Analysis

  • max time kernel
    1493s
  • max time network
    1460s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-12-2024 01:17

General

  • Target

    ep_setup.exe

  • Size

    10.6MB

  • MD5

    f164888a6fbc646b093f6af6663f4e63

  • SHA1

    3c0bb9f9a4ad9b1c521ad9fc30ec03668577c97c

  • SHA256

    8c5a3597666f418b5c857e68c9a13b7b6d037ea08a988204b572f053450add67

  • SHA512

    f1b2173962561d3051ec6b5aa2fc0260809e37e829255d95c8a085f990c18b724daff4372f646d505dabe3cc3013364d4316c2340527c75d140dbc6b5ebdeee1

  • SSDEEP

    196608:Yobw/inDWIRviYy06kRUEsyiFo2ItCC2bO+WxNtTYnepC5YbM/rN2kGBlSrnU:dw/2Bvc06kiEviXTCIKNtUnqYYA/A

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Downloads MZ/PE file
  • Stops running service(s) 4 TTPs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Loads dropped DLL 17 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ep_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\ep_setup.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Windows\system32\taskkill.exe
      "C:\Windows\system32\taskkill.exe" /f /im explorer.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4852
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" stop ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:3592
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" start ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:2704
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host.dll"
      2⤵
      • Loads dropped DLL
      PID:2776
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:1780
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4148
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4360
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe531846f8,0x7ffe53184708,0x7ffe53184718
          4⤵
            PID:1476
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
            4⤵
              PID:4844
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:116
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
              4⤵
                PID:2484
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                4⤵
                  PID:4920
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                  4⤵
                    PID:2528
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                    4⤵
                      PID:4548
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                      4⤵
                        PID:1444
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                        4⤵
                          PID:5884
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                          4⤵
                            PID:5892
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
                            4⤵
                              PID:2528
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
                              4⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                              4⤵
                                PID:2404
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                4⤵
                                  PID:2812
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
                                  4⤵
                                    PID:5780
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                                    4⤵
                                      PID:5776
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 /prefetch:8
                                      4⤵
                                        PID:5896
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:2
                                        4⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4132
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                                        4⤵
                                          PID:4508
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
                                          4⤵
                                            PID:3676
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
                                            4⤵
                                              PID:4712
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                                              4⤵
                                                PID:3392
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                                                4⤵
                                                  PID:4796
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
                                                  4⤵
                                                    PID:2108
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
                                                    4⤵
                                                      PID:4960
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
                                                      4⤵
                                                        PID:5640
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
                                                        4⤵
                                                          PID:3824
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
                                                          4⤵
                                                            PID:3588
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                                                            4⤵
                                                              PID:4004
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
                                                              4⤵
                                                                PID:4444
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
                                                                4⤵
                                                                  PID:3480
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                                                                  4⤵
                                                                    PID:1044
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6752 /prefetch:8
                                                                    4⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6084
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                                                                    4⤵
                                                                      PID:5696
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
                                                                      4⤵
                                                                        PID:2584
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
                                                                        4⤵
                                                                          PID:2616
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                                                          4⤵
                                                                            PID:4568
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
                                                                            4⤵
                                                                              PID:2660
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
                                                                              4⤵
                                                                                PID:6000
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                                                                                4⤵
                                                                                  PID:5920
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
                                                                                  4⤵
                                                                                    PID:4708
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
                                                                                    4⤵
                                                                                      PID:2292
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
                                                                                      4⤵
                                                                                        PID:660
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
                                                                                        4⤵
                                                                                          PID:4628
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
                                                                                          4⤵
                                                                                            PID:4116
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
                                                                                            4⤵
                                                                                              PID:3076
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
                                                                                              4⤵
                                                                                                PID:2268
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
                                                                                                4⤵
                                                                                                  PID:1968
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16889422822960149724,13431659446704720343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
                                                                                                  4⤵
                                                                                                    PID:4392
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                              • Loads dropped DLL
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:2812
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                              • Modifies Internet Explorer settings
                                                                                              • Modifies registry class
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:3612
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:4856
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:2332
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                                  • Loads dropped DLL
                                                                                                  • Enumerates connected drives
                                                                                                  • Checks SCSI registry key(s)
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:5428
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                  • Loads dropped DLL
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:5328
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:5596
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                                  • Loads dropped DLL
                                                                                                  • Enumerates connected drives
                                                                                                  • Checks SCSI registry key(s)
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:2396
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                  • Loads dropped DLL
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:2692
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                                  • Loads dropped DLL
                                                                                                  • Enumerates connected drives
                                                                                                  • Checks SCSI registry key(s)
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:5000
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                  • Loads dropped DLL
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:5612
                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x478 0x390
                                                                                                  1⤵
                                                                                                    PID:5968
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                                    • Loads dropped DLL
                                                                                                    • Enumerates connected drives
                                                                                                    • Checks SCSI registry key(s)
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:5080
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                    • Loads dropped DLL
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:5952
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                    • Modifies Internet Explorer settings
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:3576
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                                    • Loads dropped DLL
                                                                                                    • Enumerates connected drives
                                                                                                    • Checks SCSI registry key(s)
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:5592
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                    • Loads dropped DLL
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:3596
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                    • Modifies Internet Explorer settings
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:1704
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                                    • Loads dropped DLL
                                                                                                    • Enumerates connected drives
                                                                                                    • Checks SCSI registry key(s)
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:440
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                    • Loads dropped DLL
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:6132
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                    • Modifies Internet Explorer settings
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:5248
                                                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                                                    C:\Windows\system32\AUDIODG.EXE 0x478 0x390
                                                                                                    1⤵
                                                                                                      PID:2320

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Program Files\ExplorerPatcher\WebView2Loader.dll

                                                                                                      Filesize

                                                                                                      161KB

                                                                                                      MD5

                                                                                                      c5f0c46e91f354c58ecec864614157d7

                                                                                                      SHA1

                                                                                                      cb6f85c0b716b4fc3810deb3eb9053beb07e803c

                                                                                                      SHA256

                                                                                                      465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f

                                                                                                      SHA512

                                                                                                      287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91

                                                                                                    • C:\Program Files\ExplorerPatcher\ep_gui.dll

                                                                                                      Filesize

                                                                                                      734KB

                                                                                                      MD5

                                                                                                      81cd6d96f81b1e54aa327a4af6bcbe85

                                                                                                      SHA1

                                                                                                      b786c4bde03d1566b1b040eb8970b82f7b80a007

                                                                                                      SHA256

                                                                                                      b23bab1f5dc85c9e10145eeb32214d6cfe02fb5abcf956a37a3c9dd7e09fee67

                                                                                                      SHA512

                                                                                                      a1360b71ba11b529bd21f8c93c6ceec01c4faa9d33ca5e5fa62acb118cebf1e9e1d38ea17d236d1f8bd0d790f6b743329d41598d5a62c794b4786c14975782be

                                                                                                    • C:\Program Files\ExplorerPatcher\ep_weather_host.dll

                                                                                                      Filesize

                                                                                                      238KB

                                                                                                      MD5

                                                                                                      aac2857727cff3cd7b291f9500196f73

                                                                                                      SHA1

                                                                                                      c86eedff45b672df58885f12e7a7aee3398c618b

                                                                                                      SHA256

                                                                                                      78ed3e3676d97c337fef071b522805f4cf742587a40f96af4aa4d74fee0af88a

                                                                                                      SHA512

                                                                                                      a4c54b4221b1745fe1de6d53fcd7a528b4bacda6b2c66e02d55bd5867d118e042a35490e45b64c2d24398a9ac06e356bf10a2822f83663d52c1a28e10f0a52e5

                                                                                                    • C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll

                                                                                                      Filesize

                                                                                                      109KB

                                                                                                      MD5

                                                                                                      e477912c435db101603781dcc44289e1

                                                                                                      SHA1

                                                                                                      7b2eda1b6055e8874f37fb9b48bcc933bf69c1c3

                                                                                                      SHA256

                                                                                                      0930d2e71353a411d96dc4dfdd473dace98d1b7b9546ac4c185f8984f8b9c18b

                                                                                                      SHA512

                                                                                                      9f8089742099a789387381980ec5b493deec46bd73f39cf8fa9919be4dd772b20c70246e5e90d625011f052d5c3b2000b42c50843956d74fb85ff1b1d18eace9

                                                                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExplorerPatcher\Properties (ExplorerPatcher).lnk

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      08f72c9715ce968fa093c8ededd79a24

                                                                                                      SHA1

                                                                                                      3aca1544588f66bab3957c949aa38be69161e3b4

                                                                                                      SHA256

                                                                                                      225eb47fe2e45dd9038e1b4c64d6a3385bffcbcf0a9770ac28883048a0ef8113

                                                                                                      SHA512

                                                                                                      1235e4529f1e0a051c9a0194f4bf03ac0502dc2cd5281571df1589d22865b5d62f8de32595f3043c3b6bf123404e2beb8e743273b3ef64a32d44efdb74fe13c4

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

                                                                                                      Filesize

                                                                                                      281B

                                                                                                      MD5

                                                                                                      ee1ff93c5f7ce282cd69e9f2195563f1

                                                                                                      SHA1

                                                                                                      998a75e0334fca14280cefbab1d40f7b655af746

                                                                                                      SHA256

                                                                                                      a619c27d113dc65f023fad995e178a8ee75dc3f6c19144ae4f90d2a4a7f0321c

                                                                                                      SHA512

                                                                                                      d9be5607c28ac60f42d2ea4374e8c4b49244ed4ae9ec6d8b9b4008338c6a71a86ab30f08016f43dc2ed8e56c77dd6bff99686e2324977ec0dacb3803699fdd60

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      51fdd21be810b3fa2de1764da33b117a

                                                                                                      SHA1

                                                                                                      51a91eca16edd225eef44bf1b207c6690454d39b

                                                                                                      SHA256

                                                                                                      13f9c6fbea5e574989ecc9b76a4efc4ff3c6892017a2f4c16207ee16b3fe6df2

                                                                                                      SHA512

                                                                                                      9f9ced98366d2fa516e1db9179b6cc85eb61f3300c78f5969bfd6a1fc5f7d6950b988709caee3fa50ab296cf98d89f35405555ee518f1321c7f0a1f3960aa916

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

                                                                                                      Filesize

                                                                                                      979B

                                                                                                      MD5

                                                                                                      2410ff98d5f84911fc8229bc1caec304

                                                                                                      SHA1

                                                                                                      12e047247cfb0a2de8b25b5c48710884657e810a

                                                                                                      SHA256

                                                                                                      4de1179f902b0833405f6ef2ea46f21e3115b3d3cc5502c7ecdf63cccbcf5eb9

                                                                                                      SHA512

                                                                                                      12cb8c308f9f713d855ef2c22173795d3ecc9f1101779c35a99b1333a9ae48a8f491517c5db18314fd00ec748bc0ca70c34fa94a54d840e6ee1aef3ce451b494

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      a4460c6eb195429e2d507d1ac2a94617

                                                                                                      SHA1

                                                                                                      2ff65bd3b7e990a0621fb581c78721b55b695a69

                                                                                                      SHA256

                                                                                                      27daadc656fe8659bb78f1b9b532a4ee993e0d8fc1a670874b4154301a3c0607

                                                                                                      SHA512

                                                                                                      8ce78c09891c90982922013e80b3dad84321f4fa0ddeb7f2f2e76af2e9dace6c169bbdd4df1dc8e064939d5ad70f06081568ecebea148b4373a06081304644ed

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      b51ec1bb8e0b2545ab3f8edd052142fc

                                                                                                      SHA1

                                                                                                      2b01f53f310e9924c290b045804475401062357e

                                                                                                      SHA256

                                                                                                      3a1146c1f4bf199350370cbac825d792895128cda813fed5020df57d0935def1

                                                                                                      SHA512

                                                                                                      00341b3a3d843c8647eb9e96153db3f1792acba43fe394d9d2aee536e597ef8c492fb1e3f6616bc5aff99b106e71b2fdc335f425ac1405cd432e221fdbde5ac9

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      c776bc45c99b7007a11f27524a5637e3

                                                                                                      SHA1

                                                                                                      d41c9f87705bab776522ce534ae9bb70dfe8a567

                                                                                                      SHA256

                                                                                                      acb01938e3b78ab47bb8c9cfccd4bd37e9091ac0c3a521568711eb2941870847

                                                                                                      SHA512

                                                                                                      d3350cf478adb3431db65d76f4b872954b2ba99a40f21c4925279f5193aa1f22f72228d4e2231fcef3782292c1021dab64bac3601bc22dfbc0fb7a1354d1068f

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

                                                                                                      Filesize

                                                                                                      480B

                                                                                                      MD5

                                                                                                      14d24fc8491dfad7ffd9e4c1ced42957

                                                                                                      SHA1

                                                                                                      8413db6a3b414a4a5cc733966d5011eb73bcaaaa

                                                                                                      SHA256

                                                                                                      8bd2228d330f5068288829fe00a53e44ebde67dbb8da630b4cb007c40762c82b

                                                                                                      SHA512

                                                                                                      66f1bb760e30eba1ca81f3384facc036f19e0e9f2d441c3ca0387408dfa2cccf429bec3249532ceb3c33a242e4c18c2756befa08f9cd8abdae37564b93d1a0dd

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

                                                                                                      Filesize

                                                                                                      482B

                                                                                                      MD5

                                                                                                      747dcb6481d3f14b7839ba1b4b80489a

                                                                                                      SHA1

                                                                                                      86b74e48fdeb0bfbfb288472f53b1856f27fc3bc

                                                                                                      SHA256

                                                                                                      2bae79dba877725d95ef8ff1cfc660de36cc29da3aeb98bab505458fc2776319

                                                                                                      SHA512

                                                                                                      9b89605a3307f182b90701032aaf33d42c84906214803a46ba31b93f83213ecea1ef850f5c481049023580f0c3c62e5f528cfa234c7c6fe0a2e2cc1d82860f7c

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

                                                                                                      Filesize

                                                                                                      480B

                                                                                                      MD5

                                                                                                      953ea1df70b9913a18c43beac31955a9

                                                                                                      SHA1

                                                                                                      47a16fa8fd9ba75602c8d3569c4f9a4b4cad35bd

                                                                                                      SHA256

                                                                                                      6a9c802fd98ecd36b3ce13c73d92c092de0bdf68d5f629ae9ea2f1e57d8a4665

                                                                                                      SHA512

                                                                                                      e7cd20aac4728833614ac365f007e208ad5740b1b3a75432feaf5c5e274d3590a6141785b3ecb8a9234fb9d21507cd35b1dde2cbc49a167a4992a34a9d8ca37b

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      e78e2f9979a6c48f3dec0b711877d301

                                                                                                      SHA1

                                                                                                      591597d94af70372b5a8a62bbfa1793310ba25c7

                                                                                                      SHA256

                                                                                                      53c2ceb282cea52741a33d83723855d4a1a1f35f936d40a8d3538ad385e44f81

                                                                                                      SHA512

                                                                                                      1bfe392a4b8cc3b7be890791b22465c4c1014707708b698c2dcb1fa99444880516e054fde1866141d3d21bed0d376df9c07d2a4636ded99cde7f1f12e8c81fbd

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

                                                                                                      Filesize

                                                                                                      420B

                                                                                                      MD5

                                                                                                      f3d1fabadafb7ed1abd01d38da6d1c73

                                                                                                      SHA1

                                                                                                      ecf0e1afbf2feda75c1b85ef3e408743e31eb3df

                                                                                                      SHA256

                                                                                                      af5fc5d2b0c2a5abef480b03989a734a0f8a130ccf2967b1991e280d9c342720

                                                                                                      SHA512

                                                                                                      e0ebcc2132e008759abe8ed12aad5e719fb8a71bb22b8a55e0f9d10e61e252181c8f61d18a3b40165ac8870859b93b7904d4bc2ce564497e620c42a91175a28d

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      be6a8db2072eb600597ffadf1e5784b4

                                                                                                      SHA1

                                                                                                      2824088b4161c70c7e75419f96a0728a8fa8a40d

                                                                                                      SHA256

                                                                                                      74347692ca3d7a972d7ea100bd0bb746ef4b3eb9d25ed30453961a477dc5dd97

                                                                                                      SHA512

                                                                                                      a19d30456d615f0c7caa7cba3f4230f5a9eb801954247d2eda7834318830fab8d04fbab501424578d4e891c6aac68f7c3d3084fa2d2f1511dd134f36ca5ef7e3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      443a627d539ca4eab732bad0cbe7332b

                                                                                                      SHA1

                                                                                                      86b18b906a1acd2a22f4b2c78ac3564c394a9569

                                                                                                      SHA256

                                                                                                      1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

                                                                                                      SHA512

                                                                                                      923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      99afa4934d1e3c56bbce114b356e8a99

                                                                                                      SHA1

                                                                                                      3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

                                                                                                      SHA256

                                                                                                      08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

                                                                                                      SHA512

                                                                                                      76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36a2e346-55e8-4209-aefa-1ad4b1b13f21.tmp

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      c8b633af399d65088dca95a42075fdb5

                                                                                                      SHA1

                                                                                                      0e43278e87d490b267ccfcd9faa18b0f91d52da5

                                                                                                      SHA256

                                                                                                      7a0f13dbc938bd0cb1b4cd82740f6a6a8afc4e7d36091d40d1e85432142a094b

                                                                                                      SHA512

                                                                                                      bb591f4025a57a8fdd2678430e2b9715f98da97d058260ae5d1113e0c013d55e718e0114e9b1331334d0d81f629c12b7a3d5dac2c3e4477dbf3d4b0034662ad2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                      Filesize

                                                                                                      67KB

                                                                                                      MD5

                                                                                                      27d9344de055e50044e074ec3b54231d

                                                                                                      SHA1

                                                                                                      d07ff356acb90c9d4fa1c1e3e48188b1a2eeaf8d

                                                                                                      SHA256

                                                                                                      d5c1eb2d4d0a13aa42ee68f03218ae01f420003f64f572b77cbff7d61edff388

                                                                                                      SHA512

                                                                                                      ad045b2f4e6d58e43de1e26a1d5c0a46d912b65caed68ac4bc07f0c26223c5a9927a74ccc8956e074ee74db6e7b05415f3baa3634a714f3048278982bcddf26a

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                                      Filesize

                                                                                                      62KB

                                                                                                      MD5

                                                                                                      c813a1b87f1651d642cdcad5fca7a7d8

                                                                                                      SHA1

                                                                                                      0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                                                      SHA256

                                                                                                      df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                                                      SHA512

                                                                                                      af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                                      Filesize

                                                                                                      67KB

                                                                                                      MD5

                                                                                                      b275fa8d2d2d768231289d114f48e35f

                                                                                                      SHA1

                                                                                                      bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                                                      SHA256

                                                                                                      1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                                                      SHA512

                                                                                                      d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                                      Filesize

                                                                                                      19KB

                                                                                                      MD5

                                                                                                      2e86a72f4e82614cd4842950d2e0a716

                                                                                                      SHA1

                                                                                                      d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                      SHA256

                                                                                                      c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                      SHA512

                                                                                                      7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                                      Filesize

                                                                                                      63KB

                                                                                                      MD5

                                                                                                      226541550a51911c375216f718493f65

                                                                                                      SHA1

                                                                                                      f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                                      SHA256

                                                                                                      caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                                      SHA512

                                                                                                      2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

                                                                                                      Filesize

                                                                                                      16KB

                                                                                                      MD5

                                                                                                      4afb54dcd18c0d709ac7ea3da0e85f5a

                                                                                                      SHA1

                                                                                                      4daeee951139c510cf74be1e3ad340680d16e688

                                                                                                      SHA256

                                                                                                      0a84ffe8933125709c6a68abcffce591317fd5d9b75962cacc4cc08c7e84a72e

                                                                                                      SHA512

                                                                                                      7e67e2d21af7f4b9647a16b804d4c9cdacf46dbfcb21bd211831341978f13b69819c20a22b3f53eadca0f593b39b4b28483bd80a325f3eb42b81190d40eccfef

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

                                                                                                      Filesize

                                                                                                      108KB

                                                                                                      MD5

                                                                                                      c446c9d72aa46584b9d614ae1d784132

                                                                                                      SHA1

                                                                                                      6d594e6f47d8359da8ed247e5ddd4a9da6658f59

                                                                                                      SHA256

                                                                                                      75c3985f1191dceddca54968813058daf69dfeb2a70ce7c12660576b3c52e5d7

                                                                                                      SHA512

                                                                                                      04cc71c5ca8ebcbd98e9e341f935eabd108348138737917d08e9a083bcb44c45dab17ea470072d331ec206700ea8cef410ce92c0d3676d8f198ce95b21186798

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                                                                                      Filesize

                                                                                                      75KB

                                                                                                      MD5

                                                                                                      463a5240cb1bb8ee63024808b6e840c1

                                                                                                      SHA1

                                                                                                      649a6f7bb913eafafaa4ce97faf7d54f8e3667e1

                                                                                                      SHA256

                                                                                                      28db763f5e844531e13b60c893a63104804fc2981b22198a35ad2c94ac0110b9

                                                                                                      SHA512

                                                                                                      a4453ae79f699e7d169060c7b787a287a42ed8c6b3bceb1595b5a91b3e8b532c069ae7d8f6e6bc44e6780feb57688c55cd10f1a386b670c7620631aa92125ac9

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                                                                                      Filesize

                                                                                                      106KB

                                                                                                      MD5

                                                                                                      8789c25eaeb7ae617a11be51c5a95d6c

                                                                                                      SHA1

                                                                                                      14c85675f1d6405c8beebc87bc0fd46a90fbbd75

                                                                                                      SHA256

                                                                                                      8af9800496b14873e3c73c9637029f561ac7e0694ac1c732e204c6e8bdaa5306

                                                                                                      SHA512

                                                                                                      cdbdccbd44237ab270d71b4229d1bbbb5ec90ac5ccd3378bdfd78c2cfc117ecbdba58807f76d94acd8ed40af23fd2a9dfb2dc9e0ef054dc6cf05875fceabfb01

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

                                                                                                      Filesize

                                                                                                      20KB

                                                                                                      MD5

                                                                                                      87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                      SHA1

                                                                                                      eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                      SHA256

                                                                                                      e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                      SHA512

                                                                                                      37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

                                                                                                      Filesize

                                                                                                      198KB

                                                                                                      MD5

                                                                                                      de34d248c68459d65cd3c60548d3fd23

                                                                                                      SHA1

                                                                                                      af366c1f29f4d646ff8f07b4510592cbb4d5d447

                                                                                                      SHA256

                                                                                                      98de44c51a9abbe011c25438e993d9d363df71080114a4f11e5b90d29da623aa

                                                                                                      SHA512

                                                                                                      3cf0d3f50039eb28a540610aa16d26b6d79826c0d30892a30dff230b73adcb4a4eb1441e9f8ea0a960510d5afca67bfce09c23b0a46b110b75716f5ff2871d41

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

                                                                                                      Filesize

                                                                                                      287KB

                                                                                                      MD5

                                                                                                      1c822f39824f77d4ff681716d5b2dfad

                                                                                                      SHA1

                                                                                                      e04629dd1357c21e5432133a0f5244adc2679129

                                                                                                      SHA256

                                                                                                      07360b2d80b42f9f582fc5514f9b196d4c5793d9111fe0f1b649fd6b901717bf

                                                                                                      SHA512

                                                                                                      8b3d83adf4a84c86b4b1a4270cc9aacfab464efa6c28bf5a6b9b8a574ba1d34b38ecd3fea8b34d13a1b9405fea3eba8130590fefa84b82d48769a0c9693f518f

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

                                                                                                      Filesize

                                                                                                      3.3MB

                                                                                                      MD5

                                                                                                      d4c7398a0c73bd40871298581aab10cc

                                                                                                      SHA1

                                                                                                      ac719b1c7a7599d2acbdac3c159a0a4fbf1c7ebb

                                                                                                      SHA256

                                                                                                      1c2a57379d5a5fec0f7954915b30bf173be377c12bc39eddae93920aa64ab0ca

                                                                                                      SHA512

                                                                                                      ce34451aacebe99244b9617b0ca5d785fa69ed12ab0e5b2ab797f18d8833e9c8bcecc128cf33cdcaa7b1cebadd8b153e79ed6a25411d785a0d1a74de217d79af

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

                                                                                                      Filesize

                                                                                                      412KB

                                                                                                      MD5

                                                                                                      f59e5d13066d0be7baf13fda391e9ed2

                                                                                                      SHA1

                                                                                                      bbf43ad4bdd9e5ac4eb600830c1c5afd403e6860

                                                                                                      SHA256

                                                                                                      d9a836f55707bcfbd88ec9327b46f14c4f902dba24e9968f1a46671c60346629

                                                                                                      SHA512

                                                                                                      17344cb991f4969f8897e1165702be625cd451152d5dd8f803f2d55896b81396f582d62cddd66c19992c5f287655361dbfc9eb811335b33696f5cfad25132ca7

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

                                                                                                      Filesize

                                                                                                      38KB

                                                                                                      MD5

                                                                                                      ff5eccde83f118cea0224ebbb9dc3179

                                                                                                      SHA1

                                                                                                      0ad305614c46bdb6b7bb3445c2430e12aecee879

                                                                                                      SHA256

                                                                                                      13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

                                                                                                      SHA512

                                                                                                      03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

                                                                                                      Filesize

                                                                                                      42KB

                                                                                                      MD5

                                                                                                      281bba49537cf936d1a0df10fb719f63

                                                                                                      SHA1

                                                                                                      4085ad185c5902afd273e3e92296a4de3dc19edd

                                                                                                      SHA256

                                                                                                      b78fb569265b01789e7edd88cfe02ecb2c3fee5e1999678255f9b78a3b2cc4e8

                                                                                                      SHA512

                                                                                                      af988371db77831f76edf95a50b9ddf1e957f0230404c8307914f11211e01cc95c61e0768d55aa4347f24e856d226f7e07ac21c09880e49dbd6346d1760b8bff

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

                                                                                                      Filesize

                                                                                                      136KB

                                                                                                      MD5

                                                                                                      db985aaa3c64f10506d96d876e350d47

                                                                                                      SHA1

                                                                                                      aad4a93575e59643fed7617e2feb893dd763d801

                                                                                                      SHA256

                                                                                                      234feb9a8a2c759d00a4959506a3b9cb94c772186a2d117aed973347c7ef1891

                                                                                                      SHA512

                                                                                                      300d0d35ebb9e27d66489ffb3e5502a4dcd3af032fb0f672d4f004e3846fb795772b6938c99dafed6fad0c25da8412d6f6a7b0221eb2540e84527703db5b7073

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

                                                                                                      Filesize

                                                                                                      175KB

                                                                                                      MD5

                                                                                                      7cf1be7696bf689b97230262eade8ad8

                                                                                                      SHA1

                                                                                                      8eb128f9e3cf364c2fd380eefaa6397f245a1c82

                                                                                                      SHA256

                                                                                                      a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba

                                                                                                      SHA512

                                                                                                      7d7c7dc08001079d93ef447122dee49abd2b7a84d1619a055ff3e7ec0009261ab6add018560bfd82ed22b29c1915bfd059f02cd83fed2e15e9af05a5d0654e06

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

                                                                                                      Filesize

                                                                                                      44KB

                                                                                                      MD5

                                                                                                      d295c40af6fca08f8e0eb5425351f431

                                                                                                      SHA1

                                                                                                      1d246a1e54b3a1f2428883d8c911af73eddffca6

                                                                                                      SHA256

                                                                                                      5d225b25d66b30563a00f395476ed701130d3f749620a63531cea09fc537164e

                                                                                                      SHA512

                                                                                                      9c9f23cb775244eb10f83f964b36224ad2cd5152cfa5ab82928f68ed1cb49be4156f887cc40a857b72efd0833014e4366bf136689a717dd58828a1b195ed486e

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

                                                                                                      Filesize

                                                                                                      133KB

                                                                                                      MD5

                                                                                                      f9bf0f65660d23c6f359d22720fc55ae

                                                                                                      SHA1

                                                                                                      9fa19ab7ea56165e2138c443816c278d5752dd08

                                                                                                      SHA256

                                                                                                      426ae06cd942849ab48b84c287c760f3701b603ebcc5c9aaa4a89923ef5f058e

                                                                                                      SHA512

                                                                                                      436019a96e47848533684a34e3c360f516c29b2aa2473d0a05d50c0fd3ad19eac39df2de12b6ec1c6760493efb5abf58e6a54d32080226fa1765983435634d88

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

                                                                                                      Filesize

                                                                                                      31KB

                                                                                                      MD5

                                                                                                      3a05b53147a8c33d3727f75e21b85a02

                                                                                                      SHA1

                                                                                                      fc30ad70f91993f00dbe8009759650e15250e2c8

                                                                                                      SHA256

                                                                                                      465fc7223e46301714fceffd57aa547fa5ea67bc8b8c986039eec64972d3e521

                                                                                                      SHA512

                                                                                                      538547316f4017eee13f3a4a46860026779ba2481134a989afc7f06ef01a9d363fdb65d88fe86f649d5e2eaf0b006209936333dd4834c507d88485d9007ec1cc

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

                                                                                                      Filesize

                                                                                                      43KB

                                                                                                      MD5

                                                                                                      2ae0b0afe075428fee1da3c33ad946a5

                                                                                                      SHA1

                                                                                                      ffeb6b7be35afecbe7650326abda9cf8256f56ca

                                                                                                      SHA256

                                                                                                      4d4c88e44848a8a2df620aaca2529617820e7ea745424fa20d1af1a2a0706e51

                                                                                                      SHA512

                                                                                                      ad42cbddb8aead5c3a30f8f3e29683e714544d977c488f2e64d2813d98efb6c20d1389125892c43d6c821c1e42d41221990dfc515f3492ed52b0367ace9dfe11

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

                                                                                                      Filesize

                                                                                                      20KB

                                                                                                      MD5

                                                                                                      66f3cd31cadb165239ba789ddb2e71ec

                                                                                                      SHA1

                                                                                                      1cbc12aca37e7b5e25f4d06e49e6c87a898b47df

                                                                                                      SHA256

                                                                                                      6817dfbae770618c3c5b759dea958455b69df2c2f0fbf6c1c98e8dc236049e13

                                                                                                      SHA512

                                                                                                      9bc2775a86a54ffbf63bb2cb745e6c0961d56c6907f51ff9f5150610bbe5fb653513b6f86a750fe2ee24c6dac7b9a904a5229d8ac2e24c531cfdd08364c42398

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

                                                                                                      Filesize

                                                                                                      38KB

                                                                                                      MD5

                                                                                                      71d3e9dc2bcb8e91225ba9fab588c8f2

                                                                                                      SHA1

                                                                                                      d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8

                                                                                                      SHA256

                                                                                                      ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813

                                                                                                      SHA512

                                                                                                      deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

                                                                                                      Filesize

                                                                                                      37KB

                                                                                                      MD5

                                                                                                      3d6549bf2f38372c054eafb93fa358a9

                                                                                                      SHA1

                                                                                                      e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b

                                                                                                      SHA256

                                                                                                      8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104

                                                                                                      SHA512

                                                                                                      4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

                                                                                                      Filesize

                                                                                                      38KB

                                                                                                      MD5

                                                                                                      7f63813838e283aea62f1a68ef1732c2

                                                                                                      SHA1

                                                                                                      c855806cb7c3cc1d29546e3e6446732197e25e93

                                                                                                      SHA256

                                                                                                      440ad8b1449985479bc37265e9912bbf2bf56fe9ffd14709358a8e9c2d5f8e5b

                                                                                                      SHA512

                                                                                                      aaea9683eb6c4a24107fc0576eb68e9002adb0c58d3b2c88b3f78d833eb24cecdd9ff5c20dabe7438506a44913870a1254416e2c86ec9acbbcc545bf40ea6d48

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

                                                                                                      Filesize

                                                                                                      156KB

                                                                                                      MD5

                                                                                                      3b0d96ed8113994f3d139088726cfecd

                                                                                                      SHA1

                                                                                                      1311abcea5f1922c31ea021c4b681b94aee18b23

                                                                                                      SHA256

                                                                                                      313818d6b177a70fbe715a5142d6221ac1a1851eff5a9f6df505670ddcd73074

                                                                                                      SHA512

                                                                                                      3d78c250029069e1850b1e302a6d8a5154f6e7bc5cd58f449b8824ccf418e80dba2d5569a9cff72f51ccc9de140dc91148f93ec4717f4a880e2ba94898fbdb24

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      4059e819b042b9bab4d8944c04e574f3

                                                                                                      SHA1

                                                                                                      a9ac66b68376962dc59ee24c02c383bb67d2d27e

                                                                                                      SHA256

                                                                                                      40fd2501575108e146aae4457e96e1472e20e21184fec29536b06e2ec90cc729

                                                                                                      SHA512

                                                                                                      7d5676699446a097bd770cf3966bbcedcd37a235c18197f38177b6357fad4025e6414457a48b1a5cb84641a8a7129b565a8deee85ee6ca6a03c2e82d0aeb8d35

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      94545225bd7d091b2de9475f101c4c0f

                                                                                                      SHA1

                                                                                                      055b61f35e07594e2cb49bfb430b4276e56926d1

                                                                                                      SHA256

                                                                                                      146e96d8fbb8da521160f70e39aa7c781067ed16447d100956c46a1008d6909c

                                                                                                      SHA512

                                                                                                      63620728d20927f7f6977c19bd545a2448153b82aa53197e6dc317abb0e74300d122bb904a257cbe96764a80f9f0c4de77a506946a280b9427003c24ee153c47

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      080b38ce881557666fef9c03ac1d122b

                                                                                                      SHA1

                                                                                                      fb5795de9301dd3e8c43475c8d382ef51bfb2770

                                                                                                      SHA256

                                                                                                      a94e9d17322432084ff144123825b62d577768799142abe1e693da28aa216c45

                                                                                                      SHA512

                                                                                                      d5900dea641d5a1e503fa5704d73ebc6861ee29a3c10f5102bd758505347f11fa31e61978f37ed82e1e15cdef697ebd035f9a2879d185c3281320ebb65cbc31b

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      cf1478180c179d09a4aa95f32e60561a

                                                                                                      SHA1

                                                                                                      36072eb0874e3c88349061381768d175bd5491d9

                                                                                                      SHA256

                                                                                                      9b07a58a88c8a0c8b8bbfd9265682c49be1c2281bd3fa9bd4400ee657a91e0c4

                                                                                                      SHA512

                                                                                                      b691d17d89fc2d7d9d7c9095818164c9c28e29756cccab9cb5f44aabbbc68a2daebdf7de37556f86384348a25d4d793d1b5161964bd8b4ea2b1dc19577c51987

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      476B

                                                                                                      MD5

                                                                                                      30b939bab4b5a34e13765acd18450b1c

                                                                                                      SHA1

                                                                                                      0586008ed9f09217a6e4a93e94b32a2c02b006e4

                                                                                                      SHA256

                                                                                                      6a29ca2657625676bad6502207d68cd63e9bc77f29a387364c74f7cf42e84b5e

                                                                                                      SHA512

                                                                                                      7224ea8847c48b6bd44efd80df69861a055da8d725f37ce2e2070a3c9fe0f74ec8f5988eb296f4762527eab5d2c86d70ef3d5d5314a18f0112b1191a163a5bfd

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      6bbbcd6e39aa77e937569f09db2dc05f

                                                                                                      SHA1

                                                                                                      ca9845eb221795908464e0a0976ee7149ebe7d27

                                                                                                      SHA256

                                                                                                      59ce6a4b17c2ce79f1b2b49b7623b6d8a5e37a51492fe376215d6486ace00797

                                                                                                      SHA512

                                                                                                      020676c7d3a6d7bbb1ae7bbe65a54c3b09496ddf6a80cf4e87f9fe6afc1e553bab087a1db009c2ba09fc0d0af84aaa1b494730f9ccde797d1dee5fbe2f6b2bbf

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      13243f56a6c68abec9b09f2fee05379c

                                                                                                      SHA1

                                                                                                      98cfdb0760b8ecafcc79abc5c4d3be8f3708fc84

                                                                                                      SHA256

                                                                                                      72cf040d7e2ccd041051c18cd028d4d454ed9814e59068bcb78e0d107d44e8c4

                                                                                                      SHA512

                                                                                                      41a2ddcf7e5c46da017a9779e82aa979e3936bf0acdf47208b0fbc557dae75109bbe7260cba7102c1e42131d50935833d5ff2aa67bc3d054eef52cb2e9a49bb0

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      58d8fe3aa0c4b0c66a7cb910302d3e2b

                                                                                                      SHA1

                                                                                                      0bd006cb1954bbf475a206e60fefd8db61a3adb6

                                                                                                      SHA256

                                                                                                      2260161fbc4cb74289a06f88c9db5bb641f3a8931be8edfaf70e075ac64d5aee

                                                                                                      SHA512

                                                                                                      bf0248afc193e0b1e677bcd78ed28c0d9b68bf1327c3388c014493c45f56de428da83bfb7bf027d0ed97067e2f11dc64b63b7de480ff4a25845f0b834062aa96

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      5KB

                                                                                                      MD5

                                                                                                      b05db8e3395446fcfda6fbfc0d4ea999

                                                                                                      SHA1

                                                                                                      57d615c1edc7f837d37fabc3107db69cb3232b1a

                                                                                                      SHA256

                                                                                                      4b68b844129636de69921d2808734032931ea13f13b428607c98fd4ce11054dc

                                                                                                      SHA512

                                                                                                      641541143382a0be56625cedb410d77feeec4d6e174bb7bdac830b1a964ad0ee54e0e27dfbb563da1016e339058b3d1390a458a8f4f9a0bc83b7002aea61ceca

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      8c48e5d5e3699f8b0c3bcc7d5ace5d9f

                                                                                                      SHA1

                                                                                                      37e0f1c3a82ab7d58006a6b66e836f231ea4ad74

                                                                                                      SHA256

                                                                                                      61142c37b1876acb13b0473414dd47729b5e2c3c40cfcc569307ddf7fba52b23

                                                                                                      SHA512

                                                                                                      61d67c251b0f03e992fafadae6caeea655b19eb61f0b69df77114fb7334a1ffff650446e98192f8260b396c17915b67c7189777fa141c25f09ef92a2a1305a19

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      e53ae4b240363eceaafabbf3861679d0

                                                                                                      SHA1

                                                                                                      e2af9129975c648fb55390bbc8d39e655578dd9b

                                                                                                      SHA256

                                                                                                      fc45ca49fe8765d7d487297da6cc0b43cc14702cfbf6be1d8ad19c8af9e4171a

                                                                                                      SHA512

                                                                                                      f10ef0e8a6ef0d054b0f79d19939fe1fd47435a8a19fa174d9068c2ba80ff7351a0437cda68ca74726444722820dba1ecb4de0fe0bc841c01752b7762e78f601

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      ec0937a450e747326c1f131ec5adbecd

                                                                                                      SHA1

                                                                                                      ab715274b026a7592a2fdef80be4003196713161

                                                                                                      SHA256

                                                                                                      fe2138019952e971bd8ff11485a47f043cd17dc8c4db8a24fb6a912ec8d0fafb

                                                                                                      SHA512

                                                                                                      060c9112e3f1082cfdbef00122d82fccf215931a4abaf679e12e9762a4ddc47f65ba5af1a1f7962816db3bc1e9dc97fffe884f34cc00e85143504cffb16c1b29

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      05971705a467885f45d10bb7723e2d94

                                                                                                      SHA1

                                                                                                      4c182a61b28a277027f9bfb312418baead846606

                                                                                                      SHA256

                                                                                                      46cb140d01180c1378435d28fc6209953caa0f5d6354a03a4404e7daa5025aba

                                                                                                      SHA512

                                                                                                      6ae5336d850f2d4b12324c9215b2c0def1106fcc5f3ce66e7bb5f596b9d8d2c97537836977be4b46e8cb521e639bad825d90b92e886ac29f90e839624c4899ef

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      ef21d8aa719a581a52384742c12f561f

                                                                                                      SHA1

                                                                                                      990045d1d154a03c6d920506f9cf894f7dc458fd

                                                                                                      SHA256

                                                                                                      412dc1ab4ad7eccb7918af425a1ebaa4517083f06fb177156b4e378c490d3d31

                                                                                                      SHA512

                                                                                                      dc4ddecc84538068eab34751ddfad803a31f6d40cc286eca91157f469e57d81f733dd1eae4103b01524af1611f37370f7efdcf39351afd18ac3210928b4daf4b

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      62b951c1e16549560f818ef4766ddc63

                                                                                                      SHA1

                                                                                                      f12258f04bec1cd69a1d62bfb3184f511e429f48

                                                                                                      SHA256

                                                                                                      18411cb87ffb8335a9a97d61c49589bb2e85a358fe9afeb8ee7721bf22acd0ef

                                                                                                      SHA512

                                                                                                      8dfc004ee43c8ef3633b026a8dc4ff584ac5baeada65f0314d1fdf1dcae6c305299bead576b05309709a40e2feb67e6cd76137c5f90045a4fbd745d3e44625f3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      a54d9d1ab48445be94b17353958ec5ea

                                                                                                      SHA1

                                                                                                      9eab40519fbd1e007106ebddb3582e916ba89812

                                                                                                      SHA256

                                                                                                      4da3e16855a201551041745ebeb79cab694624de07cc0e45b58b4a90dd8a4b10

                                                                                                      SHA512

                                                                                                      67bc948a8617f772813a8e5a764890010c48d049b43697282385fdb7455ea28722c302b5e4e56d2d5928ba6b9e1a73322046e934de196c2e7998fc877d6d1f52

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      33c6817b10e3c73844d252fad95efdf2

                                                                                                      SHA1

                                                                                                      4a9b94d07be379b6e3a5b18d2dab62bf3235f274

                                                                                                      SHA256

                                                                                                      76f35d99d493119e8f67ed0be67932828323491473249215a9be9588dbb4de3c

                                                                                                      SHA512

                                                                                                      6d7e0845db79a93d48291cfbf06638efc00d52fa0778a44dd66d9b4d6eb83a71f2b9bb456c516555bd1a326dc096cfeafcd878352007e2f8828587066656a8b2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      028769880f17ff9f1afe9811f81beeb6

                                                                                                      SHA1

                                                                                                      22ccffb7f2ab5e3a6ce2698a535542f024ec0502

                                                                                                      SHA256

                                                                                                      31806054fe8721df932b125032c6c66f4482bb0d37569a9cf35b6d6287fd458c

                                                                                                      SHA512

                                                                                                      5e938346582a6cea92809e138dfc84f3888c83b76002c0bb1dbbed077d294cde98d43e4dd2f9bc834a172edd2d6af7794b398c90ee2476b74b224df10d272464

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      a025d7730db81b3f31d294b28df6e94c

                                                                                                      SHA1

                                                                                                      e77db3ad003c016e65cffcb29901c5898cdc31f1

                                                                                                      SHA256

                                                                                                      962f564090135f58788fab3d1b5f0f4dda7667ae521564106f0c59c84fec6c64

                                                                                                      SHA512

                                                                                                      6de6c1c74f100bdc83934540360df3bc5a912536dda9b105279f30f6b65e00391e5fa0353cb9105a3d8573e8f32de850ffd0027a241da7dc18aa0808c380d3dc

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bb89e.TMP

                                                                                                      Filesize

                                                                                                      536B

                                                                                                      MD5

                                                                                                      5166b070a55230f54bbd1673eafa883b

                                                                                                      SHA1

                                                                                                      c75d276221f0a3c41bfeb769ef6d7e4ec03d5550

                                                                                                      SHA256

                                                                                                      66332eef3aa550e3089f734f0d38570042d89ae3aedc4d95ae41dc28cc71fc4d

                                                                                                      SHA512

                                                                                                      00b1c18ad83f1af76b9c73d5f7f7d5f1a5f69a94de87760acc37fec4c7103caa7830eb1df719a64477405a0ccf07843e2eb07e996de0d25fc60877694a38104c

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      206702161f94c5cd39fadd03f4014d98

                                                                                                      SHA1

                                                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                      SHA256

                                                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                      SHA512

                                                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                      SHA1

                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                      SHA256

                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                      SHA512

                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      4f1b07ffd1667cfbd12636382f4319f7

                                                                                                      SHA1

                                                                                                      b6b671543a36efec8f5cb212fddb1d170d2fd544

                                                                                                      SHA256

                                                                                                      3a8bc6540c553c89f36a8160f8d0e75c0ee6fd1b53cb0ab5c3b158e0c5cb5752

                                                                                                      SHA512

                                                                                                      5c75f8b2dcdaa776a7b65dc1528fe27f1969b17489b7d8553ebf7b4f07f28341b5bb27e512cf83d96c28f907d651fcba2edfcf556770fc9a661f83ded14fd129

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      a1a5560609d1f1647a9e1f0a0e48db5c

                                                                                                      SHA1

                                                                                                      389bdca8c8f18195e9ba3051c988e3cc0475c768

                                                                                                      SHA256

                                                                                                      bfb6d5b680ddfae96a9e8d71d37e45747ee8482f61bec5fdcdac50e7e608952f

                                                                                                      SHA512

                                                                                                      00cb6da05006e48ad8b1791584f77246dd74f9189d0af56cbd61356f6f144d7d1e3885eba98ae641882e85d8324f95c2606a06164acb1afe19585b83e666b20c

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

                                                                                                      Filesize

                                                                                                      36KB

                                                                                                      MD5

                                                                                                      0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                      SHA1

                                                                                                      92495421ad887f27f53784c470884802797025ad

                                                                                                      SHA256

                                                                                                      0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                      SHA512

                                                                                                      61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

                                                                                                      Filesize

                                                                                                      36KB

                                                                                                      MD5

                                                                                                      ab0262f72142aab53d5402e6d0cb5d24

                                                                                                      SHA1

                                                                                                      eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                      SHA256

                                                                                                      20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                      SHA512

                                                                                                      bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d55c6117-2ede-4fcc-96ca-a36c86f16177}\0.0.filtertrie.intermediate.txt

                                                                                                      Filesize

                                                                                                      28KB

                                                                                                      MD5

                                                                                                      be6ef12e58b849af6e6d2dd45566391c

                                                                                                      SHA1

                                                                                                      cf4bb8668f169f6f7b5a01871cda85059d530eaa

                                                                                                      SHA256

                                                                                                      8ce500c65902092a179f1b0016fb49ece5a10b440cac6709e0af76b97c5ffc2d

                                                                                                      SHA512

                                                                                                      cb3ebbc2413d05743ed06332df9b710465f6fadd2eb42a76b1621cbc4a920f44d46090df36aacecd7ae57b205cf20d8600ad3327be28b6c571ac045027c2ec26

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d55c6117-2ede-4fcc-96ca-a36c86f16177}\0.1.filtertrie.intermediate.txt

                                                                                                      Filesize

                                                                                                      5B

                                                                                                      MD5

                                                                                                      34bd1dfb9f72cf4f86e6df6da0a9e49a

                                                                                                      SHA1

                                                                                                      5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                                                                                      SHA256

                                                                                                      8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                                                                                      SHA512

                                                                                                      e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d55c6117-2ede-4fcc-96ca-a36c86f16177}\0.2.filtertrie.intermediate.txt

                                                                                                      Filesize

                                                                                                      5B

                                                                                                      MD5

                                                                                                      c204e9faaf8565ad333828beff2d786e

                                                                                                      SHA1

                                                                                                      7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                                                                                      SHA256

                                                                                                      d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                                                                                      SHA512

                                                                                                      e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d55c6117-2ede-4fcc-96ca-a36c86f16177}\Apps.index

                                                                                                      Filesize

                                                                                                      1.0MB

                                                                                                      MD5

                                                                                                      7c4f88819cf4dee664a946bc9a0d74b6

                                                                                                      SHA1

                                                                                                      31f1116bf37eadde752a49977ff29123c0c57675

                                                                                                      SHA256

                                                                                                      694b1ee982154c5317a6780df03e1577a8868171b58f8848d2477e93dd956123

                                                                                                      SHA512

                                                                                                      86d4cd8ce360ae16f15ebd5def2fdbe039f46109dea54b5607d76740c0c774121467e130f1a12939fa40d851f42fedbd1dc51327a311cddc7b01eab212fc715a

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133781807304959797.txt

                                                                                                      Filesize

                                                                                                      75KB

                                                                                                      MD5

                                                                                                      0d60ccba5ff740388a871000fe8cb870

                                                                                                      SHA1

                                                                                                      9641d6d70f1b9ad9b988259f8cd4a7eea3e1f862

                                                                                                      SHA256

                                                                                                      a5a9698487ea59967ea87139a6078973c40be7f87a185c6cd4e1131829548261

                                                                                                      SHA512

                                                                                                      0f5d35e4d434e02328e0e9d7e881bb1a96e8c543cc22e7c080abc2aa0329ee2b7152b913dfe58f115dc99c5af017d15f16e94c7150ef428206668834a2622077

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133781807390105428.txt

                                                                                                      Filesize

                                                                                                      76KB

                                                                                                      MD5

                                                                                                      c0b11c2bf7b81432824263369d99e099

                                                                                                      SHA1

                                                                                                      5798442b783ac8f86908a841cf8725cb234b85ac

                                                                                                      SHA256

                                                                                                      25c0edcedf298e1c0d6119875a8e81ca9e1f8f77ac83b0690e7e8fdb7f9356c7

                                                                                                      SHA512

                                                                                                      25a1c8423cd1da95ae144ea334e36662c4e1e020c3239badc6318d84896a5a17a29e9cd74124ab8df7a7c8e4a8c953bae3815e866307d1caaf89a221af4c42ad

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DGTT1KLJ\microsoft.windows[1].xml

                                                                                                      Filesize

                                                                                                      97B

                                                                                                      MD5

                                                                                                      dfc314c564e6dcc3d3d7f1d2cdf01ff5

                                                                                                      SHA1

                                                                                                      53a06942171b8047e4850e459554488280da265e

                                                                                                      SHA256

                                                                                                      56b9785b0255bd668bfdb7d6f789d1e54de550d567b85e52105893b8fbb45a08

                                                                                                      SHA512

                                                                                                      48688def79fffd15cd97505f73860552d7ad5069cd741214ca13225dd69eff4111338175bcb6fc9e1ed926f4bbc11b28865ab3df33aabf8bb7b8b68a0531f5f5

                                                                                                    • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\StartUI.pdb

                                                                                                      Filesize

                                                                                                      35.4MB

                                                                                                      MD5

                                                                                                      7fa5409f40c7999b2d6df5d36631f841

                                                                                                      SHA1

                                                                                                      3c24c505de1b9900ef4ba8b13d03d0c3486a58eb

                                                                                                      SHA256

                                                                                                      37daf447f92f6d910d69fd8b9d549aa3d098dc38b374a63e83b15ca16f26504c

                                                                                                      SHA512

                                                                                                      46841811612018c0e39f7cac76094d7f48fd591cd1a0e93fe592ae85e678f7b75b1aa5a132f3fc6a49bce2f6c4ac8f9026d02dcce58ff4bacb4fca9d3ab85ac0

                                                                                                    • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb

                                                                                                      Filesize

                                                                                                      6.5MB

                                                                                                      MD5

                                                                                                      9679caa3cfd34d4b70f40f8cc2ce8b02

                                                                                                      SHA1

                                                                                                      29897f97fc3abb9a78bdac597c1edc6d6aef4369

                                                                                                      SHA256

                                                                                                      6b13e6d32f8319d05a1d7c629d2e2b686c810403c1a971892eec281d5d2d9baf

                                                                                                      SHA512

                                                                                                      d459ba49e089fd4552a9d4e749d7299310175d7a75822d87e27dbd7b4601a1b462dc089688c415392d610591bce1f82088772417e95eb649ef993baef57130cb

                                                                                                    • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb

                                                                                                      Filesize

                                                                                                      17.9MB

                                                                                                      MD5

                                                                                                      bc8958ca4f0f0760befa3523238c7d67

                                                                                                      SHA1

                                                                                                      5f75add01201e78860be47a0eb65582733e823c3

                                                                                                      SHA256

                                                                                                      589c2ff9e4ac0465a8b682d6fb988c81b4e91af9f760d174811315681d94b954

                                                                                                      SHA512

                                                                                                      3da6524215e011655c441bd6c085531ce54b81162a6bcb7412977b1f9e488ff600d1a0c6f54252c6c21b76bc8af3b6261632df8f1eccd96e385a0d552a615699

                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll

                                                                                                      Filesize

                                                                                                      699KB

                                                                                                      MD5

                                                                                                      8bfca71add96d3de75173d464792e2b9

                                                                                                      SHA1

                                                                                                      fe6bc3c30c26d6ce1c149b173b5d79c80102d5b9

                                                                                                      SHA256

                                                                                                      5aaa6bab20b7116b32bddba1df216f7476557bb48397e1968a49ede14e6c377d

                                                                                                      SHA512

                                                                                                      b560415727d15ceeb09e5d9e39ea2b4043848bf4239fbf5068aaac86f64b3d05d4e21eb197416db0fb4172c68f782c05aeae18ac70c27f80566040b6ba79159a

                                                                                                    • C:\Windows\dxgi.dll

                                                                                                      Filesize

                                                                                                      699KB

                                                                                                      MD5

                                                                                                      047b192a9c703fc5a2c2764db869ff5c

                                                                                                      SHA1

                                                                                                      8c1494acc3119fbf8332ae3b6a4f854e5b4d37cb

                                                                                                      SHA256

                                                                                                      1971c57f88849b4069be06d3784e0968755c916fa1564a3f8f05610d3b02cdcc

                                                                                                      SHA512

                                                                                                      c7f80703db23611d56618a8b1b4ffff814a9264135e3846df99120c0ffc16da9d5b37c6465ac25d61d4f6e386d36b3de640c57c460098f06778c658cc19454cc

                                                                                                    • memory/3612-68-0x0000018AFED00000-0x0000018AFEE00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3612-73-0x0000018AFFC90000-0x0000018AFFCB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3612-86-0x0000018AFFC50000-0x0000018AFFC70000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3612-101-0x0000018280060000-0x0000018280080000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3612-70-0x0000018AFED00000-0x0000018AFEE00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3612-69-0x0000018AFED00000-0x0000018AFEE00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/4148-67-0x0000000003570000-0x0000000003571000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4148-47-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-22-0x00007FFE5CE30000-0x00007FFE5D050000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/4148-27-0x00007FFE5CE30000-0x00007FFE5D050000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/4148-26-0x00007FFE5CE30000-0x00007FFE5D050000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/4148-25-0x00007FFE5CE30000-0x00007FFE5D050000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/4148-24-0x00007FFE5CE30000-0x00007FFE5D050000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/4148-32-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-33-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-44-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-49-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-55-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-54-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-50-0x00007FFE5C760000-0x00007FFE5CD86000-memory.dmp

                                                                                                      Filesize

                                                                                                      6.1MB

                                                                                                    • memory/4148-48-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-46-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-45-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-43-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-21-0x00007FFE715E0000-0x00007FFE71D1F000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.2MB

                                                                                                    • memory/4148-20-0x00007FFE715E0000-0x00007FFE71D1F000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.2MB

                                                                                                    • memory/4148-42-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-41-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-39-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-38-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-37-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-36-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-23-0x00007FFE5CE30000-0x00007FFE5D050000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/4148-29-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-34-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-40-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-28-0x00007FFE72140000-0x00007FFE722E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.6MB

                                                                                                    • memory/4148-30-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-31-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/4148-35-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-284-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-294-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-274-0x00007FFE5CED0000-0x00007FFE5D0F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/5428-273-0x00007FFE715E0000-0x00007FFE71D1F000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.2MB

                                                                                                    • memory/5428-275-0x00007FFE5CED0000-0x00007FFE5D0F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/5428-276-0x00007FFE5CED0000-0x00007FFE5D0F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/5428-277-0x00007FFE5CED0000-0x00007FFE5D0F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/5428-287-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-280-0x00007FFE72140000-0x00007FFE722E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.6MB

                                                                                                    • memory/5428-293-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-285-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-278-0x00007FFE5CED0000-0x00007FFE5D0F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/5428-289-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-286-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-281-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-291-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-288-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-290-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-272-0x00007FFE715E0000-0x00007FFE71D1F000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.2MB

                                                                                                    • memory/5428-292-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-279-0x00007FFE5CED0000-0x00007FFE5D0F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      2.1MB

                                                                                                    • memory/5428-283-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-295-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB

                                                                                                    • memory/5428-282-0x00007FF7EC7E0000-0x00007FF7ECC7D000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.6MB