Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://winaerotweak...

windows11-21h2-x64

8

Analysis

  • max time kernel
    312s
  • max time network
    305s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-08-2024 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://winaerotweaker.com/download/

Score
8/10
discoverypersistenceprivilege_escalationransomware

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 21 IoCs
  • Drops file in Windows directory 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 26 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Control Panel 29 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 40 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winaerotweaker.com/download/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc66253cb8,0x7ffc66253cc8,0x7ffc66253cd8
      2⤵
        PID:4244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
        2⤵
          PID:1264
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:656
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:4880
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
              2⤵
                PID:2972
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                2⤵
                  PID:4668
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                  2⤵
                    PID:3892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                    2⤵
                      PID:4672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                      2⤵
                        PID:4688
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3164
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:428
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                        2⤵
                          PID:1200
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                          2⤵
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1492
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2756
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3228
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:3560
                            • C:\Users\Admin\Downloads\winaerotweaker\WinaeroTweaker-1.63.0.0-setup.exe
                              "C:\Users\Admin\Downloads\winaerotweaker\WinaeroTweaker-1.63.0.0-setup.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              PID:4272
                              • C:\Users\Admin\AppData\Local\Temp\is-84GL9.tmp\WinaeroTweaker-1.63.0.0-setup.tmp
                                "C:\Users\Admin\AppData\Local\Temp\is-84GL9.tmp\WinaeroTweaker-1.63.0.0-setup.tmp" /SL5="$A035E,5100998,832000,C:\Users\Admin\Downloads\winaerotweaker\WinaeroTweaker-1.63.0.0-setup.exe"
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of FindShellTrayWindow
                                PID:2600
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweaker.exe /f
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3028
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /im winaerotweaker.exe /f
                                    4⤵
                                    • System Location Discovery: System Language Discovery
                                    • Kills process with taskkill
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1624
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweakerhelper.exe /f
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3292
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /im winaerotweakerhelper.exe /f
                                    4⤵
                                    • System Location Discovery: System Language Discovery
                                    • Kills process with taskkill
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3168
                                • C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
                                  "C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe"
                                  3⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4920
                                  • C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
                                    "C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe" -profile="C:\Users\Admin" -sid="S-1-5-21-2842058299-443432012-2465494467-1000" -muil="en-US"
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    • Checks processor information in registry
                                    • Modifies Control Panel
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2916
                                    • C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe
                                      "C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe" -
                                      5⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:1832
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winaero.com/windows-7-games-for-windows-10-anniversary-update-and-above/?utm_source=software&utm_medium=in-app&utm_campaign=winaerotweaker&utm_content=getgames
                                      5⤵
                                      • Enumerates system info in registry
                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                      PID:2880
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc66253cb8,0x7ffc66253cc8,0x7ffc66253cd8
                                        6⤵
                                          PID:4464
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
                                          6⤵
                                            PID:4432
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
                                            6⤵
                                              PID:4924
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
                                              6⤵
                                                PID:928
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
                                                6⤵
                                                  PID:3376
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                                                  6⤵
                                                    PID:1728
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
                                                    6⤵
                                                      PID:5824
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
                                                      6⤵
                                                        PID:6036
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
                                                        6⤵
                                                          PID:3120
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                                                          6⤵
                                                            PID:1920
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                                            6⤵
                                                              PID:6320
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                                              6⤵
                                                                PID:6368
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SendNotifyMessage
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:984
                                                    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2396
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4084
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3928
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3912
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2712
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1920
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4176
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2364
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1576
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3168
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2956
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3356
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3348
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1948
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3916
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4972
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3956
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1340
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1380
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4868
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4464
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3648
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Sets desktop wallpaper using registry
                                                      • Checks SCSI registry key(s)
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3636
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:828
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4140
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2756
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:436
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3936
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2360
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2728
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:644
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5048
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4136
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3852
                                                    • C:\Windows\System32\rundll32.exe
                                                      rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\aero\aerolite.msstyles?NormalColor?NormalSize
                                                      1⤵
                                                        PID:6208
                                                      • C:\Windows\System32\rundll32.exe
                                                        rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
                                                        1⤵
                                                          PID:6328
                                                        • C:\Windows\System32\rundll32.exe
                                                          rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\aero\aerolite.msstyles?NormalColor?NormalSize
                                                          1⤵
                                                            PID:6408
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6456
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                            • Enumerates system info in registry
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6636
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6644
                                                          • C:\Windows\system32\AUDIODG.EXE
                                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
                                                            1⤵
                                                              PID:7032
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                              1⤵
                                                                PID:904
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:5228
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:5400

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Program Files\Winaero Tweaker\WinaeroControls.dll
                                                                    Filesize

                                                                    428KB

                                                                    MD5

                                                                    08dff3b716f7382929f613439cf9e835

                                                                    SHA1

                                                                    fcbfb0748fc5fc2315c336c2a582d399f0451659

                                                                    SHA256

                                                                    59f92064ff838dfbb8a52392b3bc427ae54daf9e1f6325e880cb1010456a5ee5

                                                                    SHA512

                                                                    d6cd9cdba81879c608796b9b7ceb5f99a06a91ed2d3b779e8c219defccdd45b2c79082b2b2fbfa995acb26954cc8b61708c81e26666403dc0295078e5cce2003

                                                                    Download Submit

                                                                  • C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
                                                                    Filesize

                                                                    5.2MB

                                                                    MD5

                                                                    99c3342a209d92e537879699108f8288

                                                                    SHA1

                                                                    58ebfcc943cc6abd064dd176f79a1e8fa04759ed

                                                                    SHA256

                                                                    bd2eb1ade28a7a3023b8e96ea1d44c82c7df50fcbac460c63c05ab11d7849bb4

                                                                    SHA512

                                                                    76b1a5c27f724297f247c32b40c7c05f0afde0f19aba31199f7b82ea5b0b52b97bb718eb757352c35d9683162d94486c888a04ffe5d2d6de1e072b090de14dc0

                                                                    Download Submit

                                                                  • C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe
                                                                    Filesize

                                                                    330KB

                                                                    MD5

                                                                    8e0aec38406afacff9487529add32c74

                                                                    SHA1

                                                                    4a7973910178147b217107db30610bf3416f2745

                                                                    SHA256

                                                                    c789872a6141e19f9cb71abb8260c8303a2ac48dfd86f36912a4649800a78d39

                                                                    SHA512

                                                                    a29bac662446c238c787635654a1787471c484c5887cca5838361c232dca1d32220b50f36fe918b39db7d6f1976f0584332386340e96a7f85e2d71123014e62c

                                                                    Download Submit

                                                                  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winaero Tweaker\Winaero Tweaker.lnk
                                                                    Filesize

                                                                    957B

                                                                    MD5

                                                                    a895c481eb685bdf81f1d2b49b69d3b8

                                                                    SHA1

                                                                    f2b7073b70576744659a7208e6419b9f24cbe1aa

                                                                    SHA256

                                                                    0bd241d32a22ebe5b4a8f1aab6b3aa3a566e0367dfb947c08e47b2ee849b2217

                                                                    SHA512

                                                                    36777ab576a7796f359883a185076dfd4ecca937dd72e869d61c3e727f4d8986a7e39003815ca49c88970695f9fa8e72956d95cf5b70223557ac068cd7ca766c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WinaeroTweaker.exe.log
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    b4e91d2e5f40d5e2586a86cf3bb4df24

                                                                    SHA1

                                                                    31920b3a41aa4400d4a0230a7622848789b38672

                                                                    SHA256

                                                                    5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

                                                                    SHA512

                                                                    968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    026e0c65239e15ba609a874aeac2dc33

                                                                    SHA1

                                                                    a75e1622bc647ab73ab3bb2809872c2730dcf2df

                                                                    SHA256

                                                                    593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

                                                                    SHA512

                                                                    9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    14ca834b924778d8f3231a79a5a4ac55

                                                                    SHA1

                                                                    ede34d8927e7de7a82eb7d055d9163955b19bcc8

                                                                    SHA256

                                                                    a05f0f9564e1f71efa399df476d40a9851a4b0fa6c0f3592de77a1c24707f7e0

                                                                    SHA512

                                                                    6601b36e64a5b3cd87615f0c2241dc7ad2f31426895f560e2183a328942d16aeaed5bb0c7cd3eb01717f6c6d6233a5b0355185d0087813527cdd10b9cd641928

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    922ac5cdb4bccfb75cea3666c8d11dae

                                                                    SHA1

                                                                    82572dcfbd5178cdd5be483848563beba7046b1b

                                                                    SHA256

                                                                    092fbefe4a5236e76c2e91d9175bb8464f79d537265ba79d7ad13bbaa14126dc

                                                                    SHA512

                                                                    46cba86976f5e39434e4f33f426f3a56d54b46dd8b267a85b3061c6da9cbf6a03eb0c9d18fe917ae01eb25ebac607766623ac0141a9fe7a3313c65a76010510e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    228fefc98d7fb5b4e27c6abab1de7207

                                                                    SHA1

                                                                    ada493791316e154a906ec2c83c412adf3a7061a

                                                                    SHA256

                                                                    448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

                                                                    SHA512

                                                                    fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    1995f9a43605147aa63d35285949daf4

                                                                    SHA1

                                                                    d35ab860e2d1d75d27be4e214b4949b52260a3ba

                                                                    SHA256

                                                                    8bd6d1583efbcda3336fa66f9cc710b237206a5201ad6550c8af2586a5af271e

                                                                    SHA512

                                                                    9989e8bd1414b1e77ef09cef1fdc6908da0f50e74e926e6928e623d6d4ff544c63be1151c272257a45013e7348ed9ed5ec1631b7776ea8f287c31de37e3113ca

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    623caeedf78e884a9bf4cd6133f07d3c

                                                                    SHA1

                                                                    97384fcdabed1ce1f8b3ec633b734df13994c0e5

                                                                    SHA256

                                                                    55392b049d7b587c1df526f98495c406e7d004f60cec0d77636621f523f314b8

                                                                    SHA512

                                                                    05960d6d022c11b41514be1e65e25bd8e8690e9f28da31a6040cba4417aa5fca0ee191fd0cd69f2936864efa9d8b737362c575a33395ef6f4c23af964d23c1a8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
                                                                    Filesize

                                                                    1.0MB

                                                                    MD5

                                                                    9314a4ee9e223e1a075aa80d5aae7bd6

                                                                    SHA1

                                                                    7123818a8330d29bc36e8cfe7daac4790d0e1997

                                                                    SHA256

                                                                    0a132b88a2824470229cf8efdfa8e617f0455da946baa9fcf5192b5f282bd526

                                                                    SHA512

                                                                    08f0125377051dfa809d0dbd329748288e87c8b7ebc98930c6609a0408b1bfc2253dd6af65e77018eebb59050d6fb92056d24d08fecf497a85012178cebaf06a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                                                    Filesize

                                                                    4.0MB

                                                                    MD5

                                                                    2b8f2ca020d5d2c30eaefc4a4aa8841a

                                                                    SHA1

                                                                    6ee163702c5974de1fead066898b3be1f32573b9

                                                                    SHA256

                                                                    5a759535df77ba72bbfe00a8a703009dde5983242a809e5922360961021dfd80

                                                                    SHA512

                                                                    5417cd538118b7bbc7b6ffc60a13b2149d45d428702da25450b4d199b681c9d1da2c65bb11e63ba5d572416f95c2eeaef395f178c5ff815994cc223f6b6b73e8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    336B

                                                                    MD5

                                                                    45187e089dc83fb89885c3dd3409bbd3

                                                                    SHA1

                                                                    acefe35ff424ddf987b16ccafd534a2486830329

                                                                    SHA256

                                                                    b49eab3ba7b2cbca4905c487eeb97e443977575eb534b22e41b17b2f04f13a8f

                                                                    SHA512

                                                                    cdee7353b88827608a288c842b154a12088f928fb33c090ce1fec773413a8d309a61eff031fe28c493c1a1cf9f16f6aa8747aa098d0ed90954c2b2ade9907806

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
                                                                    Filesize

                                                                    24KB

                                                                    MD5

                                                                    4b569c5cfc4ceaaf7952fd6c69ac8542

                                                                    SHA1

                                                                    96005a9d80111a399009a8361858e3b905578510

                                                                    SHA256

                                                                    9f530ab7f6aa00341d4d10638218eb3660a5bb2d9c888c7f0331bfe0fdb47970

                                                                    SHA512

                                                                    ba97dc6bb35ddb4fc7ae8126ec9fe84460464c102efe5bef32781602eddc2bd7bf1294eab0cad485d84cf6b22b1f2bf81676e03cba59e585974687c7ae06fb23

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    7bf336403dbafc5e1907e13803e5a234

                                                                    SHA1

                                                                    5ab8653740b969850e21adc3f65bd8e15a7ef48b

                                                                    SHA256

                                                                    a892fc87155551d826b57e259fbad01bd554680f1a9f997591f0886e6181d872

                                                                    SHA512

                                                                    e7b3eb9eb8fbc72b932c7581f9c79ec6ed84a1a681f8de50e3d315976a85e2181c30a4a2b6e346244fafd5534a594918d2251f1383b1d223de84866ff152e4a3

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                    Filesize

                                                                    116KB

                                                                    MD5

                                                                    306139e9aeac4b07d6a4a3c6349c3e93

                                                                    SHA1

                                                                    e612a6e84a7bfb3935a3b8d2a4e4613bb40e390d

                                                                    SHA256

                                                                    429bcb6c21fe97d7e97fdf2b4a871259e853fdd343b2c0196986e9fe31d18ad0

                                                                    SHA512

                                                                    612c2b13b4b3fd718bb91726f2676e237a5fe7524d289e5e7c6c7d8eccdb14c72dd31b31f0d0f22069d4b5c444c5644d2b0a359c470e1ee9857370e7da2b2e33

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
                                                                    Filesize

                                                                    422B

                                                                    MD5

                                                                    a1a8b5bc1594270c89004bad25e2f0b3

                                                                    SHA1

                                                                    10a10c72bb8a1bcbd812e3a667019d0953eee19b

                                                                    SHA256

                                                                    01f43c96729df75a225f0932d58182f5bc36e2647037dc6fd1147e00f1d51b7b

                                                                    SHA512

                                                                    18b0849811fd8342dc83a18487dade04bbd6113d611ebda46274b33b77d2b8fde46fc59379bc2e99a235f1199c45f83ef48351070ffd6e480add12b46d1cd38b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                                                                    Filesize

                                                                    28KB

                                                                    MD5

                                                                    dab46028ab7939d7b3cd550ebc1f4157

                                                                    SHA1

                                                                    bca942e8b53e283f674a2f251ef425bb41930faf

                                                                    SHA256

                                                                    45f617376338eff741def8928c3e7c916f760ea6fa6710e83eab38f1d31e0ab1

                                                                    SHA512

                                                                    540f69a8ef4e804d4c88f53fd7f76663741d71887fa3a7208c796f703e0298d4856ac1c2ced0ad6f1ea7cc02257369689c2e7ddea860f8b265643d5c515b6c2a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                                                    Filesize

                                                                    331B

                                                                    MD5

                                                                    367deab4e931d4a3d54f16ec1fb2945f

                                                                    SHA1

                                                                    fe61aa85f39d23c7dfbfcb3a64a95ea9ac276861

                                                                    SHA256

                                                                    b64d77353042eb381a1af23fbf45c38824add03df1ff70aa9cb4ea8ea4a32d37

                                                                    SHA512

                                                                    3fe3eb36d7ae82cdc39a263ef22b71dfd28a369771047d05b39f926903cad6e66ffac84a2ef90622421d89b921e94a69ff4e4907f46ad1907d3caf163ee7f283

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    180B

                                                                    MD5

                                                                    00a455d9d155394bfb4b52258c97c5e5

                                                                    SHA1

                                                                    2761d0c955353e1982a588a3df78f2744cfaa9df

                                                                    SHA256

                                                                    45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                                                    SHA512

                                                                    9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    211ec623cb793d49cceea393b05a9533

                                                                    SHA1

                                                                    82c26088791438ce28a418f3e07c7fa8aad3e5a3

                                                                    SHA256

                                                                    8243fa09254594828955566dbe733a5b36fbbcb3a28c42b3516d813c5f7366b3

                                                                    SHA512

                                                                    0c1ec3a9e4e7091911e3a9c90fe219b7ee1bc0b5d95a09fba84fe004cfaeccd7f7f0abfb3c8bcd52770d843db7e96cc3c420fba99aee4f51d20ced030b97ab26

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    9432c74334a18d6c8a41004c5d0876df

                                                                    SHA1

                                                                    7503a6196bd8df4963c3310d5cbcea504fc8ff48

                                                                    SHA256

                                                                    4462e8ddb23526af5620fd100b266d41bd35941f33275e77d49998d46a94261f

                                                                    SHA512

                                                                    af5b019a92be8045a0cc320888b7d50e567fe47f7f7b09f175d49aa2e1c2701d18d686d87e1cd8426fb97d0241d659a1c672f4b63d99b8156d3f2eccc36b1d7c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    9567d096760f1b7cd3b2fb98724ed32b

                                                                    SHA1

                                                                    b283a0d2ed1ff88a12ae8c41508249ed2f484342

                                                                    SHA256

                                                                    d9874551d3891f60446829fbeff5b2065b20e3191c12f9bc1ce6d66a51f4106c

                                                                    SHA512

                                                                    dd9a41bbe9e5882dca6c0235daa4ceaffea140beb4edd9890dd51a5ea141a95fec4ab10bbaed6d03e67a1c553e5b140694938c44e63d11e78fb18fd5fe3b34c1

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    26a35db2cda96e627425a1b72ab6d0b0

                                                                    SHA1

                                                                    72f724e3cee0ffe7af59022392cf7cb3aca9e3f8

                                                                    SHA256

                                                                    ee6afe2f039a177ed4de2054ba133fb7e541c9909b9ac8a09045d63d63ff6e04

                                                                    SHA512

                                                                    654927b6544f19fa1de3b10982ff727357b91f9d5ac4490296f1f2a9527f1f5881f92ed6f24e69fccad96b37f21cec24eaeb62f13070e3466ad81e2df2eeae15

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    3b9f3af9b7ddd1d5c600d2f2d3c80a90

                                                                    SHA1

                                                                    73f56646a4f0b5226abeee20c1b017ea72ae6782

                                                                    SHA256

                                                                    5a39cfc5cb038de2ee5687b4a8637e4794ab7b466c13309c3b81d39b6c76c401

                                                                    SHA512

                                                                    c9e32f0667eae9958275444f2a9af55e144b43d4a76f7a3c296aa5657813f2f5a04b049fa3bf1d2c8ce1e93ed653f5df135959ab0bad026dde9b1e46acb87bac

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    149152a2f0917eb1bdb62268e7667a54

                                                                    SHA1

                                                                    b24054fac938798ef021e992420d46ed1b7f725d

                                                                    SHA256

                                                                    13adf7a48fcc131181bff9081b758c7d3c7ee26ed384f33cf39ced9a0afbb50f

                                                                    SHA512

                                                                    ceee8b16ea6443f7b20eaa389fc425305ac97fceb8a3523b9b16bc00e0cd5998ebe205894118016106e2ee203e9b18244edc68d8b98ba0efcd7ff43e1a357205

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
                                                                    Filesize

                                                                    175B

                                                                    MD5

                                                                    6153ae3a389cfba4b2fe34025943ec59

                                                                    SHA1

                                                                    c5762dbae34261a19ec867ffea81551757373785

                                                                    SHA256

                                                                    93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

                                                                    SHA512

                                                                    f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
                                                                    Filesize

                                                                    319B

                                                                    MD5

                                                                    d1712bfb5c221cb71972aa4df8902483

                                                                    SHA1

                                                                    8e42adf587c4d6a7fbc8f6e63ab573ba8a404235

                                                                    SHA256

                                                                    5996510e7eaa7a472aaf9614a167260368f09a45e71baf385a8abcaa1557d95b

                                                                    SHA512

                                                                    c8d8852e6cf14bcd4d6e295f62fbffd5710c7ec687cb138f1a33dbf96d384ad636a49176189019c195e2dd9fd78a670876cf2991cdced12fb608fd6a6dcc3de2

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367406511328491
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f3d3b82d29cf4e5661077d17187443df

                                                                    SHA1

                                                                    75feecf99000b74dcde29786d60666bc017a6954

                                                                    SHA256

                                                                    d55d3983fa1f5ce85b4352bd1b18c1c26ee4ef144b14da040cdb0af1ee7dabdd

                                                                    SHA512

                                                                    7cf57fca78fa5779e0616888efa674f50903a74425eca885ed1ca28cfb80fe758e48ad91d49dcb93a2fedcb728e001bda7209d7dcc98e2b610952b1f6ae7c1e8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
                                                                    Filesize

                                                                    112B

                                                                    MD5

                                                                    2eb175f2766b262292f3c4335a67e383

                                                                    SHA1

                                                                    820de21a000ee2d3cccacf39b0157f57be4adddc

                                                                    SHA256

                                                                    1377bf290cc29a184322ebd8219699a16ec15efa6a95fbb06d0a2de26e497069

                                                                    SHA512

                                                                    99a99b204f884bddf7e5415438c3862f9a2fe0a30f882d791ce035c5686702c685e16681fd5217be85e7442cb521729a60cb44f858e6660d78d6a9b0a642f0e9

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                    Filesize

                                                                    347B

                                                                    MD5

                                                                    ab75d64edc73b550501215930ccb1e67

                                                                    SHA1

                                                                    0a66eea1ff3551ed704800756788a80112f6542d

                                                                    SHA256

                                                                    bea853fc63154b5de053cfc4a8cd40804ff78990c3640f1e568f2a55e5b14f51

                                                                    SHA512

                                                                    b59633d257102ba9cd7cae75c57d75b0bbdf4661cf6d4b270f112524089723c84c28b9592290819f82086a6c59057475066e535e8244e7583f58f3daf5f7e509

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                    Filesize

                                                                    323B

                                                                    MD5

                                                                    2f8724fdd7b4aefa42f1514e19a87a77

                                                                    SHA1

                                                                    ac361a8c83958f4555e26e5b1ca27cabc8903333

                                                                    SHA256

                                                                    cb9eedea9810000e338e789435949663d417e55735d41b64bd239158061cef05

                                                                    SHA512

                                                                    d24e5057c7d2fc56ba42d2b76ba197c6f712582cec905a4528c9da85170543f08a1b8bb08a29eb7a5ca6fa8b82c5b52afb3177f1bb0c4609b4c841294db25991

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    89b8a9b7285aa0e973fa6bee80fc9a0a

                                                                    SHA1

                                                                    46a5fc0a4acc6606a054fb121ce6e0b3125b9d4e

                                                                    SHA256

                                                                    6f725a6bdb75a66309e1dc3635f1d9b96485065a752ef4f8e4a5337f3512885e

                                                                    SHA512

                                                                    8cdb8680094ec45b31f5590e09a8bf17f8c2db30205d8fe370d160dc6e21d7860dc883e7d123cd25041551110943439bb1ed179c9eae6a8b74b2dca7698c4b49

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    204B

                                                                    MD5

                                                                    3234ccc59b69799c74fc93e580d98f7f

                                                                    SHA1

                                                                    72b641fff99f0a5632e062162504131ec9facc50

                                                                    SHA256

                                                                    d7d23d66ab3308166d6f205064a776af30c26820a9d3f13dda3b7f016ec1fb66

                                                                    SHA512

                                                                    035f526ea5aa93f37eceecc97b716939cd5f548861ab57f27867730a9bae44668cd9c11355ee6d7993db108b145b1b2afa25534c59cb4e8cf029a27cc83508a7

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    3fddf92518f957a799d8a432a658a58b

                                                                    SHA1

                                                                    c3b06e860591f4c0b57989fedb9485d41c41b7a7

                                                                    SHA256

                                                                    aa6d6d1d8a90b4100e88a935ea34e8d1fdb44bee3acf05aedef87531fed3a8ba

                                                                    SHA512

                                                                    97336c99388e8135f9048b4d87968be061fb4508bae4095f19e140cea877a7724c1310141551479dba503a123368fb37fa55ecbf7fb869cbe02facce5d804806

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                                    Filesize

                                                                    128KB

                                                                    MD5

                                                                    57fa46bdbefeef415c510fb5b3b68f8f

                                                                    SHA1

                                                                    dee719480305a1ad000aea4792784a61a6d447cb

                                                                    SHA256

                                                                    ac6dc30a5fa64c49042cc51c59ee95472d016ea40a5b3e72ad4d848b1aaf86f3

                                                                    SHA512

                                                                    3da1bfef06882da613acc08dc6cc5b5e39a77ec8dcbf8d9db495ec1f8584913a34861dfb6d7b3c2848c403b1dd3f9fc273a04f5574364ec2a0c4ef0bb4f48270

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                    SHA1

                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                    SHA256

                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                    SHA512

                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    aefd77f47fb84fae5ea194496b44c67a

                                                                    SHA1

                                                                    dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                    SHA256

                                                                    4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                    SHA512

                                                                    b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    9e77cbf669d7ff943193af0a9ab9bcc0

                                                                    SHA1

                                                                    d3e1750b05a1475a07ddb55d8f9890d7b507b73a

                                                                    SHA256

                                                                    2edbf342db65d537ad6d65fdc092e3b1c3dff020273392cdd08280fb0c3b24aa

                                                                    SHA512

                                                                    086bcab5dfee0ad9b9ad448451d1f0a6db46383ac25a68c0853f776fd0517354e2ad6e5f81a2d4daab80feb3c2985a1eaea45a8654ba30736c54bf8d50757aa4

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    ba4041f386cf02704b823f0737c159c0

                                                                    SHA1

                                                                    94c951f0f63bf47238cc28a7ecba2ed4d6e7771a

                                                                    SHA256

                                                                    3b97b849bb1580f523af70bb7a883c241cd84c83440b941effb8056edf90778c

                                                                    SHA512

                                                                    ca113cc0d30bbd7915c57fc54a07ccae8313ed56e65e612e61a958a7549ebc89f105dc73c6f5ffc3632d846ff86c249d5e3cd8453e65b9721d76df4a7408df0b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                                    Filesize

                                                                    319B

                                                                    MD5

                                                                    191c88286e81430dfdb362d29397558b

                                                                    SHA1

                                                                    531605e169bff48e8d3d4f7a6639ee7d4319da25

                                                                    SHA256

                                                                    abcdf9e852e69d630065c37900ff67e3045029d37c25eb25c9b594c7b3dc8e31

                                                                    SHA512

                                                                    0e589abdb6d436d4be425afe7ec8bae4287b3ebca694809011827478191e55eefdf30c5160f81c25a7a0088a149d06bc5c9e4dffbb1cfdd8fdcafaf382f6c242

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                                    Filesize

                                                                    337B

                                                                    MD5

                                                                    18d174f5da76e5f10a095f88caabf05e

                                                                    SHA1

                                                                    d998525e23a2c0a65d54a0e6f617ca499b4a944c

                                                                    SHA256

                                                                    07a59d1240bb895f0fefaf42f786cceab351c53dc2c0caa485b3dc36d7737086

                                                                    SHA512

                                                                    2470bffea143905705c9bfbc0fc3ef5025f2639b138317006f1a38e8c73517d9e32246d628ceeb61f16ac8a53b2af4853cac8deea9839966a24e8ebe84704b73

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    9939f326c7050a6d9276f5e28e4a2ff2

                                                                    SHA1

                                                                    7b7151f0c382a07af74c30fb04cc77a4d631e456

                                                                    SHA256

                                                                    11067d180c7ad3db0c02c242d3bc235e8c3abb4aa218bfe8d68f511aa2a35806

                                                                    SHA512

                                                                    dcb8d063082c883668319404b7106078fa0387a1305e0bbbc8dc6a66f958e0e96b4728fffebd432df3384d74b0ffd30424e2578cbb4dc3e1f4bc5fc8d76e8e66

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    8a2eb05fe07ea2c810ca9e8ba2854335

                                                                    SHA1

                                                                    bb393d53d7672f997aab65b47b579ece581de584

                                                                    SHA256

                                                                    35a23c31d037b9a617b1fe4bf86a27b3ac75561e13ad658fb80437c80e44359f

                                                                    SHA512

                                                                    5329d3effd731702ce3fa9ccdeebb3ffad8b4fed82b716572d25a0a5e78b5ddd9dbcd1850c78f186000ff5d89613353781fb709dc71dfe80f7ecf7941827e789

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                    Filesize

                                                                    4.0MB

                                                                    MD5

                                                                    0f9b12aa4d1e7d585604e804e3962b59

                                                                    SHA1

                                                                    9f7ea7952349cc0a27ab0e788116075a12f598e7

                                                                    SHA256

                                                                    cdb52eb882d4005bb736f8057de752a19e69e7690a9cb8d21e5fa15576dc488e

                                                                    SHA512

                                                                    0ea95d00628f4f1a501372def1f40758d32fb2b0eca32a0fcecf750ab02a7b856934ded503ac5d17371377ffef0d0c7a5832d91a10f3163b47d4f2af1cf11e3d

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                    Filesize

                                                                    11B

                                                                    MD5

                                                                    b29bcf9cd0e55f93000b4bb265a9810b

                                                                    SHA1

                                                                    e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                    SHA256

                                                                    f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                    SHA512

                                                                    e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    50c26504d421e32577ef30b007f3d6c9

                                                                    SHA1

                                                                    2767a3f18cbe1f705525312c702211ad20865e73

                                                                    SHA256

                                                                    9161fc767429913f08be0d785921e616d8a667da91f64383643de38c1232d23f

                                                                    SHA512

                                                                    d28162ad27a43aedccf39cee99fe6ef0198662a09b3e15d2c319d0f4fb7949d57830472cc961dac6198205258bd16483ac319f34b546cc1132a76810ca9f6a96

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    63fa9dd750e6d9fff353856110169b61

                                                                    SHA1

                                                                    3519fa14eeb706cc9924b2be9515c6362b69ec83

                                                                    SHA256

                                                                    e434213bd51e214a7598ed0e30c7bcde62d54533df5475d9d79c87219fe92458

                                                                    SHA512

                                                                    4282cbf329949ee1ad587482ddc81d2a75cc27d4a95ba35c56a92a64eb2570f99c677c9bbf6027cb7eae9299793492676d210c6ecb8e4525942c3af1f049f07f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    13c9efbb0f6719b815fefd6df2dd1f03

                                                                    SHA1

                                                                    36ff1f430392301bc59d11af50a7fb3385adf94f

                                                                    SHA256

                                                                    1efb425f9d0c468015790927591bb133800772fd11375f5f4af43424f5833f04

                                                                    SHA512

                                                                    3e1f555aafa53d00afcadc85c0dd64bc238946aa0dc1c39f77d99262cb1f3b005a32df0ce57b1b77af5c03f620fd6ec1c068b9f45ebdf2c960c4fa6c31e079c6

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    7ab7043dd757cb2a9790ff26775ca18d

                                                                    SHA1

                                                                    9416e03d5352cf2a15c69e5b461cc6c024089078

                                                                    SHA256

                                                                    dc937f290bf48e29892a5a7bf5deab5d3ac1ef943da032f7f4f886cae315c42a

                                                                    SHA512

                                                                    1fe3df205c55aa5ce3af6f3aa77abe382e5fdf0f9f726036db6ebef8071f0e5c715533f40fa826b305d90cd756f1d39d29b59803654de200783cf91962330655

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    380f795b11b7818307051eecbddc7abb

                                                                    SHA1

                                                                    1ae148395dadaa95bf45f480b39a3c0668fcf77f

                                                                    SHA256

                                                                    f16b5192f6afa8dc9257b86ed11f2154e10be0e203bb5fdbdda054ba68c32030

                                                                    SHA512

                                                                    b6052149bed2cb8b40f11e482eed3f26f13310e5d8a0dda9460e410489a9cb5630228cf651fd775ddc801fbf851c7ea3323916d3b433dd1c24fb5da075d28f1e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    0ad704caaeb2f8c7c5ccb78060af7878

                                                                    SHA1

                                                                    f938271215daf9bd1cbd12c5849425b9f882d6f4

                                                                    SHA256

                                                                    5f0f6cafa2777eb37d66db89e62b0f3d4d24935cf432a162c3fba939bba31f3d

                                                                    SHA512

                                                                    acee91bd2eaa496ef76b18bf4045a50df68f3d4148993ffbbf9972e0b0e19ee4ce4a2ff6f8a13c425cb885969000184a9d56bb627ce3e53a4e83ada7cd154ec5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    ae1d1e9119679a35707e283a4cf7e2a2

                                                                    SHA1

                                                                    b8a320a3024e1a688e8ea83e009289971dfc7432

                                                                    SHA256

                                                                    6d2827604de933ab316b89ee1edee40c182dc8c79d06ce8e8752d5c649a4d777

                                                                    SHA512

                                                                    415964647f68ffd24a06a466f85f32b143e57b73dd5b2384ca0ed2d20cd57b9d8b4fc7b17b9f32ed638992924b2f4926047333f9499212ffc97c1dca9a7c9c1b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DG8U5NQ5\www.bing[1].xml
                                                                    Filesize

                                                                    17KB

                                                                    MD5

                                                                    cafd9ca61b89c43bb77abb8a45786f45

                                                                    SHA1

                                                                    3e2fc1571583eaeb2d130ac3e3e92fa5a0f86a6a

                                                                    SHA256

                                                                    87846a0c676a1e023f927196a7c49728e106c47408459e1fc7b6283fcff648cc

                                                                    SHA512

                                                                    11cd21d79aa9d3e88249ff9fa6c741f93384631268295de6548a33ce7fed6ca922e9ee5ca47eb19dcbf21575ae997b55d6233b982b0e607e35ffdbe2267e09f5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DG8U5NQ5\www.bing[1].xml
                                                                    Filesize

                                                                    19KB

                                                                    MD5

                                                                    3fd9e76ca947b100478daa67385b2925

                                                                    SHA1

                                                                    286b9951682760c9bc45281f54ed87f8e3e3df89

                                                                    SHA256

                                                                    6de9c540b1b6631e98b2400331d90feb908f35bfbdf6a2f98f9c28c4ee6e1529

                                                                    SHA512

                                                                    a4ec851c7c782579b2a9fc19c0cfb9c65abbc7ce53708c6ab7a7db24f86f13f8c564fa45df0d172431400bb5c75f043ba90c83c96bfd51f5989cfb7d75320c23

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133674065939370099.txt
                                                                    Filesize

                                                                    70KB

                                                                    MD5

                                                                    7a111e9d9331ec7e57e03997ebc422c3

                                                                    SHA1

                                                                    94e63059fa440a6db81dac47ddb534175c525754

                                                                    SHA256

                                                                    e298ebf73ff66672c2f2f478fa5e0a47b8e277d4ae604bf9511f7d1100e3c6f1

                                                                    SHA512

                                                                    7b0bedf878522969e71b5c93b4496f3a6e911694000d7ab0b0dcb5ed63a2b425445fbf480c0b3a5be64041ff3bc7bc50834af1bfc896ac85d7fb08022eb07cbb

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\is-84GL9.tmp\WinaeroTweaker-1.63.0.0-setup.tmp
                                                                    Filesize

                                                                    3.0MB

                                                                    MD5

                                                                    1f8bc6b583179090e759faa5b1c97430

                                                                    SHA1

                                                                    d8ac7e18aa560acb861b37b13ae5622633bd7830

                                                                    SHA256

                                                                    e960ecec070425603934a878e09329edc9a44f2112bfb90e84b162a654074a67

                                                                    SHA512

                                                                    72244fa43407ae2f88d00cdfa3d8ccdc8da0ea663eb60dbfd37ea355a01f861559cfe20801c1f6898792b9d59d8c265cc941bafcc6ca1dd1c1f37bf23f2f695b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\is-UHENH.tmp\_isetup\_iscrypt.dll
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    a69559718ab506675e907fe49deb71e9

                                                                    SHA1

                                                                    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                                                    SHA256

                                                                    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                                                    SHA512

                                                                    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpCB9F.tmp
                                                                    Filesize

                                                                    914KB

                                                                    MD5

                                                                    5ca7ee29380650c8a4bb78db26fa0061

                                                                    SHA1

                                                                    fdf9190b50fccb07bdf7847de49dfee2b393268a

                                                                    SHA256

                                                                    f7ded57798661b3450d43a6f0b0e825e257da131c4bd196687184292bde06f5a

                                                                    SHA512

                                                                    961285ac676521623ce250abfe505986c2c174fb94fc0dcb0e3763275d59496e39e2eb66ba25e6eb7dc258479dd880fe063d16dec772d07009692a5baa9e202d

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
                                                                    Filesize

                                                                    173KB

                                                                    MD5

                                                                    4bf1f81eafa19d271f2619cda73aab59

                                                                    SHA1

                                                                    c93addea632ec24fd3001cf56c6ca933ba8d394b

                                                                    SHA256

                                                                    7b8fa30b1d7d1097597d233e2ad759f996de33439e0616efe0f8c169e7ffe771

                                                                    SHA512

                                                                    d9f9e49f455ac3f7e6aa80f3846d642375bc201ed8969ae6f6af2cd0156d7d76b26b90649b99c633e88274ec12a024b2895a2db0e12e6aee8d107975b1d65025

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 583648.crdownload
                                                                    Filesize

                                                                    5.2MB

                                                                    MD5

                                                                    455613c0a575bc31a050af6f2418d8fb

                                                                    SHA1

                                                                    225f6311e872a226cb69ccd3055d43d86d598a1f

                                                                    SHA256

                                                                    8b46861abb7266c798b27cd6e4cc95e6e81215870128f892236b7a27dfb02b74

                                                                    SHA512

                                                                    991b204b17a7bb91756479d685e6d53e4cb2c7a399a3a04037154c7ef5363cb720fc2d6d210ab2d76078041acd690adbacd927f77c1b7eb224f23ac5bd611967

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\winaerotweaker.zip:Zone.Identifier
                                                                    Filesize

                                                                    26B

                                                                    MD5

                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                    SHA1

                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                    SHA256

                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                    SHA512

                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                    Download Submit

                                                                  • C:\Users\Public\Desktop\Winaero Tweaker.lnk
                                                                    Filesize

                                                                    939B

                                                                    MD5

                                                                    df5245ec78d7cc9e7f33b6df83e993fe

                                                                    SHA1

                                                                    51046bbef2364116feb4ab6a685fb21a79388c38

                                                                    SHA256

                                                                    e922805e762f36b07694c3c29ada75928ae12dd57c21c204c2a05dc00bd10683

                                                                    SHA512

                                                                    5e584607ac54b455a50a58d290c1a9eeb14ecab6212967ebe9442cb3e6c9ac046e3ce061c7d10f0210c971e68930ae1f2aea311868fde52a810b6ed078b8b51b

                                                                    Download Submit

                                                                  • C:\Windows\Resources\Themes\AEROLI~1.THE
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    88bffb88215262f994cf78bc8d189a48

                                                                    SHA1

                                                                    22bf60e5571312dc328e0192eb074a42d1ab506a

                                                                    SHA256

                                                                    5c74009c27a29a9dc832664016ec38b7121687d328091955232cfb283e0b5d23

                                                                    SHA512

                                                                    310e1d795be902b0c9aa4da1b66c063c7a6bdb77edab1507828b923859ce12131a87f2c744cc536e66a175db7f383f7a8875a1a83aa00d7efc099795d1a29583

                                                                    Download Submit

                                                                  • memory/2396-327-0x000002AC78C70000-0x000002AC78C90000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-258-0x000002AC78070000-0x000002AC78170000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-268-0x000002AC78AD0000-0x000002AC78BD0000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-253-0x000002AC76490000-0x000002AC76590000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-251-0x000002AC76490000-0x000002AC76590000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-284-0x000002AC79320000-0x000002AC79340000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-290-0x000002AC79CB0000-0x000002AC79DB0000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-328-0x000002AC79C90000-0x000002AC79CB0000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-348-0x000002AC7ABB0000-0x000002AC7ABD0000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-516-0x000002AC7D040000-0x000002AC7D140000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2600-193-0x0000000000400000-0x0000000000713000-memory.dmp

                                                                    Filesize

                                                                    3.1MB

                                                                    Download

                                                                  • memory/2600-187-0x0000000000400000-0x0000000000713000-memory.dmp

                                                                    Filesize

                                                                    3.1MB

                                                                    Download

                                                                  • memory/2600-130-0x0000000000400000-0x0000000000713000-memory.dmp

                                                                    Filesize

                                                                    3.1MB

                                                                    Download

                                                                  • memory/2916-219-0x000002A6E5980000-0x000002A6E59A2000-memory.dmp

                                                                    Filesize

                                                                    136KB

                                                                    Download

                                                                  • memory/3636-749-0x0000000004C20000-0x0000000004C21000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                    Download

                                                                  • memory/3928-748-0x0000000004FF0000-0x0000000004FF1000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                    Download

                                                                  • memory/4272-129-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                    Filesize

                                                                    864KB

                                                                    Download

                                                                  • memory/4272-110-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                    Filesize

                                                                    864KB

                                                                    Download

                                                                  • memory/4272-195-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                    Filesize

                                                                    864KB

                                                                    Download

                                                                  • memory/4920-185-0x00000223970D0000-0x0000022397600000-memory.dmp

                                                                    Filesize

                                                                    5.2MB

                                                                    Download

                                                                  • memory/4920-188-0x00000223B1CB0000-0x00000223B1EE0000-memory.dmp

                                                                    Filesize

                                                                    2.2MB

                                                                    Download

                                                                  • memory/4920-192-0x00000223B1AF0000-0x00000223B1B60000-memory.dmp

                                                                    Filesize

                                                                    448KB

                                                                    Download

                                                                  • memory/4920-194-0x0000022397A30000-0x0000022397A36000-memory.dmp

                                                                    Filesize

                                                                    24KB

                                                                    Download