINGW_ANSI_STDIO=0 -D WH_MOD -D "WH_MOD_ID=L\"aerexplorer\"" -D "WH_MOD_VERSION=L\"1.6.2\"" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/include/c++/v1" -internal-isystem "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/usr/include" -internal-isystem "c:/Program Files/Windhawk/Compiler/include" -O2 -std=c++20 -fdeprecated-macro "-fdebug-compilation-dir=c:/Program Files/Windhawk/Compiler" -ferror-limit 19 -fno-use-cxa-atexit -fgnuc-version=4.2.1 -fno-implicit-modules -fcxx-exceptions -fexceptions -exception-model=seh -vectorize-loops -vectorize-slp -faddrsig -o C:/Users/Admin/AppData/Local/Temp/mod-eea662.o -x c++ "c:\ProgramData\Windhawk\EditorWorkspace\mod.wh.cpp"
                    8⤵
                    • Executes dropped EXE
                    PID:5760
                  • \??\c:\Program Files\Windhawk\Compiler\bin\ld.lld.exe
                    "c:/Program Files/Windhawk/Compiler/bin/ld.lld" -m i386pep --shared -Bdynamic -e DllMainCRTStartup --enable-auto-image-base -o "C:\ProgramData\Windhawk\Engine\Mods\64\aerexplorer_850623.dll" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/dllcrt2.o" "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtbegin.o" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib" "-Lc:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/sys-root/mingw/lib" "-Lc:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows" "c:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.lib" C:/Users/Admin/AppData/Local/Temp/mod-eea662.o -lgdi32 -lcomctl32 -lole32 -loleaut32 -luxtheme -ldwmapi -lc++ -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 "c:/Program Files/Windhawk/Compiler/lib/clang/15.0.0/lib/windows/libclang_rt.builtins-x86_64.a" -lunwind -lmoldname -lmingwex -lmsvcrt -lkernel32 "c:/Program Files/Windhawk/Compiler/x86_64-w64-mingw32/lib/crtend.o"
                    8⤵
                    • Executes dropped EXE
                    PID:6004
            • C:\Program Files\Windhawk\UI\VSCodium.exe
              "C:\Program Files\Windhawk\UI\VSCodium.exe" --type=renderer --user-data-dir="C:\ProgramData\Windhawk\UIData\user-data" --standard-schemes=vscode-webview,vscode-file --secure-schemes=vscode-webview,vscode-file --bypasscsp-schemes --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --streaming-schemes --app-user-model-id=RamenSoftware.Windhawk --app-path="C:\Program Files\Windhawk\UI\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI,WebAppWindowControlsOverlay --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1692,i,2571590118421965957,9437196900553787141,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --vscode-window-config=vscode:238f527e-9ea3-47f7-a3f2-b63c49ffcf78 /prefetch:1
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              PID:2008
            • C:\Program Files\Windhawk\UI\VSCodium.exe
              "C:\Program Files\Windhawk\UI\VSCodium.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --disable-gpu-sandbox --no-sandbox --user-data-dir="C:\ProgramData\Windhawk\UIData\user-data" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 --field-trial-handle=1692,i,2571590118421965957,9437196900553787141,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              5⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:644
      • C:\Windows\system32\mspaint.exe
        "C:\Windows\system32\mspaint.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:5588
      • C:\Windows\system32\mspaint.exe
        "C:\Windows\system32\mspaint.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:5428
      • C:\Windows\system32\notepad.exe
        "C:\Windows\system32\notepad.exe"
        2⤵
          PID:5880
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:3856
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Executes dropped EXE
        PID:4036
      • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
        "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
        1⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:4336
      • C:\Windows\system32\SppExtComObj.exe
        C:\Windows\system32\SppExtComObj.exe -Embedding
        1⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:396
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
        1⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:1084
      • C:\Windows\system32\backgroundTaskHost.exe
        "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca
        1⤵
          PID:3500
        • C:\Windows\system32\backgroundTaskHost.exe
          "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
          1⤵
            PID:4232
          • C:\Windows\system32\backgroundTaskHost.exe
            "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
            1⤵
            • Loads dropped DLL
            • Suspicious use of AdjustPrivilegeToken
            PID:3628
          • C:\Program Files\Windhawk\windhawk.exe
            "C:\Program Files\Windhawk\windhawk.exe" -service
            1⤵
            • Drops file in System32 directory
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies data under HKEY_USERS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3528
            • C:\Program Files\Windhawk\windhawk.exe
              "C:\Program Files\Windhawk\windhawk.exe" -tray-only
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              PID:1696
          • C:\Program Files\Windhawk\windhawk.exe
            "C:\Program Files\Windhawk\windhawk.exe" -check-for-updates
            1⤵
            • Executes dropped EXE
            PID:4804
          • C:\Windows\system32\backgroundTaskHost.exe
            "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
            1⤵
              PID:1624
            • C:\Windows\system32\BackgroundTaskHost.exe
              "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
              1⤵
                PID:748
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                1⤵
                  PID:5572
                • C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
                  "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
                  1⤵
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:5196

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Program Files\Windhawk\Compiler\i686-w64-mingw32\lib\gcrt2.o
                        Filesize

                        2KB

                        MD5

                        ff93944a841efe1477408994b6f8234a

                        SHA1

                        c0bdfecd04d522d5b9112ec957449814460f97a6

                        SHA256

                        994c01b2e3531aaef3214830e09b31dce770a4ec11f90757a0996dcc00ee5038

                        SHA512

                        09ca25c8f1b50e18c30d992c15cbd7866921cf29958bc73ce6770ab5241aa3b2949014f522bf74cdce7a27a3e230c38e18bcafa20e95bf610799135f977e099e

                        Download Submit

                      • C:\Program Files\Windhawk\Compiler\i686-w64-mingw32\lib\libd3dcompiler_35.a
                        Filesize

                        2KB

                        MD5

                        a6833e66680b7457352965a85482e126

                        SHA1

                        b67e69b6b16ec490b0804ac5b01a26073fb38f55

                        SHA256

                        18aa8cb29c35ca25ebf616aedc059371ea3cb481435662830a29d3ee3d1a0b78

                        SHA512

                        11697bf09a1cabd46c7dd0349b3c04859ef0c1028a51e438ead2ecf107d143e31ed144213a8927aed7d8d9a137b03be97592cb0f5f55fc1f2d4be31921c1e3ed

                        Download Submit

                      • C:\Program Files\Windhawk\Compiler\include\scardsrv.h
                        Filesize

                        238B

                        MD5

                        1f0d70d404140b0b980828d2d02345ce

                        SHA1

                        cc21371a235a392bd17807d6774c60e64ff5bb28

                        SHA256

                        a32207b286686ad5f42d72a5c96308b96c5cb5f42fb2a7deef01843e657c6035

                        SHA512

                        d1a5589be969b15e09379c630fd56849d2a57eb6d26068899753c7701c97ff695fefe63648749f2bc7526cd0fd8816970ecec00d5f476f84f9cb10c0e9a377a0

                        Download Submit

                      • C:\Program Files\Windhawk\Compiler\include\txctx.h
                        Filesize

                        237B

                        MD5

                        78e0d5a995d78a006930de3633bbd3be

                        SHA1

                        f58a7650dece31af5c4f3931981dc9bb2584c101

                        SHA256

                        255a11df990657af623e682c7c3a81274fbb4a80c10f1dc2280cb3ce4eb98cf4

                        SHA512

                        18a5f5166a12b157e5727e7e4187c1b9521530419fefbb355be693da8fa959a852a6b00eadf4d759c74931f7943ca3f08ce01ac7497a80892b79489aa1bf8b38

                        Download Submit

                      • C:\Program Files\Windhawk\Compiler\x86_64-w64-mingw32\lib\gcrt2.o
                        Filesize

                        2KB

                        MD5

                        35e5df5f5fe517b8f6ca6f19888f5ac4

                        SHA1

                        107abf0345010c284468e92549d6516c9a11a291

                        SHA256

                        a6118e52cf5c4e4a59467042179045cd735eb231f7e7025f80e16e60a6196806

                        SHA512

                        e09c605c597ab7aecbf2080f74d05994a65e7d21f91d114bdf276e84e6a76456888390cc9bad5ca42f161fc50bb3d0fb876f2b56251ed9808444b85b3341c50b

                        Download Submit

                      • C:\Program Files\Windhawk\Compiler\x86_64-w64-mingw32\lib\libd3dcompiler_35.a
                        Filesize

                        2KB

                        MD5

                        d2c085bda6edba7c0bc2611576a3eaa2

                        SHA1

                        0b82e1b3d5e9075d6411432b8838fd964b7a6b7f

                        SHA256

                        a836e2c842878a7df2351079edc9cbaa5a9dd14a2a1ca4ef042447d4a5446601

                        SHA512

                        dc9c5afb02d3a2cab3028f086b822738c39c366358bcf12a1780e5be14eb55c865ef6348e59e94f4896c3fe5db383c5bb83009dbe2bdbf7fd65701cceed87567

                        Download Submit

                      • C:\Program Files\Windhawk\Engine\1.4.1\32\windhawk.dll
                        Filesize

                        827KB

                        MD5

                        9ed15db532505cd840f16c5a2688a394

                        SHA1

                        d51dac575b5949fa3f937deceb8119f9911ca63d

                        SHA256

                        a8cb27e2c7cb640128100f41c2c3b2498fdbe87ad5ebcd984601b9c4c8c21a8d

                        SHA512

                        578644f1abf9f8ce8dad061a7353675ab788d069024c54c220dedd2380b89045d9e0ce609e05ae559e38625fa443428b8eb409cfcc193759c991cee9792849e5

                        Download Submit

                      • C:\Program Files\Windhawk\Engine\1.4.1\64\windhawk.dll
                        Filesize

                        902KB

                        MD5

                        43393d930d46d95c23747e9c5cc2db56

                        SHA1

                        c902e449859b0443c5eb83cff382e141d8eebd08

                        SHA256

                        55845ab1e8684f8fcf452f5f0606a466eb38d574d489432ec19c90b757b9c90e

                        SHA512

                        0c40717cfb60bd4b97f33823d83cdc9904a2e6cb35200e80584fc63d7177d8170e67019aed8ee68f3c8d310ac57300aa93c22f2166a43e8bacdfceaa4055e504

                        Download Submit

                      • C:\Program Files\Windhawk\Engine\1.4.1\engine.ini
                        Filesize

                        224B

                        MD5

                        8ab713faf7a25a288e92a46bd4f5576b

                        SHA1

                        26f032e7b074a788ed91df1777b1e82f3411198b

                        SHA256

                        63f6c638bbd1f0bd8852dd6460d40561c13b103b9e70d4b3c53d0b671162708f

                        SHA512

                        3c8bfa0f2a1b0c1518badb21c856013fb940320a4d2b13d667ad4807f5ac112af6e07155b354fde1100dee90efcbad014b896e1419766ee6bd1a2201ec12d7d3

                        Download Submit

                      • C:\Program Files\Windhawk\UI\resources\app\extensions\markdown-language-features\dist\extension.js.LICENSE.txt
                        Filesize

                        5KB

                        MD5

                        1ec85b4d25937dcbeff1c35b7fa5c6bc

                        SHA1

                        e782b747b88450957391619b376abf98f11f7aa3

                        SHA256

                        38ee4192b4a1f7da0535d4f2bd219ab5b108b1d3b6b9871ca00c762464b60701

                        SHA512

                        95ded5456a7ce6fb3af391bc859cfb1d964e718d3540cc29c5f1288550f109fc12dbbcf9ffff923cd486f23bd90d5f2020e7d580724fe445480be09a1f173573

                        Download Submit

                      • C:\Program Files\Windhawk\UI\resources\app\out\vs\code\electron-sandbox\processExplorer\processExplorer.js
                        Filesize

                        42KB

                        MD5

                        fc848a0f835f1bdd835ea2efd680cca0

                        SHA1

                        751ba7ee0e9740557981b670502b10a8ca38f41b

                        SHA256

                        b5e31fcdc54694d52b1955c2d57134bbd8b0f9f0b2ce28de5b9a9b92eaab19a4

                        SHA512

                        03bc050c287d7948d350fff8ba25d3e75903fe27b2f89faba3b7d40487b2e70c93bf50c39c61cbab3a8d54d5221c85a1cc50d1c5443b5e80e8e3fba91ba73607

                        Download Submit

                      • C:\Program Files\Windhawk\UI\resources\app\out\vs\workbench\browser\parts\editor\media\letterpress-hcLight.svg
                        Filesize

                        4KB

                        MD5

                        70ab425ac6de0c114b7b57b180a73219

                        SHA1

                        e8612a2c34c219d543f79486e1c5c10d581f084d

                        SHA256

                        0602eb49509d57434b724afed57b1f2dcbb8b78a731e38ed8eb61aaf75c6397b

                        SHA512

                        ee762d3656cb2851d3cf116c1dcdd2b58dedfece1784166bd27741e4f6ca52dcfa6599436bc7a060fdcc149aa71802d1163b9f90a7bc789eebc8bebaeaed4453

                        Download Submit

                      • C:\Program Files\Windhawk\windhawk.exe
                        Filesize

                        757KB

                        MD5

                        ad1ffb2ced928470c112c7d649a0f32f

                        SHA1

                        28b7995eae287c2ae19c88eec977e3b2ae3b9f54

                        SHA256

                        869a348a365448a6b334240359e9289c42085d92bba1c50ca388406e904e4073

                        SHA512

                        ed478cf7b9829ea3908476216a39c984ef45e94cbb8d8e9614b277ba0b1dece70e5b70eac608de279046d62c18735875ec1a5ce9a1043cd7830d5e7646e9c7e1

                        Download Submit

                      • C:\Program Files\Windhawk\windhawk.ini
                        Filesize

                        314B

                        MD5

                        3315d8aa4316fdb9992fa1c5273092b8

                        SHA1

                        c7a71cde1eb367e904cf7a3a1fbded068ed6d911

                        SHA256

                        bab5fca010236376d15d543d3f051ec9fe683969a382927fab91723d7af7647e

                        SHA512

                        f4963f8fd6725fc51644b6415804f7d7dea49bf298c04aa47ae0da01b39b9caf1bd643afff599e8a9dee6ed823d32daa3ca3edb1ce1e3ca44d2235af78f777a7

                        Download Submit

                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windhawk.lnk
                        Filesize

                        1KB

                        MD5

                        f64cfc08e2f5f70e8684b00c7ce1a633

                        SHA1

                        5347dce43ce4a410432258fea2a756807664d767

                        SHA256

                        1598814409747bd3a34beb85d466bb2a0080657477bd7b8d39ae5556daa2685a

                        SHA512

                        f8215e0b91dc07557d73ac8059265081fb4310e94dd1e364702ec1bf914871767f7dabf3013b14a659836b8901363a2452233add5fc2f575981b24f23e61ce53

                        Download Submit

                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windhawk.lnk~RFe58487e.TMP
                        Filesize

                        1KB

                        MD5

                        e58c9bde7f3cf0be4db926a671b56eca

                        SHA1

                        d01ee326af70483241906a9b39f55f29a9fb454c

                        SHA256

                        020b82b6132930ef0c37a703172ad639b967388cb596d1909f22ebae8e882d7a

                        SHA512

                        a52c2cc9173b1683942e3d120009e43e59270d2d8f460fc07e65c1fe1071aec7742b2c42e95b955e4d94d792b834570af91e27b375fb4576a2adf6bff3b8eafb

                        Download Submit

                      • C:\ProgramData\Windhawk\EditorWorkspace\.vscode\settings.json
                        Filesize

                        2B

                        MD5

                        99914b932bd37a50b983c5e7c90ae93b

                        SHA1

                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                        SHA256

                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                        SHA512

                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                        Download Submit

                      • C:\ProgramData\Windhawk\EditorWorkspace\.vscode\settings.json
                        Filesize

                        132B

                        MD5

                        dba8585757015ec118827534ea6b9a93

                        SHA1

                        0caa2c4753afd6e61e5aafe74f2e3e75671c2e8e

                        SHA256

                        212bf7f1772994c8399eaacee875d378e3ac263e6a4950d117666a4f1dce4f08

                        SHA512

                        bcc5263c683b149f8c0f7f638c5cfff6e18d39ca83685998b28c43e864020de124047061f614c630e278157b28fe8e4eebbbf673e0493f904adafa506ca11ce7

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        108B

                        MD5

                        7f7b86a019ccbc087201e96422608bbe

                        SHA1

                        75a1ed90d2318ac5dc57aed233c6c15d281d2582

                        SHA256

                        2a4e316b215ec9912f8a60987775a93ce7769c938a232159246fe8c741b16ce7

                        SHA512

                        b5f987061d349158e5fe57a473402812e3808d74f59338b7f07b81713189622fc30eb20528072bce2dd6ac99831b114d382ed2b11280123b164e9e8cbcf32d14

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        108B

                        MD5

                        c39b3f20b20b7c574984d413ff212c96

                        SHA1

                        5efad248485ada7710e9e97a9b064b38ea39a05a

                        SHA256

                        e9f32ddb61fc2bfeb8eb8460621a4ae3606c5a0715c2161fc86348cad6f7de1a

                        SHA512

                        23ed4addcff60b0b616472ad0ee2ce20c31f1ebb545dd5605d9ddf6bd2b2189a28a1dd542b475be3a760853582622807b748ba98095d0b743c9eed42947b9d36

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        5a31d8bc29a2e465818ec11fc23c973d

                        SHA1

                        4bd5ff36a9ad7b57f1e19f4aa00d4364900b4b8c

                        SHA256

                        7d5ea6f4924de99ae8c519ea9bfd6f789007751c026fcbec3a542d85a82a8784

                        SHA512

                        92273c326cd8803bd3d1eeebb4ec32eeff365b4280ec4ee0967787f819d37aaf985955de3d5415d94d6b24383286ac043a456de687f5bd263d767d631fb907b0

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        a89125bad958f444d8269a9fb744ed4a

                        SHA1

                        0a1465c9b80d5925c76b7aa2d07bf5f7b6514d12

                        SHA256

                        9a79ad5b285065a9c53db9fdb74b1d38c38b44893f91370425b6acc741f8b560

                        SHA512

                        f03f4cb54db7b7e5cd9c547ff045f5f2e44e8bad46b488dfcf5cdc28bcc4b23c21a5e5369a72aec1323de653231ad45d39f34e33c74839ed35c9b4ccdd1c07ca

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        8b94e92ccb792b16c9efbbc46f540386

                        SHA1

                        361196f94c9c74121175264b5bb18563ec18733d

                        SHA256

                        72b59031a51b6b7f80a155477ac79b0f7473d332a22ffaaeffa9516f98a98321

                        SHA512

                        bba1862d5d3b914fccdc60d4424f7e0a8bcf14b9e2a44ec0303d063efbff53bac5e5177c1cd146cf4b685c6a74ee9ee05f44b908f1d1c2366b51806adc5659cd

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        5c7b82dc8b3b43e3e525890f3bc855f7

                        SHA1

                        68e8a26278510f141dbad77dbbd2547b11fe8380

                        SHA256

                        d9b0d607ade6256bbd1520004413025fe4750c42d5cc1a430973bdabadee1e82

                        SHA512

                        bce05845ec9c02d13ce17f890d34535c79192f2e0d667f32614622b578b5920e13d582e528cc1fdaa38acbe077cf618957a52fab911171bc909bb1b3559bb6b1

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        f0072aba235d6fceaa037bfa7a1efe78

                        SHA1

                        f0b517ef7a27fcfaa2b96989c50a00749cd4b8e6

                        SHA256

                        dd1cbe52f065b3effbf8d38dd49c62664bb222488e8195e6c5c8a52f12d0d5c3

                        SHA512

                        e1dde1c39ff0ea559dbd37235856ce12c690d472f5baf1bd5d028dcbc23b1f8378feed26b9df0082dbd8866dba18ebbe5d6fe3c358a0ab1286b77bb08215a8d5

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        30d75591abaf8cf3abd9080d7cea5c69

                        SHA1

                        e465c1c09b6688a02d9206e21919bdb6a2888759

                        SHA256

                        dfac6b5bea886e4b589c147495efdf502e990e2b0edfae4ca447c10253125956

                        SHA512

                        72f13eab789d6f7c16be9209d915cebba7619f5b95f0857cc7f2521f2c32f0924a5723b3aafb04ccf6135f560a768b2d98f1186fe412f7abbe2170106b494b66

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        0ce19685c97295af4cecdffb2fcb7327

                        SHA1

                        3fec659383c6fdbcec25c7b9893bda8d7abd28df

                        SHA256

                        f582cce0fd24c1e9e089dcf88257fb9ead69b0c3a64485935e86daaaff248213

                        SHA512

                        0812bdb8a3b53052286fdf64f68e25a51d5eaf617aceed368595eca77c949f7b2c2a06286f684ed0b24974893b82edfcfa495a04f5f5da49d3e988d250cc68c1

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        af2ef49f365fccdcba89efaf28737b32

                        SHA1

                        10d3d9236a96767d233ef56ac7bf698e09ae545c

                        SHA256

                        722dba727e7021f0d1912185c2029d05892ab038f72aa7d8b312482e97fac0f9

                        SHA512

                        c57caac5cd15e80856a323c104273e8b462642ed64e2e56a54806c95c4e2ed84ca56c1b93e713fe76e45d398127cac66887fa98e19cd8137355c645d1bdcd288

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        05c69c9d28f13e24d14d20c0ae0ce6cb

                        SHA1

                        3bf83eb859b47b10a0db6a76501632e73147be72

                        SHA256

                        56f3927e1707b46aaee57bf491f15f30b126e016605bb300b5bbd1526bd4a972

                        SHA512

                        9c1728054dcab4f565ad513c0e70b4283ac50b4a73f0815c163cbc4519b6a69125755c72beb73ccc5c7f6e5cd285dc06e6e74b171129ef10b7aa4140af7069fd

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        9ac87162182ac26d3d7f68ec452f86ae

                        SHA1

                        e23e1131fe8451a7905d0b27bc288901fddf4f1e

                        SHA256

                        761f4bb1971257d54db33fbf8598b658f331efd711b20740ad32e15a4f98d955

                        SHA512

                        2accb26b0abcc605d20db4d7dd775afa1650a35693892c9b8b804b95b9719b94ef9bd1d25eddddca552b7bac11b91599e11d4ef7c37acd78ee18e5f31132c266

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        d06d73cb207afd57a0d089d69f956e2b

                        SHA1

                        eb65ecfb13f7fe9c4d70ed442a83e20fd52eccf2

                        SHA256

                        3904df8c24e107877e1acd171b79dfe8417d53db63c276d9331ac4545128000f

                        SHA512

                        ab188a725d4ffe50f2ad1d3a8366dc9f6c4f3080877d7cead1366cd86462999abc5fa00c783776a3faea542518fb7324efb305f0275a38e6a0f9840b80b104c3

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        8c0bb26a50b588dd19bc6db0c031dcc2

                        SHA1

                        b220355dc0f2ee14f0b8352aaf5a1f4f239727c1

                        SHA256

                        9caf06841a5b30dfce97a120b8029575d6f201bdf8402baaa2fc64b492b7c4dd

                        SHA512

                        93fad1710177c8251173d1334747fa15783494030f7824456b742a6f8947cd16cbc53dde3e531151149e9173f4de417403868dfa5ab50ce0f51d62839ad2d6e8

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        a14a2e47d068efa4d434bd3abf80ff83

                        SHA1

                        c5db5bfdd6c5ac0aafee26ac133a74fd44e05578

                        SHA256

                        b4a6cf9d029c9efd1d975f9513a8eebbb56e2ae5c54fdc405995ca5485150d39

                        SHA512

                        e03eecd8657c499e40f8205ce10e41d946f90df13a4d01f89323beac8e38ed16941afa1f4a1553795bf635ff8637f014ef571ffd6338da18972fc18048f350a0

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        e0967a333c73832570d99f57daa27664

                        SHA1

                        c5fa5dd679b272e60535ba1ee53978146c97f64d

                        SHA256

                        eb1dab883c3fee7f29678c5ed8363fc99769ac9bc2cf6a19eed9048ebde408c2

                        SHA512

                        bfc8f4316a165f1ed06ef643450b0a44110ed923582806605267d102e2529e179009d7929021ad73adcbeb2ad0da87e9836978bb8be3f0230b60a8dfdab217e0

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        9697494c9e54e3c6a60c9947fecfd2d2

                        SHA1

                        e5135f30c55a9e2a1d40c0d85025ae3318f16d06

                        SHA256

                        5029099397ba90b3c6f84ca95201f484deae54853b91868d4ba634c2be6cccd1

                        SHA512

                        026ec874240909fa0243d46662c528dd5cf7799469b44b849997bf3ea258b8865c6f1639e1e620b1cd65bb932eaa6db6c23ac33283e181d306ea142e5cf5cdf2

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        7d181509719b20b6f2efe72130a7cbd1

                        SHA1

                        0d3b4a219efabd8de40258b406135ac0e58531fb

                        SHA256

                        90d5f8132749423dd4e9488094efbdfe05d79b91fc70585f9b7ba22bfe9bb28d

                        SHA512

                        ba46ac90f0a559fdeb8d234287c48e2f30d2e148f5586e12266b51444dd3fe3c2907734e3d0b8d7ab6bc7bbc5e5488d55243b7e0cb925a7790a0f687e736eda4

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        bc7c0f07b8e19ed6ba28713eb11348e6

                        SHA1

                        3a905663489267fbd5012cd8aea5cd66b716bdad

                        SHA256

                        d496fcc2ada2c6fdda345258364ab1013eddd7996659941fdacee30308e1431f

                        SHA512

                        50140c48c3cec51e2e5c84cce6f3d2a2a8a55535b193218694a890884802d9af4c08eabf99ba8c7f2c9820d24fa757cd74a68d269c8842a4b34b94c1115e62b4

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\ModsWritable\mod-task\3528_133654798660695485_1696_aerexplorer
                        Filesize

                        110B

                        MD5

                        d63b7d359f832fd0fa6bcea431366923

                        SHA1

                        ed22a7ad344b6c8cba3aa49f5f8115f9aa6574aa

                        SHA256

                        ff5338c22fcfcfedecb7ab0c412209778acc333acca6b4057375aef63700fcdb

                        SHA512

                        b1c15029d6061f594c84682c51d5907f4635ba7c4ba443026d9eac38faf768f139016759f080e467052310c57cf9345b26fcad680279f0f12306b64daa59a15f

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\32\libc++.dll
                        Filesize

                        1.9MB

                        MD5

                        12895c78255e9897e1f8d05ca1a607af

                        SHA1

                        1a1817cd44bd28bd855bd9b483726664be62a421

                        SHA256

                        b4f96711ca684218b3837855cadbbeafac7dd808e57b5452542a1e579fd9ad55

                        SHA512

                        1606cb08d53120db30e7f741929aa4c096c7b4b92c872cf99fc1f41095d0a6ef97c319a09a540bf9979f160a023278b81b4da53b82dd78d78ae81445ab274eb5

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\32\libclang_rt.asan_dynamic-i386.dll
                        Filesize

                        1.1MB

                        MD5

                        d09761bf6c9b3c52b4a48cc01a8ac63e

                        SHA1

                        040ac40fba87200a429b5583bb37550047159d51

                        SHA256

                        d30f27b22088daf4ff124ac0a7a23445039e15d366276754909c985434b0f815

                        SHA512

                        ab4d263d12092b2907c7b9dfbc4b1bb9f5131b16cffb68cdc9416cacdeda991abaf98fa8b7830949d451d080fb1e017f462f9bf6afd047c46543a781a3042f5a

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\32\libomp.dll
                        Filesize

                        1000KB

                        MD5

                        2346184dc9fb1014c5983c1906d21250

                        SHA1

                        0ae553bfd631b736fea49043ad9a5790981fca9d

                        SHA256

                        e32742ad943e6bc0e9330ff39dcac0a492a3fc0e2e97bec6424623dbcf6d38e6

                        SHA512

                        345b79f57d18de6b79c87938a0d7b224b3380f5d44c4b15f3b7fa295a41f7ab959b9dbf2d938827053a936321c4f99e4a779f88c177a14436037d1692e0ab7da

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\32\libssp-0.dll
                        Filesize

                        153KB

                        MD5

                        7d6b4c6840411d3e57754144d87df316

                        SHA1

                        1d838e79264106970679099e853f6ed0a42c9697

                        SHA256

                        e7fac33a436817864c30a291443fc5b5a1632657b20514d91bf84aba2e1894f5

                        SHA512

                        2748c099421afa4e060276590f7e034df28091ef7e8b9d036a828ab18d4206345bbfdd102f1bfec28051bb7fc03977326f182924019e9785e58ac61a52293f0f

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\32\libunwind.dll
                        Filesize

                        203KB

                        MD5

                        00c0939082d976c96c69609b56144e0f

                        SHA1

                        4f0dbae84b891e5217d16100554e14cb8b9469b6

                        SHA256

                        d4193b86045a77e108c972a28d68470281772bccd00078f0d6449b5426f29443

                        SHA512

                        729d5b2eaf0594848db23e89511f1df9cc245bed241b4b66311c8caba5d96c4edd8ec9f0b0c323d783678a094ef0776c1f8e3d8df6f359fd87f0bd9883ec848a

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\32\libwinpthread-1.dll
                        Filesize

                        274KB

                        MD5

                        4900bb01feec424b154fbe1b286092be

                        SHA1

                        885c1cdc0b5aeab1c26d049ccb6e14990371eac4

                        SHA256

                        53a1be3dbc11fd9d75e3cd5cc9a1f6f35cde99b1a6c6c71f9645a3be4a408022

                        SHA512

                        5d437a2401afa9e399006aedb36a838ddc49ca445e45febfe5a5019722a162bf9b5b0820ac0fe42e4c2fafd693ad3a10da9e3c2b7642482fcb1b30365f19b7f5

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\64\libclang_rt.asan_dynamic-x86_64.dll
                        Filesize

                        1.2MB

                        MD5

                        1d582c003873e6539ee78ee42477323f

                        SHA1

                        2737c1b1edee0f1b33ae9f06554e4667c7425352

                        SHA256

                        cb3a4e0de6df21e15df46afa429a74745bb046125b2379be0ee10eea2552561a

                        SHA512

                        5e50ecea9115c146e75b0d46b767fe512491c9dd361037db7b8118fbf13ccdf8e6266abc06d647dfdaabc72eb0e50edaf883bdc6b23d5a6ada68c66852254679

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\64\libomp.dll
                        Filesize

                        1.1MB

                        MD5

                        b5e973e2fb3b928edddd2cf59dd133a9

                        SHA1

                        dfc190e0c39c5c09f8429d4b2633a06f489a5b38

                        SHA256

                        a015f3b7f5ced32ec229f293a74baee48e5177e27fd32727de2a38a2a0649468

                        SHA512

                        d0d6fd83f7eefdbc0e3bbd64b32595894f2c3497074511cca9be550adafaf113370713659d8b99c328ab8f8fde04d8cc08918131be7448ee0f62c470660d0929

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\64\libssp-0.dll
                        Filesize

                        182KB

                        MD5

                        7786add873b606d7d1685e6abcf48985

                        SHA1

                        99a8526d6c6cf1675be3d6a168ababa4b0fe97c9

                        SHA256

                        8458b1f9604307fd5976c125cf1ec36f3327bdfc41b654f7b1b24cb2f2d89fa3

                        SHA512

                        1f9c9c2aa6ac6cfbc0143d038d3dcbb674521ce74ffa96d3e3e0d21d2a5130e35e579f789a0ad142749263a08fde0f7a7d46603254d6492600c0515f19f08d50

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Mods\64\libwinpthread-1.dll
                        Filesize

                        334KB

                        MD5

                        bbe3ba8a860132f8fe5a249dca18f6dc

                        SHA1

                        1b9a41c80248f4d7ffbedcc30f3fb7fdc2b0a096

                        SHA256

                        0015868dd10a986d5ed3c2d39d64fbeb7ed9e37e1926d041a339896747d0e239

                        SHA512

                        d8d0214864fed54c3acc864d7cb0bf1ace600a2406976bfd2b64f8b5753487841212b3b5d72856fde44e819fe86d526b6a806ab5a35a95e468ee3004bd6dc5fb

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Symbols\ExplorerFrame.pdb\222FFC35639D0D916A45E900D06CA1891\download7939F0A2A39D45DC8684913C1D45DE1C.error
                        Filesize

                        3.2MB

                        MD5

                        be8ea74c2a51e8bbdb09f05eeaf579db

                        SHA1

                        421a09d28f102352a3f64690043718a247126b77

                        SHA256

                        614871077164b0e7601e46b065838e50a6cf08e966ea3487af937a77200f4b1f

                        SHA512

                        35770900c42bf259a7af2f3f000bfde27adc8b8910ab9cc09dda1a19a382b53727c3bfae9e7186439db8b7a64e577021fb7f39fe97ec7ecedb4739458d81b783

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Symbols\ExplorerFrame.pdb\BBB459196F3D326F69479D7539C64F9D1\download3F0CE97EF027456CBAB7D7A16E18119F.error
                        Filesize

                        3.6MB

                        MD5

                        1247c5a99fa7c7ed7865677b8cb19910

                        SHA1

                        6a70a7296956c87a688a8d5fdcc3b681fc996a8b

                        SHA256

                        58dc9e759bb069ec43c7d81c125e72770795db6f1e2836abe37f98b1d22752bb

                        SHA512

                        691c28f5232acd314d13aa3d9f7960b3698ca533e1bc34fe4656ee9df887de2617bcee0f34c0a7475ff578751f4c19f4273a5b3dfa79c3e1cbc4646ccd083fa1

                        Download Submit

                      • C:\ProgramData\Windhawk\Engine\Symbols\shell32.pdb\E966F5B825A6CD23E8E58F234298F7251\download401B5A5B8BED43D9B8082ADD2C64F877.error
                        Filesize

                        10.1MB

                        MD5

                        437f6c1acfd0a4147d5a7e10e4736861

                        SHA1

                        341589e047a42e46d79cd9c1c75b7289a7e20359

                        SHA256

                        e47cc754616039b633b50c763030d3cd424eb1660c6b60f683acb786fa9d6da7

                        SHA512

                        5c0220936700e6ecc324f0da2d530027651df040534e9fb45ec7b868c3ba7b5195292d77099bc1c58e244ef899e4458ba5c7108a632a5eb4d68ff58269fbc138

                        Download Submit

                      • C:\ProgramData\Windhawk\ModsSource\mspaint-dark.wh.cpp
                        Filesize

                        1KB

                        MD5

                        aefbedada6c8cd5417768c8e99c7d1a2

                        SHA1

                        9cf60252cdbeccb0ba02eb0b293c088e39c180be

                        SHA256

                        c42a4d2acd1f974f21005eef7232566e41e69e987a437b626d53c564402b5ab3

                        SHA512

                        669157c54b0a44ce6a003c62df96e7b26bb7f7c43437b774ee3eb06d8e7d5eb49a3249ce7c1da6bac9a74570c85e62bc472bfd459645327c5c4cdaaf5017a2cc

                        Download Submit

                      • C:\ProgramData\Windhawk\ModsSource\taskbar-volume-control.wh.cpp
                        Filesize

                        63KB

                        MD5

                        fa1c00f4835fe7b21cb9e8e0c3dc27aa

                        SHA1

                        ca2f13d0dc2b87f4cad41121271cccf5a6dbeb02

                        SHA256

                        414a1cd02bd766f17efca4174acf8e3dec14afd639b5c84d6519297b03f06a4c

                        SHA512

                        701e3cac9072a898cb6519b31db22e69358939b8d56925ac8677a15d52117e886832d0dc76ecd293d8b772d08321159cef3721a5e135c3b3107dd141da8884ff

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\argv.json
                        Filesize

                        799B

                        MD5

                        e4a415de71362d7e8a60d23bdc1cfc9f

                        SHA1

                        928ad421ad69e68ac62af0d2f2579c049a8a1aeb

                        SHA256

                        338cda3fe11eda0af8b01066c44f95448461e663e13cafb22c579498117ae43f

                        SHA512

                        942183681bc29ced1a8d95169d0d74d80a2b2f636c8debd4f36547af8a04c7f4a3a7bed1c44e43d46e6061e48ce807746da6bec3ffb9e4aa126bd580b23c67de

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\extensions\extensions.json
                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\Network Persistent State
                        Filesize

                        456B

                        MD5

                        6411fad55b7a12f1935d147fb49d081e

                        SHA1

                        6bf5199c96b3159b18a32e010aa61499e1519649

                        SHA256

                        cbcd8a68da3edcb08261ac75c6cc0b5dc6c8a0bc45ffff9e14c6aacea68923ee

                        SHA512

                        ce1b065121c7e6a610c523dab52c359f4904c2f3b27e0b36f0b8b0e27b17a2fabeea5ffb8e1a6edea3b72e3437f981ce29d7ca1b0fa6ade19af4d3335a0a90c5

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\Network Persistent State
                        Filesize

                        539B

                        MD5

                        2855349145975baebbebd10c8f96be00

                        SHA1

                        3e2f7ac7bcbe51bd310423e20f02582c6ca621ea

                        SHA256

                        43c3edbb56959d2f9ccee2e0c88492e90bc979f0635dd1c250bce3e125a937dc

                        SHA512

                        fa86a4e899801fa5a31cf8f991af818eba52c5247453267fbcda89627819d5afa6605e0615b73c3f7eca272783eee0bf8a3f2eb13da117d5c0e93caab5426b43

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\Network Persistent State~RFe597ecb.TMP
                        Filesize

                        59B

                        MD5

                        2800881c775077e1c4b6e06bf4676de4

                        SHA1

                        2873631068c8b3b9495638c865915be822442c8b

                        SHA256

                        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                        SHA512

                        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\TransportSecurity
                        Filesize

                        367B

                        MD5

                        876a75367e0c27137a655cb8c7fadd80

                        SHA1

                        7d5d3a40c1e6aab504fbf39e1d2f00a9db1b1b8f

                        SHA256

                        1d1931b21aa1bcede369e07773195dc06736100faa819a8c3efd90f51e41f2a7

                        SHA512

                        bbd3bc0856c4104cd1e2d0bb169491b6eea48fcdc3121c370b39822d0c337b139ca7da82daede14f98340bfe2d6ddc01851429fc64ee6072562b6cb3cd80b145

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\TransportSecurity
                        Filesize

                        539B

                        MD5

                        ba63c0ba4580e681b93ea586499095bb

                        SHA1

                        5ff24371769412d5a1e44d70de4bc94d3775eb2d

                        SHA256

                        995d5405ff5f2548698144e3d9cd0ed1ef3fcc5f992f78a4e7800e20b38975a1

                        SHA512

                        1834861b711b28907adc58623e63e624a82ff86b87c30739ebc00313fd799fc8cf57fa0105fc46a000453841b04f259e28eeb97e995444be1c173cc616517421

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\TransportSecurity
                        Filesize

                        369B

                        MD5

                        9c01b723f8baaa781020e8611fff3aec

                        SHA1

                        385f9d395094378ec8506067a347c0d521eff1ee

                        SHA256

                        053dc7ba300aefbc87571726e073e2eab41f0a6c837fa0e017d98a602d8f02bf

                        SHA512

                        003dfa4fb397e7e5ed750d970354f048ecc06aa867c8624407e29bcbc47984cd8934b5a7bc6d2bf12d1b0d231046a6b578861374bf5f2277c2b2e500b847d354

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Network\TransportSecurity~RFe59572e.TMP
                        Filesize

                        367B

                        MD5

                        725b00301d1dfa0205d7094a3990dea6

                        SHA1

                        7217ca46868d0fef793224a27bd44fda53f07734

                        SHA256

                        dafea4f39a76e76a8b9e906c894e54a6694fe914d9f27311d243d561b8dcf76d

                        SHA512

                        433f227b4c49e32db6cfbc31008cfa8a0a0c94efb3c12c90739991bcc00435c7730c43e33938aa89f74a4c49fb3e65a1876d88dfe2d4626b28e1da5dccc5d5b2

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\CacheStorage\cc0ec67c5933fe13fdc82598cf7dd031a257daf9\400cf481-baaa-496a-a3e9-30c1c3f8209d\index-dir\the-real-index
                        Filesize

                        216B

                        MD5

                        6b4bb4f2791747e01497d994523d3eef

                        SHA1

                        0a507241184c23a6820a20c65b1afd92b0b77c6b

                        SHA256

                        2fd017ad61f0b3da194874789997e873ab833c0ef0b5054c0a74635cd167c454

                        SHA512

                        c892b0af122f39cd995f379918357e32a5fb4cb4d8e97b635ac21d4ead95cbfcef1219ce4a3108a413e459dbb2d1900189e57944096ad4f6f56769e4b440cff2

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\CacheStorage\cc0ec67c5933fe13fdc82598cf7dd031a257daf9\400cf481-baaa-496a-a3e9-30c1c3f8209d\index-dir\the-real-index~RFe58b8ac.TMP
                        Filesize

                        48B

                        MD5

                        3b4eb037fb6f075c0103f1d5a4bd9bc8

                        SHA1

                        7ae122f49ee3afea9f53d07738b14a4977c878bf

                        SHA256

                        61e910d45a32185380522e7db7c6feb2c905ac8813a326c95ee3846f0c0def6c

                        SHA512

                        e44bc5768438cd0fd5cdc0a255ca4f4f15bb0483e70db12c6c8bc218727248a705f72bf685ae136f32e5af1dc3fa410b38d7a05b03b8fdf5479d0494132cf8ef

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\CacheStorage\cc0ec67c5933fe13fdc82598cf7dd031a257daf9\index.txt
                        Filesize

                        146B

                        MD5

                        9279d6e884455c7c08109cc89a70bcbd

                        SHA1

                        dabd5ad61b2f632ab720c2da04475fd81a637c29

                        SHA256

                        ec67fb345ea7341b7d19c606eb85e9f39bf2ee2b63587d847a8dde8015f01b7c

                        SHA512

                        f8189a67b9f31f4f439a59aaf8a51befb2ba1c8f028ad9b9b6130993d12de9eb45e3f15e90ab97f90301a1991caf54bc1cc51014a655a82d95246507927fbe66

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\CacheStorage\cc0ec67c5933fe13fdc82598cf7dd031a257daf9\index.txt~RFe58b8db.TMP
                        Filesize

                        150B

                        MD5

                        b9634c2c62d12f8b72a977c589ab912d

                        SHA1

                        608a9aec627111829a17631e48fbe7d8e4f4a9e4

                        SHA256

                        bee6ba8562f8b5da04910577db4e17c15a0c2abaffe97ac803fb8ec7ce45dfca

                        SHA512

                        c012298c93e87799899a0f9e22b37d524b2da3f50bd2426cb5c62b49c5e83da8b505a192dd117bc408c39f8af4f977b3339e5ad75df31cc2779e366301858435

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\Database\CURRENT
                        Filesize

                        16B

                        MD5

                        46295cac801e5d4857d09837238a6394

                        SHA1

                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                        SHA256

                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                        SHA512

                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\ScriptCache\2cc80dabc69f58b6_0
                        Filesize

                        5KB

                        MD5

                        2c384cba8ff0beef6b0d467cd3a1b1b2

                        SHA1

                        f16a1ae336082334ea7d536f88f3541738912591

                        SHA256

                        3e229687e37450ebb85b3ecd9ee3d0890f9e6eea0eed4ac2ee8c1484e4b977ae

                        SHA512

                        ed684b4eeea09c40cc617d0d375dabeaeddd48d3f2631869c881603e5b37802936c31593e028302a5eb050733a4476e3daa02ec7ea995e8823d44cffdc546bf8

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\ScriptCache\index
                        Filesize

                        24B

                        MD5

                        54cb446f628b2ea4a5bce5769910512e

                        SHA1

                        c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                        SHA256

                        fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                        SHA512

                        8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\ScriptCache\index-dir\the-real-index
                        Filesize

                        72B

                        MD5

                        232600d2282566fafb4b226c0dea4703

                        SHA1

                        af4360bec2ab1d7e45fccf24772724cb85c2b674

                        SHA256

                        a6168245b4a889ccd2841918d929ffb41736212a9e394365f3b12247822f5132

                        SHA512

                        ad0add8e16ceb984b788202dd984aedd1e6e1690d128f30c9723d9f621600e70d17695f8320c29929ba7e9b34ecb7bdd0c598b2466c19b80dd212e4a652ddfb3

                        Download Submit

                      • C:\ProgramData\Windhawk\UIData\user-data\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b39b.TMP
                        Filesize

                        72B

                        MD5

                        324060f790c4514ed9a66180fd4a6284

                        SHA1

                        a5843914f6c46c59b3e4d659775ba5e33676a3b1

                        SHA256

                        2666d885ac1c19520474e24b140108c21cdc4f13961a9be9b1d1abfbc4af7f2d

                        SHA512

                        2f3bdc549485c1a22feda8323f7485c598e604e98f319ace9c4fd3e17f5a08f796e0b4a4048621242b1e0da75a10f0af82da723d2babb807f560ab14a252f70a

                        Download Submit

                      • C:\ProgramData\Windhawk\userprofile.json
                        Filesize

                        238B

                        MD5

                        4e9be192d8f1a44429eae3674bb569c9

                        SHA1

                        5d8795184165ac77daa4fceeb2176b2378d7e327

                        SHA256

                        ffa094c6995321ff9438f4468f24f500533d22441d5e8d0a595c3465704ebd30

                        SHA512

                        b605b3d504e9be3f627daa73756b5d7fd5ae48f4f27c18e79c4164069d5f197c8f226d6940d1b74f2e4421343bc2bee0a0222db3183e4c22bc8e6fd0f06eb410

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                        Filesize

                        471B

                        MD5

                        3c8b226246115a7b8f2d27d32489fdd8

                        SHA1

                        233d9a92f388cfb1c726cd0de253d971b83646aa

                        SHA256

                        6034b92678b19b1b9703debe0be2cc3f2846818ebd533fa3067dfe832114feae

                        SHA512

                        df578953d51269c3e29e37555f54275aa033eb10337eb53490234bb81ec5e4bf221cb3930ee8f0ed27a2b92d5e5e6cac91cf1d58763bbba5d12d58b3194c1d27

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                        Filesize

                        412B

                        MD5

                        ee6f58ea951f8573ce73311065badf93

                        SHA1

                        c0d0544e9b393d7e033b6859e2498ff1df478074

                        SHA256

                        b4d402fde0d5752e498d56ab5690579cd4f22fb91d662d1817e8790604068866

                        SHA512

                        bdf13c204b82622a391731e449faf3e9c8cf2af0c430799e221e8bd2d0cf95e82a54fbdb9c602ed9b50ac5851cd09a6c58b8644953b65c824a738aac96bd94b3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat
                        Filesize

                        416B

                        MD5

                        a34674cd4d319e8685df3d1d794b7a65

                        SHA1

                        4871c29c6ff305f8f70548a41250ea6a6b8b6507

                        SHA256

                        2ea5b533388d6bf74b0eb69826e1fba6c88db0d9016e82c98972353c85a1fd80

                        SHA512

                        035302b1ddce38ab38479a9ddf39582ff2baefc402311454a76568538dc6b5dec105718266f9c23bada66fb09d330cc72e6f1128297c670fe1910b5dc730b2f2

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat
                        Filesize

                        213B

                        MD5

                        6e99fb72745f1e07d7d67859f75b9f0c

                        SHA1

                        94f097696c979a91f309f2b422e58098bd3ac3cc

                        SHA256

                        99355162f2662c6fa314467cf7aef48d69e0a6e13f2f103a22d3a91987415fc0

                        SHA512

                        7c6f5816a6811c36d2757b8d6894dd3aef83ad8a5560cbf0d31fdae5a0e5953bd78a383397dc0fb2be83be7961951246e11ab23811a239c4378d896b074a4baf

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat
                        Filesize

                        629B

                        MD5

                        8637184c2370c1577befe934695f9940

                        SHA1

                        8cc7ed55f940c12cfd3e0f4ae4e3d6ede348d268

                        SHA256

                        0081ff38446a7ba048dd5d9872d7e8880451a9e7ebbd0033ab7c4f5b44a67b7d

                        SHA512

                        12867e9e8d00092005c2513cff2934d7b387373667d9fa0d1190f95bc3f5a4ec9e79d5706e08cc93edea7eb8e4f21da6b18c5665c99e05e0dc3976b8e7549e60

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\310091\65b905fc543f49328028f0cf1a35dbeb_1
                        Filesize

                        1KB

                        MD5

                        ce952d79f12a56b0ac78006e1c954ec0

                        SHA1

                        4ccd98e54b5a060ac6f7f76e8d8b56703ad1ba5e

                        SHA256

                        72e2bdfe0bea8fbbb8b70d485e2eedcf117b218e26f6aa377c57b20feb9edf29

                        SHA512

                        f8e66209279250f14fe10794d3c86bb2558b1d6e13aa96e86c3f922274a4c91c889c7df0c25ef14d3371bf0808c859a98bc2df372ef404b5c496a6189fa2c8f3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\e7ccc540a20246e68292bf4956e45eda_1
                        Filesize

                        2KB

                        MD5

                        59c4bb3bfa4394438129f8076129a1e7

                        SHA1

                        70edfe90b5df208eddc8410b246a94734f7ae2d9

                        SHA256

                        9030dcb62bea55aa3ce2c79d818865f9fc71a185cc62bf2c5597e575f68cc952

                        SHA512

                        1989d408607b0b1b8a73d8404791de4ff649c954eb532415147bec69f1ec5cc9012a9f7b69aceea43b6a0e054bd4ca7205e5f30ca027206e6ce18767fd722ad2

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{55ef1c0a-344b-49d1-80fd-bb1406b45e84}\0.0.filtertrie.intermediate.txt
                        Filesize

                        28KB

                        MD5

                        dd096f363150a54248d2ce82e7a7020d

                        SHA1

                        a80ada8ece5b115b52f187a14ae42adb3e859aa9

                        SHA256

                        cd2199fbd8c687e3f299e5673e84d31c6bd76984381a1f0b332b42546e3711fd

                        SHA512

                        477bd2e1925c714b16e6413535f1a4d76244f9699638259c21adc700cfb8e721cb6f80678e6817faa1a6c9f01e2cb323002504844ff0165ec6b4e552cbbebe1b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{55ef1c0a-344b-49d1-80fd-bb1406b45e84}\0.1.filtertrie.intermediate.txt
                        Filesize

                        5B

                        MD5

                        34bd1dfb9f72cf4f86e6df6da0a9e49a

                        SHA1

                        5f96d66f33c81c0b10df2128d3860e3cb7e89563

                        SHA256

                        8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                        SHA512

                        e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{55ef1c0a-344b-49d1-80fd-bb1406b45e84}\0.2.filtertrie.intermediate.txt
                        Filesize

                        5B

                        MD5

                        c204e9faaf8565ad333828beff2d786e

                        SHA1

                        7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                        SHA256

                        d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                        SHA512

                        e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{55ef1c0a-344b-49d1-80fd-bb1406b45e84}\Apps.ft
                        Filesize

                        38KB

                        MD5

                        adbff37c2f9ba8b59bdb08abe51a45a7

                        SHA1

                        94a3a68fc9fa35d7304c902db69dcf69ead1e043

                        SHA256

                        80551c4e6291bdec9c589f14c8bbf47ef0640176569c79e72e04e37969ef2e17

                        SHA512

                        48a3515018bc79cec55e2f5571ec052949349d6134f4e0b9320fb1ea4c40af3c2a97ff9b1b2329788df0981ffd1fc7fae6651c8acd719c86a8ae34cad56f85a4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{55ef1c0a-344b-49d1-80fd-bb1406b45e84}\Apps.index
                        Filesize

                        1.0MB

                        MD5

                        7786ebc0768f466df0eafc488232fd48

                        SHA1

                        79b1be7f89024681b203ddb1981672ab39225303

                        SHA256

                        be112a29104f672e5d4fe27d250cb6e3461439c06fe5e12a0f4d8312d9374cbc

                        SHA512

                        8aae8d3ec6e0b182e07ab25bc13e1080bc3656d5abf613e475d393f8be411769bfa2e8f735d1d3269b3b95e5a8bb202b2442a8e37488dfb1dc12b9d89c888349

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133654798716431221.txt
                        Filesize

                        76KB

                        MD5

                        906d803efe756b5cd84c632aef8f4b86

                        SHA1

                        60caf9a5380787d5b34e0c5888dd84bc027d8b00

                        SHA256

                        ce7b372dc8b3546fe97ed3bef5443da919da57a1e102b28a47929929f4f6ed42

                        SHA512

                        0ef32b1b03ef16d51da42dbdd21e33aeefde906bb8cfcdcb768688ead1ff08337d49aca6baa5b9ed3cf8c114760ffd8398ed11e14243ac17eb2abdad5831c522

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_20throle.llv.ps1
                        Filesize

                        60B

                        MD5

                        d17fe0a3f47be24a6453e9ef58c94641

                        SHA1

                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                        SHA256

                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                        SHA512

                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\AccessControl.dll
                        Filesize

                        15KB

                        MD5

                        d74bb4447af48da081c7d9b499f3a023

                        SHA1

                        dadf6e140e6fd8e49a1851cc144bb022e0adb185

                        SHA256

                        5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

                        SHA512

                        9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\ApplicationID.dll
                        Filesize

                        198KB

                        MD5

                        91c2e2f34b5bba068e9a6178e13a4e5c

                        SHA1

                        affcac00894c9afd152e55d0bff7899349edcd6c

                        SHA256

                        f6851dcbf0a39edecd8a46564bc455e5273736c3dbcb02b954c201c79ccdf117

                        SHA512

                        ce7f629bc0e6e10eca9d671513062f353d8d47666df58c9ad7cc7f767df520b75b2da1f9d6551eae86c738455919463ec89a0c3dc2a8366fa021e6fa6e292000

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\INetC.dll
                        Filesize

                        25KB

                        MD5

                        40d7eca32b2f4d29db98715dd45bfac5

                        SHA1

                        124df3f617f562e46095776454e1c0c7bb791cc7

                        SHA256

                        85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

                        SHA512

                        5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\LangDLL.dll
                        Filesize

                        5KB

                        MD5

                        50016010fb0d8db2bc4cd258ceb43be5

                        SHA1

                        44ba95ee12e69da72478cf358c93533a9c7a01dc

                        SHA256

                        32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

                        SHA512

                        ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\SimpleSC.dll
                        Filesize

                        1.1MB

                        MD5

                        7b89329c6d8693fb2f6a4330100490a0

                        SHA1

                        851b605cdc1c390c4244db56659b6b9aa8abd22c

                        SHA256

                        1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d

                        SHA512

                        ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\System.dll
                        Filesize

                        12KB

                        MD5

                        4add245d4ba34b04f213409bfe504c07

                        SHA1

                        ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

                        SHA256

                        9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

                        SHA512

                        1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\WindhawkRunUITask.xml
                        Filesize

                        2KB

                        MD5

                        c5a8c610ef39cca87d8eb9c43b85184d

                        SHA1

                        059446b83be2ada64e91e7b86b51dc55bfdd1355

                        SHA256

                        10b198979ca99ca5bb387af5684014227687a00cf9e0ff71ea8a0ccfcf8250fc

                        SHA512

                        1c0f5a36df78d5734ee139138b903dbdf85108d7b78abc76cdb1afd528103fba514e403404bff2eef9b7ad7f115b5b365cf1767377ed56d22fc27de175df3a31

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\WindhawkUpdateTask.xml
                        Filesize

                        3KB

                        MD5

                        0d491cb019706b240a1e1609e7af1d62

                        SHA1

                        5ee0f4562e191b7eba6311916b491a22e96cfe35

                        SHA256

                        1d7953c818cf16cbd0275c3d6da884b8f872dd14fabf14bd2c13e2a32c24c62c

                        SHA512

                        4a88081d8b76f84c74bcdcfbc84067de57a508e0a1c7cea0b17585086d3943b76158622b2d7b02d0847e8aca70be0897309c5424452e3a9b2e8a6c6fe3598f5a

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\nsDialogs.dll
                        Filesize

                        9KB

                        MD5

                        1d8f01a83ddd259bc339902c1d33c8f1

                        SHA1

                        9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

                        SHA256

                        4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

                        SHA512

                        28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\nsExec.dll
                        Filesize

                        7KB

                        MD5

                        b4579bc396ace8cafd9e825ff63fe244

                        SHA1

                        32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c

                        SHA256

                        01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b

                        SHA512

                        3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\nsa9F9D.tmp\nsis7z.dll
                        Filesize

                        424KB

                        MD5

                        80e44ce4895304c6a3a831310fbf8cd0

                        SHA1

                        36bd49ae21c460be5753a904b4501f1abca53508

                        SHA256

                        b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

                        SHA512

                        c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                        Filesize

                        2B

                        MD5

                        f3b25701fe362ec84616a93a45ce9998

                        SHA1

                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                        SHA256

                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                        SHA512

                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                        Download Submit

                      • C:\Users\Public\Desktop\Windhawk.lnk
                        Filesize

                        1KB

                        MD5

                        fa6318d106141a2ed17832cc1c99509f

                        SHA1

                        1fdc2dd0aac42796d052a2f2691b2aab3db39725

                        SHA256

                        62713d848cbe71206c59366ddd903819e4ad62b8ee04a789dc566801b76ce861

                        SHA512

                        71ab030dd77853628253e6fdebc4e9e469dd91e83210359bd10142443ddd3d9f1f18ca93695e5ca424d3b30ec956305fdc498bbc3f76274ededa57ae2252d618

                        Download Submit

                      • C:\Users\Public\Desktop\Windhawk.lnk~RFe5848bc.TMP
                        Filesize

                        1KB

                        MD5

                        28c7211a4f5228cc4efc8ed558f148fc

                        SHA1

                        1fc7e7d7b0a0cf7610d2bb8b12a1f4cd487ffc8b

                        SHA256

                        aa0e13f09e6436f68430e2b843f09fcf41a7746ec3b830e2d39c08fbb9959938

                        SHA512

                        cd8870ba1078840adb8bbab422143b2b62d8f770c9d56fbac2ffabe2fbc409e96291a1e5deae72c16a7598c8bad86d3c6f1b9e7f3a2a0fc2541240f302f12b33

                        Download Submit

                      • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
                        Filesize

                        471B

                        MD5

                        81078f55b23214a90b162efce08c5496

                        SHA1

                        d8f80b291f7a6b696fba795ffe9d2ad25d742157

                        SHA256

                        eca3948e901e45f66846378aaa6ad432a9b1406ea576b130e56b56788ca28869

                        SHA512

                        409df815dbc88374e1c8d1d53e59daae85acaa297e04ff93f86f9dc8eb7f3b785d0942e5298f8131303fc9488edc8d977a28f58baf25385eed412d9926a0707d

                        Download Submit

                      • C:\Windows\Temp\RGI3FBB.tmp
                        Filesize

                        24KB

                        MD5

                        3006752a2bcfeda0f75d551ea656b2ef

                        SHA1

                        b7198fc772be6d6261ed4e76aca3998e8f7a7bdb

                        SHA256

                        dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a

                        SHA512

                        3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854

                        Download Submit

                      • memory/396-10955-0x000000001E960000-0x000000001E961000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1084-10957-0x0000000000610000-0x0000000000611000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1624-11796-0x000000000F250000-0x000000000F251000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1696-10978-0x0000000000760000-0x0000000000761000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1948-10970-0x0000000003D80000-0x0000000003D81000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1948-11000-0x0000000003D90000-0x0000000003D91000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1948-10920-0x0000000005BA0000-0x0000000005CBC000-memory.dmp

                        Filesize

                        1.1MB

                        Download

                      • memory/2696-10939-0x00000000113E0000-0x00000000113E1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/2824-10941-0x000000002D6D0000-0x000000002D6D1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3116-10943-0x0000000012D10000-0x0000000012D11000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3440-10945-0x00000000030E0000-0x00000000030E1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3440-11978-0x00007FFCD2D80000-0x00007FFCD2D81000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3500-10966-0x000000000BE70000-0x000000000BE71000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3528-10983-0x0000000001660000-0x0000000001661000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3528-10974-0x0000000001640000-0x0000000001641000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3628-10972-0x0000000014790000-0x0000000014791000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3828-11042-0x0000000000130000-0x0000000000131000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/3828-11093-0x0000000005500000-0x0000000005854000-memory.dmp

                        Filesize

                        3.3MB

                        Download

                      • memory/3828-11100-0x0000000007280000-0x00000000078FA000-memory.dmp

                        Filesize

                        6.5MB

                        Download

                      • memory/3828-11057-0x0000000004DF0000-0x0000000005418000-memory.dmp

                        Filesize

                        6.2MB

                        Download

                      • memory/3828-11101-0x0000000006070000-0x000000000608A000-memory.dmp

                        Filesize

                        104KB

                        Download

                      • memory/3828-11051-0x0000000000D20000-0x0000000000D56000-memory.dmp

                        Filesize

                        216KB

                        Download

                      • memory/3828-11086-0x0000000005420000-0x0000000005486000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/3828-11087-0x0000000005490000-0x00000000054F6000-memory.dmp

                        Filesize

                        408KB

                        Download

                      • memory/3828-11099-0x0000000005B70000-0x0000000005BBC000-memory.dmp

                        Filesize

                        304KB

                        Download

                      • memory/3828-11098-0x0000000005B40000-0x0000000005B5E000-memory.dmp

                        Filesize

                        120KB

                        Download

                      • memory/3828-11085-0x0000000004BF0000-0x0000000004C12000-memory.dmp

                        Filesize

                        136KB

                        Download

                      • memory/3856-10947-0x0000000025BE0000-0x0000000025BE1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4036-10950-0x000000001CFD0000-0x000000001CFD1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4232-10968-0x0000000003620000-0x0000000003621000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4804-11392-0x00000000023C0000-0x00000000023C1000-memory.dmp

                        Filesize

                        4KB

                        Download