Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.onenoteg...

windows11-21h2-x64

10

Resubmissions

25-10-2024 11:25

241025-njmtmazbnp 3

25-10-2024 11:13

241025-nbnqysydld 10

Analysis

  • max time kernel
    403s
  • max time network
    398s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-10-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.onenotegem.com/

Score
10/10
banloaddiscoverydownloaderdropperpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 57 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.onenotegem.com/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8faaa3cb8,0x7ff8faaa3cc8,0x7ff8faaa3cd8
      2⤵
        PID:3444
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:3516
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1112
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
          2⤵
            PID:3788
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:1792
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:1708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2752
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1688
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                2⤵
                  PID:1728
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
                  2⤵
                    PID:5008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
                    2⤵
                      PID:3168
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                      2⤵
                        PID:4648
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5468 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3088
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=876 /prefetch:1
                        2⤵
                          PID:872
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
                          2⤵
                            PID:840
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,18371408327670777114,1225839895166737391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
                            2⤵
                            • NTFS ADS
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3624
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:684
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3320
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:3496
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Suspicious behavior: GetForegroundWindowSpam
                                • Suspicious use of SetWindowsHookEx
                                PID:688
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\NoteGem2024\Resource-24729.dat"
                                  2⤵
                                  • System Location Discovery: System Language Discovery
                                  • Checks processor information in registry
                                  • Modifies Internet Explorer settings
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2064
                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:432
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5BF278E1CB37ED9924B8E92604B32D8E --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:4104
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4DE3E054F574A23900672735D6C326D7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4DE3E054F574A23900672735D6C326D7 --renderer-client-id=2 --mojo-platform-channel-handle=1788 --allow-no-sandbox-job /prefetch:1
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:4960
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB920C0D545EA49861A2F694758984E5 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:4908
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8550D20144C358A6DFDD2768E6634830 --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:348
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8A544135EFF80FB280C21C41FCA50F2C --mojo-platform-channel-handle=2592 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:2216
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4776
                                • C:\Users\Admin\Downloads\NoteGem2024\NoteGem2024-74.0.0.354.exe
                                  "C:\Users\Admin\Downloads\NoteGem2024\NoteGem2024-74.0.0.354.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:2900
                                  • C:\Users\Admin\AppData\Local\Temp\is-DOECQ.tmp\NoteGem2024-74.0.0.354.tmp
                                    "C:\Users\Admin\AppData\Local\Temp\is-DOECQ.tmp\NoteGem2024-74.0.0.354.tmp" /SL5="$700D0,15986411,121344,C:\Users\Admin\Downloads\NoteGem2024\NoteGem2024-74.0.0.354.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    • System Location Discovery: System Language Discovery
                                    • Modifies Internet Explorer settings
                                    • Modifies data under HKEY_USERS
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2336
                                    • C:\Users\Admin\AppData\Local\Temp\is-PBJ7V.tmp\_isetup\_setup64.tmp
                                      helper 105 0x4E8
                                      3⤵
                                      • Executes dropped EXE
                                      PID:3512
                                    • C:\Windows\SysWOW64\regsvr32.exe
                                      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx86.dll"
                                      3⤵
                                      • Checks BIOS information in registry
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2496
                                    • C:\Windows\system32\regsvr32.exe
                                      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx64.dll"
                                      3⤵
                                      • Checks BIOS information in registry
                                      • Loads dropped DLL
                                      • Modifies registry class
                                      • NTFS ADS
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1332
                                    • C:\Windows\SysWOW64\regsvr32.exe
                                      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBCODE9.OCX"
                                      3⤵
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:576
                                    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
                                      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe" /Dsb2024inOther
                                      3⤵
                                      • Checks BIOS information in registry
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      • NTFS ADS
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3460
                                    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
                                      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe" /AutoFix
                                      3⤵
                                      • Checks BIOS information in registry
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      • NTFS ADS
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4620
                                    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
                                      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" AppendRedoFunToQAT 2016
                                      3⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:4764
                                    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe
                                      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe" /VERYSILENT /SP-
                                      3⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:780
                                      • C:\Users\Admin\AppData\Local\Temp\is-2INIL.tmp\me.tmp
                                        "C:\Users\Admin\AppData\Local\Temp\is-2INIL.tmp\me.tmp" /SL5="$503D6,287835,121344,C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe" /VERYSILENT /SP-
                                        4⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4500
                                    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
                                      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe"
                                      3⤵
                                      • Checks BIOS information in registry
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      • NTFS ADS
                                      • Suspicious behavior: GetForegroundWindowSpam
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4032
                                      • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
                                        "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" InstallDefaultAutoCorrect
                                        4⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:3316
                                • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                                  1⤵
                                  • Checks processor information in registry
                                  • Enumerates system info in registry
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2352
                                • C:\Windows\SysWOW64\DllHost.exe
                                  C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:4904
                                • C:\Windows\system32\rundll32.exe
                                  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
                                  1⤵
                                    PID:1188
                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                    1⤵
                                    • Modifies registry class
                                    PID:3540
                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                    1⤵
                                    • Suspicious use of SetWindowsHookEx
                                    PID:3360

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\ArmAccess.dll
                                    Filesize

                                    56KB

                                    MD5

                                    9a125369e4cc6ff6b8e9fd92c9c94fd4

                                    SHA1

                                    d79aa5f8c056390bdd831e513427be8b851d88a8

                                    SHA256

                                    f067e7142ee956c3e4c0c4db7a4f05055e4e259f0c99953bcc950620772cd3e7

                                    SHA512

                                    3629246c4773b8434105ddb34e08e170b0d9b2d3040c1845cf7fa4c25ed32f2f643f92c989de674f9fa353ae5a8a98c7f22a8137843af4b5c67858db715bb26c

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBARCODE.DLL
                                    Filesize

                                    49KB

                                    MD5

                                    fb7be4b265cad7aee7219ffd782d64ae

                                    SHA1

                                    8fa2197b3f3f89e2c74116a3392a4a15cb127d30

                                    SHA256

                                    e8dd70038639fd041567e588b3f81318d840953ddb6049713b71719bc35a13c5

                                    SHA512

                                    4c3f2db4a01bea89262a5c0edc1afe28c0d0931ec6fa1271ec5361028409fc87fde334a9c3ed140237d22dc7cd9908954c6fc8c2dd73c76ae246653bacc8ed70

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBCODE9.OCX
                                    Filesize

                                    127KB

                                    MD5

                                    960a73887d51ef0f768cd9bc4d297ef3

                                    SHA1

                                    a905845dc805b6b2644ed2c4f1924cf802a25da8

                                    SHA256

                                    c5526c75dbff791ec898418d270331fa27e91d6995cdf44c1f1991dddd98089e

                                    SHA512

                                    58ad04d76250b0d3f7a9c8bd0d7f2880b19b5a7600edeae527800adda147dc76c1f09c3009f0a2d66062cd4d9468f98ba63fcdb1ea763bf5e47e4fa4b2f32d38

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\msvcr100.dll
                                    Filesize

                                    750KB

                                    MD5

                                    1c3d7cd25012852e860564a0cb073e30

                                    SHA1

                                    2f9daba995479da4490e36e240aaa4a2f5654716

                                    SHA256

                                    16f61545f0e1f4c03dda10ea3666104fdb07b63bea04c40915cf2fe680fc1dc1

                                    SHA512

                                    f1ef35bb32fd8b867f73825d2a42faacf1f7c43006a65a8ac31514da4456f92a5105f55cbc376c7e4f76ceda7105001850d007a522149b78f4763576a4660e7f

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
                                    Filesize

                                    3.1MB

                                    MD5

                                    4a221eb11fa4b83e96c2651b49471194

                                    SHA1

                                    698bbe12fab2d7935d803aeb88e174ac8d52d669

                                    SHA256

                                    9970e6d0c5e22f22b6a3686f64d450c09d627f88f4f99a91fc0bc88ffeef2e9b

                                    SHA512

                                    3d632e6b86f7574d054d1beb0d320b75e3526eb5dfc62c40b1f01ab4706e5498aace2d74b16d52a44adbdc7f3f493b9695284a1c10702a848ee6b91719b9ae15

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
                                    Filesize

                                    8.3MB

                                    MD5

                                    fb611887fc84c916729acc70ebd034e8

                                    SHA1

                                    d45a114a899bcd220ae7a92b85066a9b8dad3b0f

                                    SHA256

                                    b7bdb52691e78ea81f651128846cd2713bf6536dfd72af0e9e33c1e66f87912e

                                    SHA512

                                    2fc165808506e357d3b67fd43b61374301f580fb9f6164dc7bc9e37873015612d45ef04901aa914d39db317f5a1ff4fd652ffab480d8b1d5511a2fba17654def

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx64.dll
                                    Filesize

                                    6.1MB

                                    MD5

                                    2a76bc075546653076bff642720a7d93

                                    SHA1

                                    f84697fec682679b12291e8f00f47a92869e7a9a

                                    SHA256

                                    80cf65a80c75a5a31c280588d292888aebfe6a98a60a4a54d57b7f91562369ca

                                    SHA512

                                    156e5d65b66d23d0de617872c3ab1175c9be604c40be778e335e88b957d93ac7bbdfef2cdd55eae2a00cc926029298e53936f0612f4d8987ec90d0eaa29a38bd

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx86.dll
                                    Filesize

                                    5.1MB

                                    MD5

                                    0c3425f6f516f4afa60a4ccdd038a00e

                                    SHA1

                                    3de1d78dbbf6163c19a1b0c64e98f59f11d2b775

                                    SHA256

                                    df4ac05b621df1c055dae7af284b4c1fe4b0192d316c134c4886829203483574

                                    SHA512

                                    1dbf942c9e2ed04701ff776ca946d022ca3872462e9a75574d801782ce67de93b38e3ae6a118374b6d53c8f7bb6415c6bc40ba4dfc95bbfc6a0274ab749a1032

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\OnlineNotebooks.exe
                                    Filesize

                                    2.6MB

                                    MD5

                                    5564dbf56d6cc20a0b3f179e2eb1fd47

                                    SHA1

                                    fbecc58caf13151b91ae33ac6265fa26c0f5ea7c

                                    SHA256

                                    9461da9e1810a214ecb5c475e62b7a03a33b80c5fad779b2f282883c511df1a3

                                    SHA512

                                    215849c42a83ac48746e09cab52504cef9ea8c79e0b7083730af940f8be7c26a318469b3d8b59aed1c85b944e657b418901d3f58868770124607074508ecdf94

                                    Download Submit

                                  • C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe
                                    Filesize

                                    668KB

                                    MD5

                                    be389814b8045f31b72873d0dcee65b9

                                    SHA1

                                    d508ab991eb43ee01020274c4fd6a8f0b25fdb46

                                    SHA256

                                    4a55b8a679961fe2f802d77dfe0cd99f87963868e6ed425ddc86fb7c6cf202e3

                                    SHA512

                                    92e54bc106969dc77550a634ac05f7cf9b7611a8fe6f1b144e26fd146858f022eed92742128a39c987bfdea58c61414a625a43e2c177f47909c37b3ec9ca307b

                                    Download Submit

                                  • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                    Filesize

                                    150B

                                    MD5

                                    f55a3555261be508d2c5e49ef20673b2

                                    SHA1

                                    0c0a1790eea746385a4b318ed9827f1bdf960579

                                    SHA256

                                    66be06c1c8b010ff224e1e1b3459a96b9342d98cb1c0706c4f7cc0476a320c41

                                    SHA512

                                    05ca1c98205e044a947afc899b2f4cdf5b345d1f2b828289e8d0200edf832d21c1a99a43566ccbcb0223a86438b6ca36f08f82de01d3ea5e4ce32c16ade89f00

                                    Download Submit

                                  • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                    Filesize

                                    151B

                                    MD5

                                    32ffb55c2a0790f78fe5f570a6a26783

                                    SHA1

                                    de08523afd0bed13f37f3ce87a40f780bef21b06

                                    SHA256

                                    dfa6a3198c445142460ddbbd6a76bf6d1517af7e41f26df1eef9e80ca783e5ab

                                    SHA512

                                    aef123c8d05d8879d3accff84946827a31d71fbaa45a08fe292a9520123dce95a609e02cb624a19a527289b1a63d42591b45d4200d20e387704e1fdcfb4eecb4

                                    Download Submit

                                  • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                    Filesize

                                    151B

                                    MD5

                                    c17a2d871d6062ccf44f50db06f4a003

                                    SHA1

                                    f7bd600706e3e5eecd6785008f3f43a8800cb6ea

                                    SHA256

                                    beb2e445fb9bdb186983d6b852a7d4d01a802f7a60684f4b0c6be0d3c70170b9

                                    SHA512

                                    2847a35d16190e8bd967ecb6d8dca5927a53bc7c8a150ac279828ffe1793ec9bb46223ebb810c9d573bbc8469c887b64da800524f59326675de76764c0f02ea4

                                    Download Submit

                                  • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                    Filesize

                                    151B

                                    MD5

                                    1da31a8ce685c7a8ab7d44c5d867bbae

                                    SHA1

                                    73e82aa7ee3cfa3eb7fe22ca78d2fb1c632c435c

                                    SHA256

                                    1e2e6d4e33928d115781647f853b6e2d4499d479c46c29bf356398b4fddc07c3

                                    SHA512

                                    f3e40f5cad259556f7112cdcb5e04773ba341150af9cd74d6f5246c319c892b0c2618b07356cbd4836ab90278235c698759cb2c8d99c5f3952d26892d627b94c

                                    Download Submit

                                  • C:\ProgramData\TEMP:0BEF6745
                                    Filesize

                                    151B

                                    MD5

                                    435c7b96cd5096764b4d4a3f1e58a02b

                                    SHA1

                                    c3f92c84befbf3092387bf88c1b74bb57000a842

                                    SHA256

                                    79e2a94b1f158da85465b2e4258423b3ea9397da5d54e2200d7898f6f93d3912

                                    SHA512

                                    db97566eb98d76753f0251a71cc2a38c882ac8d353246a3abc802ae043f61715bce384b646a0f40a55e0439708e25f709e7fdf6201c0e6b158537cc25d493d6f

                                    Download Submit

                                  • C:\ProgramData\TEMP:0BEF6745
                                    Filesize

                                    151B

                                    MD5

                                    bb2436a82411f9ebe0bd7c70e28444dc

                                    SHA1

                                    f4dc4fdb4b10f719aefc68ec61ab055c20e8b4dc

                                    SHA256

                                    2e586039a198a0acab4740f199cd0ca7fcee986c1d6dbc49aa3b64ae0f5017d5

                                    SHA512

                                    e4b76ab129ed538eea997cc1a1faaca45885ead747e1326e8e9dab7773684c5790c785d8f29d405999c8e78eb2c4c7ab6feeb8e7d4094f9fdc53e66375a06ae9

                                    Download Submit

                                  • C:\ProgramData\TEMP:0BEF6745
                                    Filesize

                                    151B

                                    MD5

                                    60d04b4d5e400ed0a2112d11e98f3f7b

                                    SHA1

                                    3265b98270eb6fdee1cef73feedbf917749bc38d

                                    SHA256

                                    575c8658a62a4e2be03591892ef15728a5feff7d8c77abb4e1195a9708cefbcf

                                    SHA512

                                    cc151c4f921a21ba48a97de183581a337b378592f7b55d11858be9cc4888e0f27a0ddb91380b7ce75f6c0e12b7706df44850451bcb6d9ee145be1a88e115f14c

                                    Download Submit

                                  • C:\ProgramData\TEMP\RAIDTest
                                    Filesize

                                    4B

                                    MD5

                                    c2f09542b6c7daf4288f3524c8cebb18

                                    SHA1

                                    9430b21baf07f0d105b9ee5fdd9f868418454517

                                    SHA256

                                    55d7808233c58f1606fff77eb382a02ed729bf5d8b2640fb313d0f7c91e970d4

                                    SHA512

                                    dcc19cfbc78b78708ce2586228424194f846d80b6d072045baaf93559d20f71e809a4eb57e7dac3b4ea109d90aeb585d0b5438dc1dd7d34054c03aa6350d6672

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    d7145ec3fa29a4f2df900d1418974538

                                    SHA1

                                    1368d579635ba1a53d7af0ed89bf0b001f149f9d

                                    SHA256

                                    efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

                                    SHA512

                                    5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    d91478312beae099b8ed57e547611ba2

                                    SHA1

                                    4b927559aedbde267a6193e3e480fb18e75c43d7

                                    SHA256

                                    df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

                                    SHA512

                                    4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                    Filesize

                                    19KB

                                    MD5

                                    d28c55e3384525eb83bfabb9c0cb8571

                                    SHA1

                                    6562ef54649230f16af013f1f6fa91696dc8bf67

                                    SHA256

                                    3bfe3fc5b567e19cbc9a356e94f03f862a48e3946c0b0146fd4fd30704778c40

                                    SHA512

                                    3676eda4403992a44cfa1adfdb7e7f971fcea6e6c75ff3b27c38af03baed0470a4ba115886f102a74e097b563f390021fd0e1680bbb25b4eb34660216df8d8fb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                    Filesize

                                    55KB

                                    MD5

                                    f0e42272d554b7b14a1195a2129429aa

                                    SHA1

                                    ec26806c20d5c86fbe2b987b843e4559e816fa7e

                                    SHA256

                                    a8b9a4aafa82b2c43a26df353a64b199797f028b18c629ff6f659615f09d9225

                                    SHA512

                                    b5c4e0f1c664e4162598f119c5a5c24fbe6e4149bb37de96aa8093023c0e0cd6207f30ffbe8c7b60c2fa124258803d643146f51ea778b259ccf066b9cc186bd6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    120B

                                    MD5

                                    0b8c86ec16603abbaa2dd58b72d878a8

                                    SHA1

                                    5eed73908fe550ae799812370372cd2cc626d35c

                                    SHA256

                                    9c8e6c82cd8f817fefb7342d3b6a6215413e6d06fe4e81edd7194e9462a95410

                                    SHA512

                                    86231cafaee13bfa1b07cd37d2d2a19d50aa49db193a0859bf4c4f253076fc295b3b14517d9febc5821c9fa1c16966cb1d0345cf86736cec8aef6028ad2a7df0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    192B

                                    MD5

                                    786237b2bd433474f9df4ca7f1ebea64

                                    SHA1

                                    e963de73547cc27ac57c4fd2a8c09a6fb73f944d

                                    SHA256

                                    031e3c8a44d6c219936862cb08e49de30b86c043b829422a9abe2be7db1b6948

                                    SHA512

                                    49516245bff00e165450e0cfdccdbb5e67630f94c8c1bb6dd721d114fe03e9e036ab56a7ce4592e0e10dd8241c6546f16a0dd9bb7da53b6e25616416a9c18f33

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    216B

                                    MD5

                                    ac679fe39b87f584b3b2cb425fece489

                                    SHA1

                                    0dce71d10253339c91f3be7ae29d0b639263d9e3

                                    SHA256

                                    8554785308c1c9134f807618636095080a7aed8072da8606ebb40304bb17e6b6

                                    SHA512

                                    b6ee87f019349ab833768509a9215b659a871dfec2d6bef6a890fe4e92aef59d90870778a0cb28149641d71893e18b685bb6edfd41f8163c50c395b9c8830992

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    192B

                                    MD5

                                    7ddc9148b5ee9eab13aae7fcd69e802a

                                    SHA1

                                    87d148b156c0ce4e5213e7f0925f3f27711405f3

                                    SHA256

                                    5030ddfb6a9157e829a5cef932d6be4d8c781099b8d26b912dfdfd1b0a97e1a7

                                    SHA512

                                    436fd9fc35fc8ad701887a8dfdff854e03b8478e1544940578c8ba9d4848a1f22fc66fa32877918a0be0e8cce498ed099aa0656e379a3b33ebd42c4c09443053

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    410B

                                    MD5

                                    3525cda7b1c36ccd8f40407cce34c1aa

                                    SHA1

                                    25817dae5555ad161979ad5afca3e2436299ec66

                                    SHA256

                                    fb9a1a33582b35753ce61abcae45463dcc9dfe0490cca1b78ab651833e170007

                                    SHA512

                                    2316bc30f911e40797539dc5268977b00c27ad587ba09a84127bc223dcc410544db11b16dfc257d2c7a8eaa68b8bc1e5f2948e8e4eff6157a240208bb4440a74

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    111B

                                    MD5

                                    285252a2f6327d41eab203dc2f402c67

                                    SHA1

                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                    SHA256

                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                    SHA512

                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    259B

                                    MD5

                                    bfc1b7f1b42536bd5edc1026466e38d3

                                    SHA1

                                    0db54413ea232513eeec176e87ccc2cf616cc370

                                    SHA256

                                    dee88487f7c48ba55df6539bb50703cfbe10da577b8f50f132a88026f77f78a6

                                    SHA512

                                    7c610a2ffbfd5927334de8614aad9395157dc35a8780b905b1588d9d4b08a8e0d9cd3ab4fcaeabe7a97fec432ab8f69f20ad65a0c55ed0104a570a5d7057e3f9

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    410B

                                    MD5

                                    4b9c218b0f16dc7fe95d8dff221838c5

                                    SHA1

                                    d5cf49c088d9167766aaf7429d5a5bb08027cf3d

                                    SHA256

                                    d2696bbd73268a3a757b519c665ab0a72028fc915cc4e30466727eefc61b77ee

                                    SHA512

                                    70be7a578a97bae39fc7825df2aa67f823abf246fc65df3115a5d189172a625ffc604d86835fb5f4f1df2573024307c9b89dd46d4bd213c3f233fb50a74973de

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    259B

                                    MD5

                                    04d89f5f49c8e9010e9fbe255d29a82b

                                    SHA1

                                    2d690df47c0f4653b72d5acf99c0774883e36a8a

                                    SHA256

                                    8e3c21ccd315536c23ee8ceb4e6c361100fec50b356f7127301aff45fb65bd82

                                    SHA512

                                    c0a8975770b0d9b317ddf86fb9a829b38ee7cb5b077dc19c1e06963490f07118bf18f56092e00641d4ef9c0cab3ab2183307e25f10e1cd7f8dcafb32c006a3a2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    4d9cdb26025cf795c0a882b07f24ed26

                                    SHA1

                                    653d4b7483841f333ca71bc27612d41d35c3d94d

                                    SHA256

                                    2becc4014fd1918939c5a62067f7d03a28e2736e806261d742984b074432a772

                                    SHA512

                                    4ed96cd58879a9b6b85a8ec15260ac1a5b3fcb5ce128b21d2dab4854a7cba68becaad94cbd16cb7af35a8e4d89c5c05f1adb86f68e6dc7a249557f632479ab37

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    c4551b7d0f872fb31430e39c63a459bf

                                    SHA1

                                    9f5ff5162040ae21603c3a272896365b70d123ab

                                    SHA256

                                    d5be311b9902f8cf4def1bd25e844513a99aee78ba7af27dcf26d799e3d5304d

                                    SHA512

                                    6a998f9e6e7a6b4fe8614ac4a4d9cb49d3c3599919feb1e2d55870e088a66a8d9a55bc4dc0f9cf9884259d55991cfdd34bcb7c1cbe5557c2b09a46a59f5d409b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    9fe7345f51b1b4c243d4a7a2bc965f86

                                    SHA1

                                    355c7ab9fb1710aea31d675cda1d78ba69321994

                                    SHA256

                                    b7efdb2ef72060661931d9789cc4b34e542ca06cd5304dc87382fc9185a79ff3

                                    SHA512

                                    453dba4a06d72d033fab6127d40d9a54dd00a2cab6ecdafce6e6ff0753ad817900945c7b850a789c7f19cba18379c84406585657c607d378aa857640f4be68bb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    c9173cc445d3aeb9a304daa20a5de076

                                    SHA1

                                    5eaaea0c423ea5d1f558e07a70f2b210af2c88e5

                                    SHA256

                                    2a8cb1d995ce4b81399853f7e3c143f8b531ad07a1374097efd16fca3997cc1a

                                    SHA512

                                    5b6d34ee6593e2a4f7171dd18e0232a366dc5a6ae31c46cf00ea4c756f35a8fbdd2bff946d24efe3f13c34976da32965144ab2b9b57c42ce1f1e680e837ce0ca

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    c5de42ff4aaec7d0cb7fc4e7974871c9

                                    SHA1

                                    90a00246e78427bfb88e66ae1450ffdf0a264c69

                                    SHA256

                                    1a62a3e5b3325246566347bcf48afe1e4df0448ac6db2aba54319d9f5ada78dd

                                    SHA512

                                    9531ba95ec4e2d97e1faccdf7d1af93fed1a5ae60859a7137ee2f7528fcfa6804f265ffd1264b8c292f0f03a430bb52adaca6fd931cc3a1ba7e3cbf6e734ca57

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    334fea8368a2382aa93739fd1b184805

                                    SHA1

                                    ef15ec1a2101142530df1a61d31c3444993030f0

                                    SHA256

                                    a3d94d4f8b8a347f2e0d5e5fd8f5681dd96172ddf9a231b21eff1491c260e6a1

                                    SHA512

                                    0011e0f5953c43cfa880030be20095534bf0b6f606af758928cb99218e87750b472d487cc3c586167e45fc307bdb2bef7ac8b0743a6622a0da0d6256a3da04c6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    27cd5c1f9092bff975ea52ba3cd09c7e

                                    SHA1

                                    3574df013e31401460b1fab4a5a6b2fe960723a9

                                    SHA256

                                    6cfb3e9d5be0f793323c063611221deb67be00906d24ab1e630d4280045be4cc

                                    SHA512

                                    d4f7260d4144dc807d7cfb4be002fbf98859639c0900509bf7cbe5603cc939cf3a34cbb02fb819254d89c4e9e528289673bd2640506214dd17c5e866fc47e6ef

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    ebeea378f1b8ea74dd32420a9741833b

                                    SHA1

                                    1068e30480d3dfa9c52c08b9fc8abdb3d171af77

                                    SHA256

                                    57992088dcb87bd9706b785ab8a38c6ac05ec95c43727d356ad667231a2ef099

                                    SHA512

                                    d2d2bade15937cb43c0b4370d8eb76ee9a9023f2a561d980df293794243f4bb15da6327fedeac2e140dc8f1f5a1d213d635b543630b3ccea6f32b5fedd5e8fef

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    da5b51885f6fa10d62d12d0539422b00

                                    SHA1

                                    fc475c86661bd9ef79563925a8047622456c3ea5

                                    SHA256

                                    6be10620a5dd07c43c0decc61800c4454c2179067f8c51da8c59d54bbaa84f22

                                    SHA512

                                    efc6a7329c8bc0b1964260639e29ffe87d52fd65885c1666a9d428caffc71d18d4b742f941a9cb84545d7f26cb85066036008c0b01040025dcee6af8cb5ac4d8

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    6367c4714525f4484838cea6af98e24e

                                    SHA1

                                    b7826c1e9daddabd7b1a87f6ec84d55ecc08d67f

                                    SHA256

                                    514693b1f2bdb737b90e8059dc0e028389c08cdf297868d933fc0d9f23444be8

                                    SHA512

                                    d7fb79ffc32dcb0f0dbcde7c84a099943e5e512b534049195103ec307728992157d7ba5bf69dee2ec754a084051800d97c89b3aa67ed004e501e24230ef9332d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    36dbdb7eeb9ef7d77185b531fd7b5c3f

                                    SHA1

                                    d015dc025d0a68033d1ddcd7438a09d873170a07

                                    SHA256

                                    8a499c5c6c17bca79773c6dc1e6ba95bdae55b6311f0c0d4f63a18bf92809000

                                    SHA512

                                    2684f39a86dd4db19bd91e38c4d21fc772ae13217b2f0fed8954e0e329fe16e2d741c6af93a50463bc720f362a54142a846c0576037a8534e1dccc23aa4b882b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    baa7aaeb461a35c71c4e02b4af175c7b

                                    SHA1

                                    12e1976015a670efc0cead2a77ea57d9ad683eeb

                                    SHA256

                                    3c20dabdfc5927b6b0453ebc033d82a2027a90561328566b8828162a8640aa4e

                                    SHA512

                                    d0f2f3189f429805cce6cd64ac936475bf767ab43ba8ad36fd6d18fa941dff7ca859537242191a56da9fd7ea99d58930b383558b9016625f1be7aa1e56eb3c38

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\10f1de6e-f475-42bf-83b7-a7fe46e8d048.down_data
                                    Filesize

                                    555KB

                                    MD5

                                    5683c0028832cae4ef93ca39c8ac5029

                                    SHA1

                                    248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                    SHA256

                                    855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                    SHA512

                                    aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\is-DOECQ.tmp\NoteGem2024-74.0.0.354.tmp
                                    Filesize

                                    1.1MB

                                    MD5

                                    34acc2bdb45a9c436181426828c4cb49

                                    SHA1

                                    5adaa1ac822e6128b8d4b59a54d19901880452ae

                                    SHA256

                                    9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

                                    SHA512

                                    134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\is-PBJ7V.tmp\_isetup\_setup64.tmp
                                    Filesize

                                    6KB

                                    MD5

                                    e4211d6d009757c078a9fac7ff4f03d4

                                    SHA1

                                    019cd56ba687d39d12d4b13991c9a42ea6ba03da

                                    SHA256

                                    388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

                                    SHA512

                                    17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Open OneNote Notebook (url).lnk
                                    Filesize

                                    1KB

                                    MD5

                                    9b35bda34fb32c36d31d53c497240393

                                    SHA1

                                    1ef15687baeff1193756daec9c0c4dcf77735331

                                    SHA256

                                    a3ef39975e4d7c3e45a1d19ab9337893efe3c9b4e7f86ca23f9bbddea3064ca3

                                    SHA512

                                    9b76927d8dc4c9423de821e33326a574abf72564d6b2782d00bf77836bcf60d2e7dfe3f8d2828719ab02a287579ec0c0f109a4076e9aeb87a3036fad3e0181ef

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\NewTemplates.xml
                                    Filesize

                                    345B

                                    MD5

                                    beca0c1aba6ad9c7be31132edd717a0f

                                    SHA1

                                    6f39ff8b5917c4a5463016bcd562f812443fb2ab

                                    SHA256

                                    98d8c1919085511a65eb30463df95f2cab13787da445225673affdd44d67f277

                                    SHA512

                                    9b8d0bbf473a993ada027cb5ed8aaf050c5cde964c41b2d93c3944c5ac8005137b70a0c82861c18ae62cca5f438344587de77431473a785a91a31549cd6eae59

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{40071DE8-A8B7-4754-9121-89CF24C68E77}.bmp
                                    Filesize

                                    51KB

                                    MD5

                                    ad926b4199af73bb8d8c2d15845e768a

                                    SHA1

                                    265a5176cc20fc62dc83eb9c74ef4ec3138452cd

                                    SHA256

                                    2c8f268b6e182ac9d406136c5e72424c3d1575c2cfc07584c8095c885a3fd7f2

                                    SHA512

                                    4310c8c47cbfcff41a2b31bd1ef4c9f2fbf60f3178fe90dc5d921c1f19c54f3ee7da4d8593364fb0a896cbd329c0219ae342bef3d2c1f9546e952acf9669b377

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{40071DE8-A8B7-4754-9121-89CF24C68E77}.xml
                                    Filesize

                                    57KB

                                    MD5

                                    b32dde0c510657c24822e4ae723f36b5

                                    SHA1

                                    4c06e273ff3c709ea015726bc8cbdd1c58ba23a8

                                    SHA256

                                    6367b79aed7fe10e0491dd443d5fe3da6e72f3578a06be2c83a640db567ec315

                                    SHA512

                                    c28886404bd96118799af239de81e590c1b95e986eec64b298a5e9cc281f3651a4294ea98b03a09e47803b46aa177330c2ca456dc511d013dc281d78527bf3f3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{573E999D-C07F-4952-BFA2-F5168C1EC51E}.bmp
                                    Filesize

                                    51KB

                                    MD5

                                    43bc15ba654a8b59b9cc715189ff2e87

                                    SHA1

                                    8e794de0bdd9fb95f6bf840aee8659819412ab90

                                    SHA256

                                    723adf2e108f9191f00b856b0167c9a1a7693edb3829c7bd1986e1daf7784b10

                                    SHA512

                                    5e5e2b35e3820e9afb5d5cfc096b187d0af724b754234d91ed054e0e90b3843a080da26c125e80da7768d19735464dd5e477d8bfb987a6b851a64a5f1fcbf91e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{573E999D-C07F-4952-BFA2-F5168C1EC51E}.xml
                                    Filesize

                                    116KB

                                    MD5

                                    c4b1ac446204c2894a767891ef943169

                                    SHA1

                                    ef4ed6436ad3959dacc1abe8d83eccf98639902e

                                    SHA256

                                    b8b757ab2062a5d016e76362e610517cbd7a07fa0c3479ee7f7e95c4405b13da

                                    SHA512

                                    e2965a6c106b447b70a097b3c2ead3d0abb87d815e787fda26a34ec6411f0ebe59b518018baca2cf81e797b8f1d0767a2e0e93e4c179f289cefbb579f1298bbc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{728B53FB-88BA-44CF-B224-2A9D457DB2A6}.bmp
                                    Filesize

                                    68KB

                                    MD5

                                    676bfdbc7c4f6064efaf32413082775a

                                    SHA1

                                    70acf683e9db3ab41f5d159d0d889b746a9f6950

                                    SHA256

                                    c0f9aaa828f5f96f83701ff3e264d6fc8c1dfc0f11f4a84cf144050e0d780ba8

                                    SHA512

                                    532a8100d1a98df6a64041027664d22f0a94eb51d491c580fcedbf9952baf6c2740db77e57814e4aa8a2bf4bf16f77bb099a0ad326477a405cffa340405029cc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{728B53FB-88BA-44CF-B224-2A9D457DB2A6}.xml
                                    Filesize

                                    30KB

                                    MD5

                                    f12eb9718f63d7d9d3727af84821ca26

                                    SHA1

                                    25b054537f8cf7d6af9fca6d17dd7a0c38b9af13

                                    SHA256

                                    8d06f11ebd9513bbd2d9508a740bde1b6bcae1fb5183e44def34243afe6494e7

                                    SHA512

                                    a609699d93d26576167524941036715d2063f4b890f75bf38b462ecb5d0a1d00dc563c8c2f49c13d823ac3f2e52c5403a46c2de028b630e6dfec5a8da86b79a7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{D523AE92-4D48-4959-8CCA-2DD450D8D360}.bmp
                                    Filesize

                                    51KB

                                    MD5

                                    3de2fdecb5dd2287c6569a6da91f8714

                                    SHA1

                                    78d3462aa89b61cd55cb85953e0d54e5aa64ebb0

                                    SHA256

                                    45bdfaefc3fecc0f2053bc379fec51de908c1503153527adb904cc6356909b2b

                                    SHA512

                                    58ddb73bbf90bd50b47ee3164def6908068e4923e6451dfd58100d5bdfdd70f57932274adfaad854001a46159a562baf87f3ae8968ef80715ea308beb08ae191

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{D523AE92-4D48-4959-8CCA-2DD450D8D360}.xml
                                    Filesize

                                    22KB

                                    MD5

                                    105fd505d62ffd993668737d1025ad51

                                    SHA1

                                    708f346da4c944a37645c5d227ddda833f1ff6f9

                                    SHA256

                                    445ff9060f0294b557e38f49622ac2303580384e7384b7f6f2547ce6b592dc92

                                    SHA512

                                    aea3448e28cb9d1f060c7efe8310b81d9803d0ccb84a8fab5da465e6938c5cb8ef251ffb7c2162bc5c9c922f5cfc43add645402f63dfa031e8e96dca8843a985

                                    Download Submit

                                  • C:\Users\Admin\Downloads\NoteGem2024.zip:Zone.Identifier
                                    Filesize

                                    26B

                                    MD5

                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                    SHA1

                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                    SHA256

                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                    SHA512

                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Unconfirmed 57635.crdownload
                                    Filesize

                                    15.7MB

                                    MD5

                                    e1bfa50b929a58da97c71d07e71f76c4

                                    SHA1

                                    c1583b654da77bf752ab51728d3bb5ba1b574728

                                    SHA256

                                    d9d29e13d29ab40d358b0685d1857b2521b77d26edd4ab7c81f7b6d9cab9e907

                                    SHA512

                                    53c838a04c5235493200ebba0c30accd2bd57ab4f231cbc2394f44f057afa29d8347e3f57649d63f8897ed46a6a88d6c724ea0bcc7c5335ba8234a09f1af6be2

                                    Download Submit

                                  • \??\pipe\LOCAL\crashpad_2712_YRPOJHEFMAJRIDTA
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit

                                  • memory/780-981-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/780-945-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/1332-867-0x0000000180000000-0x0000000180CBF000-memory.dmp

                                    Filesize

                                    12.7MB

                                    Download

                                  • memory/1332-854-0x0000000003430000-0x000000000361A000-memory.dmp

                                    Filesize

                                    1.9MB

                                    Download

                                  • memory/1332-872-0x0000000180000000-0x0000000180CBF000-memory.dmp

                                    Filesize

                                    12.7MB

                                    Download

                                  • memory/1332-869-0x0000000180000000-0x0000000180CBF000-memory.dmp

                                    Filesize

                                    12.7MB

                                    Download

                                  • memory/1332-865-0x0000000180000000-0x0000000180CBF000-memory.dmp

                                    Filesize

                                    12.7MB

                                    Download

                                  • memory/1332-868-0x0000000180000000-0x0000000180CBF000-memory.dmp

                                    Filesize

                                    12.7MB

                                    Download

                                  • memory/2336-983-0x0000000000400000-0x000000000052E000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/2336-842-0x0000000000400000-0x000000000052E000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/2336-399-0x0000000000400000-0x000000000052E000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/2496-849-0x0000000010000000-0x000000001099B000-memory.dmp

                                    Filesize

                                    9.6MB

                                    Download

                                  • memory/2496-836-0x00000000027C0000-0x00000000027CF000-memory.dmp

                                    Filesize

                                    60KB

                                    Download

                                  • memory/2496-837-0x0000000003090000-0x0000000003291000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/2496-846-0x0000000010000000-0x000000001099B000-memory.dmp

                                    Filesize

                                    9.6MB

                                    Download

                                  • memory/2496-851-0x0000000010000000-0x000000001099B000-memory.dmp

                                    Filesize

                                    9.6MB

                                    Download

                                  • memory/2496-848-0x0000000010000000-0x000000001099B000-memory.dmp

                                    Filesize

                                    9.6MB

                                    Download

                                  • memory/2900-398-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/2900-391-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/3460-900-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-889-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-907-0x0000000002B50000-0x0000000002D51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/3460-909-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-898-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-901-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-902-0x0000000002B50000-0x0000000002D51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/3460-899-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-897-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/3460-884-0x0000000002B50000-0x0000000002D51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/3460-890-0x0000000002B50000-0x0000000002D51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4032-991-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4032-1025-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4032-1054-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4032-986-0x0000000002A70000-0x0000000002C71000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4500-980-0x0000000000400000-0x000000000052E000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/4620-925-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-928-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-929-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-927-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-937-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-935-0x0000000002A50000-0x0000000002C51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4620-930-0x0000000002A50000-0x0000000002C51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4620-926-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-912-0x0000000002A50000-0x0000000002C51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4620-917-0x0000000000400000-0x00000000008B2000-memory.dmp

                                    Filesize

                                    4.7MB

                                    Download

                                  • memory/4620-916-0x0000000002A50000-0x0000000002C51000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4764-941-0x0000000000400000-0x0000000000C61000-memory.dmp

                                    Filesize

                                    8.4MB

                                    Download