Overview

overview

10

Static

static

3

NoteGem202...55.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    485s
  • max time network
    489s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    05-02-2025 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NoteGem2024-75.0.0.355.exe

  • Size

    15.7MB

  • MD5

    795a66603495602f2ee4020468326b96

  • SHA1

    1a183bac0daf37f3942c9abcfbd4a022355dcab6

  • SHA256

    55816ec85e4db476aae3d7fd6a34203a5938b9120250eb338729640dc567e220

  • SHA512

    243064a5626a6c1bcff14627a355685de0fafbd34855a886a82a024f0793b40dee5aeaecf181e3646552d4735890d5f05068133b133a4e8dc61601a20ae76b4a

  • SSDEEP

    393216:TD27MrW8LXttexTDNuKYLoz3hBEQmHFjlcYGcID4GC/L8vg7zhCQELstu5E:OQrntex3NuKuC6NmYxGo/toQELyuW

Score
10/10
banloaddefense_evasiondiscoverydownloaderdropperpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Downloads MZ/PE file 1 IoCs
  • Checks BIOS information in registry 2 TTPs 12 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 19 IoCs
  • Loads dropped DLL 38 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Checks system information in the registry 2 TTPs 8 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 7 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 21 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 7 IoCs
  • Suspicious behavior: AddClipboardFormatListener 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 49 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 35 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\NoteGem2024-75.0.0.355.exe
    "C:\Users\Admin\AppData\Local\Temp\NoteGem2024-75.0.0.355.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Users\Admin\AppData\Local\Temp\is-MQ2NL.tmp\NoteGem2024-75.0.0.355.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MQ2NL.tmp\NoteGem2024-75.0.0.355.tmp" /SL5="$502B4,15998778,121344,C:\Users\Admin\AppData\Local\Temp\NoteGem2024-75.0.0.355.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4368
      • C:\Users\Admin\AppData\Local\Temp\is-6OAR6.tmp\_isetup\_setup64.tmp
        helper 105 0x560
        3⤵
        • Executes dropped EXE
        PID:2232
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx86.dll"
        3⤵
        • Checks BIOS information in registry
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:4164
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx64.dll"
        3⤵
        • Checks BIOS information in registry
        • Loads dropped DLL
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        PID:1540
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBCODE9.OCX"
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:2928
      • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
        "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe" /Dsb2024inOther
        3⤵
        • Checks BIOS information in registry
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        PID:3484
      • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
        "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe" /AutoFix
        3⤵
        • Checks BIOS information in registry
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        PID:4336
      • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
        "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" AppendRedoFunToQAT 2016
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3152
      • C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe
        "C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe" /VERYSILENT /SP-
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:972
        • C:\Users\Admin\AppData\Local\Temp\is-3HPHV.tmp\me.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-3HPHV.tmp\me.tmp" /SL5="$602D8,287835,121344,C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe" /VERYSILENT /SP-
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          PID:3480
      • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
        "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe"
        3⤵
        • Checks BIOS information in registry
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2480
        • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
          "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" InstallDefaultAutoCorrect
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4868
        • C:\Program Files (x86)\OneNoteGem\NoteGem2024\OnlineNotebooks.exe
          "C:\Program Files (x86)\OneNoteGem\NoteGem2024\OnlineNotebooks.exe" "C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"
          4⤵
          • Executes dropped EXE
          • Checks whether UAC is enabled
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:1720
        • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
          "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" ImportDefaultAutoCorrect
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4040
        • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
          "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" InstallNewTemplates
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4116
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4152
  • C:\Windows\SysWOW64\werfault.exe
    werfault.exe /h /shared Global\7d43d46b8e574a0d85d7a2bb4d3af3ca /t 4624 /p 1720
    1⤵
      PID:1752
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4972
    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFixx64.exe
      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFixx64.exe"
      1⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      PID:4628
    • C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
      "C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3616
    • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
      "C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" DownloadUpdateInfoFile
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3284
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RevokeComplete.html
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffa3c5e46f8,0x7ffa3c5e4708,0x7ffa3c5e4718
        2⤵
          PID:1856
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
          2⤵
            PID:2320
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
            2⤵
            • Downloads MZ/PE file
            • Suspicious behavior: EnumeratesProcesses
            PID:2308
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
            2⤵
              PID:3592
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
              2⤵
                PID:5100
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
                2⤵
                  PID:4288
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                  2⤵
                    PID:4588
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                    2⤵
                      PID:4336
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                      2⤵
                        PID:3780
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                        2⤵
                          PID:4152
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                          2⤵
                            PID:1560
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
                            2⤵
                              PID:5060
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
                              2⤵
                                PID:1680
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5128
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                                2⤵
                                  PID:5140
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
                                  2⤵
                                    PID:5192
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                                    2⤵
                                      PID:5432
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
                                      2⤵
                                        PID:5604
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
                                        2⤵
                                          PID:5860
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
                                          2⤵
                                            PID:5936
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
                                            2⤵
                                              PID:4364
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                              2⤵
                                                PID:3008
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                                                2⤵
                                                  PID:5680
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
                                                  2⤵
                                                    PID:5328
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
                                                    2⤵
                                                      PID:3580
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                                                      2⤵
                                                        PID:5356
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6404 /prefetch:8
                                                        2⤵
                                                          PID:3156
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
                                                          2⤵
                                                            PID:5824
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 /prefetch:8
                                                            2⤵
                                                              PID:2924
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                                                              2⤵
                                                                PID:6032
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2836 /prefetch:8
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:6080
                                                              • C:\Users\Admin\Downloads\OfficeSetup.exe
                                                                "C:\Users\Admin\Downloads\OfficeSetup.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:3268
                                                                • C:\Users\Admin\Downloads\OfficeSetup.exe
                                                                  OfficeSetup.exe RELAUNCHED
                                                                  3⤵
                                                                  • Checks computer location settings
                                                                  • Executes dropped EXE
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:3172
                                                                  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                    OfficeClickToRun.exe platform=x64 culture=en-us productstoadd=OneNoteFreeRetail.16_en-us_x-none cdnbaseurl=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 baseurl=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version=16.0.18429.20132 mediatype=CDN sourcetype=CDN OneNoteFreeRetail.excludedapps=groove updatesenabled=False bitnessmigration=False deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown uninstallcentennial=True scenario=CLIENTUPDATE
                                                                    4⤵
                                                                    • Drops file in Program Files directory
                                                                    • Checks processor information in registry
                                                                    • Enumerates system info in registry
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:5336
                                                                  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                    OfficeClickToRun.exe platform=x64 culture=en-us productstoadd=OneNoteFreeRetail.16_en-us_x-none cdnbaseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 baseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version.16=16.0.18429.20132 mediatype.16=CDN sourcetype.16=CDN OneNoteFreeRetail.excludedapps.16=groove updatesenabled.16=False bitnessmigration=False deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown uninstallcentennial=True
                                                                    4⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Checks system information in the registry
                                                                    • Checks processor information in registry
                                                                    • Enumerates system info in registry
                                                                    • Suspicious use of FindShellTrayWindow
                                                                    • Suspicious use of SendNotifyMessage
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:1660
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
                                                                2⤵
                                                                  PID:1612
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
                                                                  2⤵
                                                                    PID:2560
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                                                    2⤵
                                                                      PID:3852
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                                                                      2⤵
                                                                        PID:3284
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11662224812890818887,4062960780348261508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6584 /prefetch:2
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5712
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:4480
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:188
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                          1⤵
                                                                            PID:3780
                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                            C:\Windows\system32\AUDIODG.EXE 0x25c 0x2d0
                                                                            1⤵
                                                                              PID:5648
                                                                            • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                              "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Checks system information in the registry
                                                                              • Drops file in System32 directory
                                                                              • Drops file in Program Files directory
                                                                              • Checks processor information in registry
                                                                              • Enumerates system info in registry
                                                                              • Modifies data under HKEY_USERS
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:4532
                                                                            • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
                                                                              "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /progressandlaunch AppTargets="root\office16\onenote.exe" ManualUpgrade=False ScenarioToTrack="Scenario:{477E0208-58BD-4F33-978A-09BCC9AA9EB1}@INSTALL"
                                                                              1⤵
                                                                              • Checks computer location settings
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Checks system information in the registry
                                                                              • Suspicious use of FindShellTrayWindow
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:1812

                                                                            Network

                                                                            MITRE ATT&CK Enterprise v15

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\ArmAccess.dll
                                                                              Filesize

                                                                              56KB

                                                                              MD5

                                                                              9a125369e4cc6ff6b8e9fd92c9c94fd4

                                                                              SHA1

                                                                              d79aa5f8c056390bdd831e513427be8b851d88a8

                                                                              SHA256

                                                                              f067e7142ee956c3e4c0c4db7a4f05055e4e259f0c99953bcc950620772cd3e7

                                                                              SHA512

                                                                              3629246c4773b8434105ddb34e08e170b0d9b2d3040c1845cf7fa4c25ed32f2f643f92c989de674f9fa353ae5a8a98c7f22a8137843af4b5c67858db715bb26c

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBARCODE.DLL
                                                                              Filesize

                                                                              49KB

                                                                              MD5

                                                                              fb7be4b265cad7aee7219ffd782d64ae

                                                                              SHA1

                                                                              8fa2197b3f3f89e2c74116a3392a4a15cb127d30

                                                                              SHA256

                                                                              e8dd70038639fd041567e588b3f81318d840953ddb6049713b71719bc35a13c5

                                                                              SHA512

                                                                              4c3f2db4a01bea89262a5c0edc1afe28c0d0931ec6fa1271ec5361028409fc87fde334a9c3ed140237d22dc7cd9908954c6fc8c2dd73c76ae246653bacc8ed70

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBCODE9.OCX
                                                                              Filesize

                                                                              127KB

                                                                              MD5

                                                                              960a73887d51ef0f768cd9bc4d297ef3

                                                                              SHA1

                                                                              a905845dc805b6b2644ed2c4f1924cf802a25da8

                                                                              SHA256

                                                                              c5526c75dbff791ec898418d270331fa27e91d6995cdf44c1f1991dddd98089e

                                                                              SHA512

                                                                              58ad04d76250b0d3f7a9c8bd0d7f2880b19b5a7600edeae527800adda147dc76c1f09c3009f0a2d66062cd4d9468f98ba63fcdb1ea763bf5e47e4fa4b2f32d38

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\msvcr100.dll
                                                                              Filesize

                                                                              750KB

                                                                              MD5

                                                                              1c3d7cd25012852e860564a0cb073e30

                                                                              SHA1

                                                                              2f9daba995479da4490e36e240aaa4a2f5654716

                                                                              SHA256

                                                                              16f61545f0e1f4c03dda10ea3666104fdb07b63bea04c40915cf2fe680fc1dc1

                                                                              SHA512

                                                                              f1ef35bb32fd8b867f73825d2a42faacf1f7c43006a65a8ac31514da4456f92a5105f55cbc376c7e4f76ceda7105001850d007a522149b78f4763576a4660e7f

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe
                                                                              Filesize

                                                                              3.1MB

                                                                              MD5

                                                                              42fb4282bac3e90bdf15aff5c45438ef

                                                                              SHA1

                                                                              55b0a13eb17128f5d100b9f9d18cd0e136665b18

                                                                              SHA256

                                                                              70ff9cf6fcf072a69b6dc3144dd240002c1b3a08987b9ff42bcdcb7112c6145e

                                                                              SHA512

                                                                              b44e40de7d18fb781e681befe557b0c02f947d4591472e19e8e3074f848162097285b8bf52995061926a8956c62c25bfc04bcf4545652969a0a96488c754fd2d

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFixx64.exe
                                                                              Filesize

                                                                              3.0MB

                                                                              MD5

                                                                              6419dc2751f212d3989a0131bf04ab1b

                                                                              SHA1

                                                                              5b9f6db9d843f118ae8ce5ed067f90d6079f358a

                                                                              SHA256

                                                                              bfaef2e37334a7f90734e0c2a9e9a515cc57ce6fd64ab9e87355241974f30ba0

                                                                              SHA512

                                                                              8af8611276fe045fd35f4511d7ded67b5d73ea21f2a4647b9306545f41187042feda46f69a7ed30795a901000c1f6714c46bd8f2d2860d9d584274385431bc88

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe
                                                                              Filesize

                                                                              8.3MB

                                                                              MD5

                                                                              e3ace15a5bfc1543be9dde65969a8803

                                                                              SHA1

                                                                              781e2ca504a0f9e7e9249e6c2131ea066a54c6b5

                                                                              SHA256

                                                                              56be8645b8c10968312a7ee9b7c665315ba80c3f0e259932470b03b9fdfe1f2e

                                                                              SHA512

                                                                              f8e976d343bde52d79fc7d772c8d4c4096b976b58696162c1aa20093a73325d88a3764e7ace32d7f37a70c0b626b38e296dc25c5dc4326a44f88b79aee86e8d4

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\Html\start.html
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              90cdb00c202ebe96da6be910167a7b57

                                                                              SHA1

                                                                              ad61c655aed803ac6ee9c321ebc064a77171502a

                                                                              SHA256

                                                                              9d4f2302fb2229a70a73ee2d6ecd74a2831829630163a46246ace53441286d07

                                                                              SHA512

                                                                              6408d1e679b717f8e2f92a4cdf0f6305007eaf6a861e2d7e5bd75ac9f1fa18a8f639c87bfe4b69e51ebadd62cd39b58979b533318238ebf5866c3b13761cb608

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx64.dll
                                                                              Filesize

                                                                              6.1MB

                                                                              MD5

                                                                              3a87dcec7b6e6aaab8a02d6405e9405b

                                                                              SHA1

                                                                              65a19fcfe726846e754da83578522b777805488a

                                                                              SHA256

                                                                              9dd5fca5d6d106ce7e8f69d2b23880653bdef4d7226cd02ea6144d2c2ec7f32c

                                                                              SHA512

                                                                              4393bc2556ec2d7a2bcc24db05caf02e3b1a6bec4719d994b534d43b4cf421b0d9addcd5836dde47e507bee9c82d28dabb0cb011f0b5e91eeb512994f9ef8ac4

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx86.dll
                                                                              Filesize

                                                                              5.1MB

                                                                              MD5

                                                                              5bca6ca1a7fdd1632b543e86c281c255

                                                                              SHA1

                                                                              8b02efaa5aca0554fa2524d6058b9d6f0063eceb

                                                                              SHA256

                                                                              fd13f09c5ae73d188b0bfbe9c9494a79696b75a9cfba0f296939f19b9be7a4b4

                                                                              SHA512

                                                                              53791901c107096d169e3572490f7b59403fdf01acbd22871c8d1c56d295b1744e37edb437fa6305889fb551e6148717a9a1884aa8705f0745b46900c04a9e8b

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\OnlineNotebooks.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              a0332e7cd75d3e2a7b3f2cee01fe9664

                                                                              SHA1

                                                                              521148c77859bddbed68a094f2e02334669711a5

                                                                              SHA256

                                                                              1c708e34377748daf1f97c89953c4ce132829f95fa91736e4970a1872cbb7783

                                                                              SHA512

                                                                              0059ec6f4b3e71ca163dd4480db6913e57e652c53653a64a01dab23f02deed9b6ed8323b0255dcafdcaf3424e12a51c63918d23d6122d8035b0f8ca0de0202db

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe
                                                                              Filesize

                                                                              668KB

                                                                              MD5

                                                                              35286eaa84cd29ffd6c8742aa7e1960c

                                                                              SHA1

                                                                              a27653829985b7bdbf29ba764fdf8f38f2bc598d

                                                                              SHA256

                                                                              8470afee1f32e3f7fdbdd1045c963e6e65cf425581060034f24c5f0dd892662f

                                                                              SHA512

                                                                              8f69ea4618ca08a1732baa9a7a1f1d5857a334c7135837aa6aa4c416224395f1618e5f5a283f5c8672480baf65ab28b48d1c179104a9bae44042a7eb6b499a2f

                                                                              Download Submit

                                                                            • C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.18429.20132\i640.hash
                                                                              Filesize

                                                                              106B

                                                                              MD5

                                                                              5e7aa36e5de1129ffe9a431863c6a397

                                                                              SHA1

                                                                              2c7b0ed262aeabbc411e518864d0103e27e27871

                                                                              SHA256

                                                                              e05fc369e2a6e603592b865f11ffb2ead3d6dfa1b4f257d11a601c4b1a9a39e5

                                                                              SHA512

                                                                              a31ed82e8a0b047d15b27d2c845f67664fa3d95a29a14a3465f0bb7f8ff2ce81b43594186b385c3845aef8495ce4d55ca8f105c2c93d0510f0adbc16ac18bd6e

                                                                              Download Submit

                                                                            • C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat
                                                                              Filesize

                                                                              30KB

                                                                              MD5

                                                                              11dfc97c37156f02c577c9c703e94cc6

                                                                              SHA1

                                                                              ec2f7480a9a0f06d6b99b5a90a40b41ade582e12

                                                                              SHA256

                                                                              2f585d618e8a4c978f80c0b5550969abfcb76565197ba2a3480f76b88c3c6f8b

                                                                              SHA512

                                                                              4ff25f9edbc2f4ebeb636b5895e1c695120e49a5b7200c61c4770b432729da06eb74f9ede231a9c9272d1971b068e2483543873422157e9997640462a9b269aa

                                                                              Download Submit

                                                                            • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                                                              Filesize

                                                                              151B

                                                                              MD5

                                                                              c045b65d7d763ec40e810450cfc3018e

                                                                              SHA1

                                                                              0a908ffe31fa15b70b7dc9de26e55a6f7ca0ade9

                                                                              SHA256

                                                                              3fa6fc44cd6d148537a5b6a5d40d2e0b86bfd86b78f3e3d15465a54fadb2fe06

                                                                              SHA512

                                                                              12ae069bb397ec4704417327d06d85e383d791385d99185b3833e39b9b43b035f867bff782f34547f58298b036a260edaba6a0bd834dfa2900b9d5de61aadf88

                                                                              Download Submit

                                                                            • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                                                              Filesize

                                                                              138B

                                                                              MD5

                                                                              fc959f0cb48578a0ffd24954e5548572

                                                                              SHA1

                                                                              2da48e07b4ad96160ec584939fe551ffaa53a755

                                                                              SHA256

                                                                              4b193ca4503fe0794c7bb42219eaa91bd45657c913525cffbe5cbf0c95bb0179

                                                                              SHA512

                                                                              449ae4822f36bdd76c6937ae164c5c2b2ca68c77b9f2dca5e10be2fa9b2ac5120113c9fae6460f6062ec61862fa45ff0075a8bfb3d0555f9aadf47e502b9a181

                                                                              Download Submit

                                                                            • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                                                              Filesize

                                                                              140B

                                                                              MD5

                                                                              32f711de9dd6d4b9eae02f93689577dc

                                                                              SHA1

                                                                              02dd557eb9b97cb0910ba7ff69fcc6aa6c2dc623

                                                                              SHA256

                                                                              e2546c794aa9925fb0b02384a9acdc10f6c4472145de071bddcd68fe3b178e22

                                                                              SHA512

                                                                              542bd1ea2f3dffe12c6aa843fe88cc80cdc8936f09268ff7308259477edd9911661ce9b02dd505e881dfe23ad724063da700946d5610e7139e92ded35d625aab

                                                                              Download Submit

                                                                            • C:\ProgramData\Licenses\07EE7A0266D9F906F.Lic
                                                                              Filesize

                                                                              140B

                                                                              MD5

                                                                              097d60c02bc93f871f36e39a3323e687

                                                                              SHA1

                                                                              33fd0c69b931456d7d49429c2ebfb03d48bc4a37

                                                                              SHA256

                                                                              6aa21c8898f0921c7f38b0efeb24cbbbd58feca4c38082f51d95b93b6e9318ce

                                                                              SHA512

                                                                              37209d702b9ac6a4f1b20e2f74065ab533509f172258e3fee994ab36e8aaf3fbb02265afa4033ada1966934e875d16f2d646438789be17cfcf3d3d85edbd1594

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\en-us.16\MasterDescriptor.en-us.xml
                                                                              Filesize

                                                                              40KB

                                                                              MD5

                                                                              431e1dffd27480401dc45f91fd9a1d01

                                                                              SHA1

                                                                              b54c1f4eb14484a1f99912f3f2f3c4b07d176615

                                                                              SHA256

                                                                              080878ce555e188b487d3f2743192649363a0b1c9c1ba37ce4b6425fcaca65d9

                                                                              SHA512

                                                                              733059e7976e4ecadaab0cc4f374be0014b60c070eb200bda49628cbe30f0302a169d50c1ed8350f084c4f719bf065943a0884de8dbb0d1d5455cbe4ad5e1bed

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\en-us.16\stream.x64.en-us.dat.cat
                                                                              Filesize

                                                                              76KB

                                                                              MD5

                                                                              10ceb6e889922e12272316380072cfca

                                                                              SHA1

                                                                              57bcab48e58542029e2e82e05a6b734e8b51fad8

                                                                              SHA256

                                                                              1c2ea199dd73791fc479c42fafed82b25605e36645eac32addbe9c6afcde7502

                                                                              SHA512

                                                                              deebf9c14033f8a7759d2337a3bc96485b82eb6abd5108303a7a1f994de26d59d6894d9d0fbafae7cf2ff04d55473be9a64059c524e0c206b202462d96854674

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\sd640.delta02.cab_extractOfficeC2R8EFD8B20-972B-4647-ABC9-4B47E9C621D8\MasterDescriptor.x-none.xml
                                                                              Filesize

                                                                              35KB

                                                                              MD5

                                                                              b053ceac487199bcd53001d94bbe5ba2

                                                                              SHA1

                                                                              caa3d12995413ba819f779abf8b34f1b28759aa7

                                                                              SHA256

                                                                              e7046c99bcda65353b6a20cb48d4c5225089c9e92ae32d26bb9da8098f3f6a12

                                                                              SHA512

                                                                              a2635db5e3091b993e6c52113432854931719ab36163c37ac491e9be022aedce2c4cf2242193cafc1502f842f66ff0753b21dfd91375bd3dc77b930604bf3f19

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\sd640.delta03.cab_extractOfficeC2R774F0286-B31B-4A1D-833C-90540D19228F\stream.x64.x-none.delta03.hash
                                                                              Filesize

                                                                              128B

                                                                              MD5

                                                                              dbdd401c88793247acc7a745565636fb

                                                                              SHA1

                                                                              4bc3589c4ba1911fa9e82443eb59f1d1eae448b9

                                                                              SHA256

                                                                              ae0ecb3d20ad51bc3cc9c5a6732cd7a2c71a0c2fcfb0d81ce11c0747ab7db1ab

                                                                              SHA512

                                                                              8cb6dd2738fc137ed4c75e5f0672b20a8006f824b3695cb305347f9c2015a88759c2ee76679c185f11b2448025ac55107ee2e44f74a7ed59d1d171d2436be9bc

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\sd640.delta03.cab_extractOfficeC2R774F0286-B31B-4A1D-833C-90540D19228F\stream.x64.x-none.delta03.man.dat
                                                                              Filesize

                                                                              23KB

                                                                              MD5

                                                                              09445ef51b67596707f6b3ec4ebea184

                                                                              SHA1

                                                                              6e5171b656ded5b5c3b89eeb58166a77f28a7423

                                                                              SHA256

                                                                              ff5aa8aec2172953bedbf8024ddfca83f88b0affa31011bd1106d4f0c7bfa873

                                                                              SHA512

                                                                              0f02f8a412eff2ec3e929a3aff39adde1e05689249a429460ec779c49665689521a06d381c3c3ccf4880126bea5c608f9999103b51e975766ad836598b782b08

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\sd641033.delta03.cab_extractOfficeC2RCDCB4EA7-DE5C-45B7-A6F2-7269CF5049F8\stream.x64.en-us.delta03.hash
                                                                              Filesize

                                                                              128B

                                                                              MD5

                                                                              1aa5818b5238e5a66a99fc0bdc59d63a

                                                                              SHA1

                                                                              f4eb0cd4b1857aeb3cd0a92d9eed530324dc12fe

                                                                              SHA256

                                                                              a1a009fb5cb62a323f9d0ca5c3be8911ae3f9464d5918c2c156616d47204b317

                                                                              SHA512

                                                                              17d96941aa2f62de1e68e51f5b13f4aa553412c21f16e45a63918445e0e9f9dfa498286ed176b7147f1e798b376d2542af30ef33217848e84d30f5c4d39bfb58

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\sd641033.delta03.cab_extractOfficeC2RCDCB4EA7-DE5C-45B7-A6F2-7269CF5049F8\stream.x64.en-us.delta03.man.dat
                                                                              Filesize

                                                                              15KB

                                                                              MD5

                                                                              fd34232283f715030d2cc29f1fae8d86

                                                                              SHA1

                                                                              2a6feda5ef1ebb387f881e4c3e0a08663f1d6bd7

                                                                              SHA256

                                                                              8235f2e817486b880264c87597d1a11a94c8aad1022ff9a17970d504bbbb4222

                                                                              SHA512

                                                                              ff406f2ab6e67b4e03b43528ca833f474420f3fc54b7afcad8591a1b46a9a5edbfd022d8eb5181865af4ee46bd3de2b297d82519e86c5ea6764e241c7b168fac

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\x-none.16\MasterDescriptor.x-none.xml
                                                                              Filesize

                                                                              40KB

                                                                              MD5

                                                                              4e49aa263ec3e9894bf72c0f3e6a8814

                                                                              SHA1

                                                                              474159d19f0249cfa5069362619d7c14bbd73667

                                                                              SHA256

                                                                              7d9ce399113a1bd43709c68c544b0d8ed98f4576ea0aca37ae02edcbb69c088c

                                                                              SHA512

                                                                              a6ba0b8e7cacadfcecfdfd0ca53882570ec9122c4c0b2ef8683612ffdd8465f3a8ca58dc178f7f5caf1ac56654571f87693d82e5c1d4f1761061e0ec6a0a8b81

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C1DA06B6-AC15-4073-94E1-9284D817221E\x-none.16\stream.x64.x-none.dat.cat
                                                                              Filesize

                                                                              735KB

                                                                              MD5

                                                                              385d89961fa8d6b39eee2809c964efb5

                                                                              SHA1

                                                                              80dbc48afac87d0bbbcbf35066b2ba7a0135a12e

                                                                              SHA256

                                                                              94dd320c4fc937b2d4c3be385a4ec4c51c4be6a4e6e684873a474be7c2550268

                                                                              SHA512

                                                                              e2aa5231693e66f307a71eb322a8d6c29f96437f143fe5973439898f923c9b640d266836d6da5f9eed80f4e6602ff6db6cba0e3b98d92005030ffb2ecc85a5c8

                                                                              Download Submit

                                                                            • C:\ProgramData\TEMP:0BEF6745
                                                                              Filesize

                                                                              138B

                                                                              MD5

                                                                              31bb3ad5c641ff947b5da4199ab734e5

                                                                              SHA1

                                                                              2beb080de78e1a315302569031eca9d6cba766ef

                                                                              SHA256

                                                                              9d332b294c259a5349a222853496274ea5729df843de5236cd9db700825386f2

                                                                              SHA512

                                                                              4e74b62cd7c38f7ec112e1413d130de19a94cbecab0611be3230d35c20ad6e84b122021f271678ce4a07f7e7f05fee71e29d6594e2bba6095b776aca19b58d9a

                                                                              Download Submit

                                                                            • C:\ProgramData\TEMP:0BEF6745
                                                                              Filesize

                                                                              140B

                                                                              MD5

                                                                              20e52b83c0f3919cd8845388ee194a19

                                                                              SHA1

                                                                              50bf7e2bf92ea7ae80546dee6432311b170b474f

                                                                              SHA256

                                                                              1659bfb0a78eca2ee12e34505298266ddf45b0695c2b04e532553dab120b3c44

                                                                              SHA512

                                                                              d733e9f0d3278a2a61730901982b9254cbe86e9c1e8ace0f28e8576c920ab252dc09146d1899a84a858f1aa0207eca731600a1b5e7e7d4411404ae1032022287

                                                                              Download Submit

                                                                            • C:\ProgramData\TEMP:0BEF6745
                                                                              Filesize

                                                                              140B

                                                                              MD5

                                                                              2a90ae5e3e13667fbf6eff12193aaec4

                                                                              SHA1

                                                                              5676421cb30a6a623bc5d67194ba62cd9772666b

                                                                              SHA256

                                                                              1d9045af345a1c769454ecaab863a8f93cb3be69c3750a075969d4f8be8d4c0c

                                                                              SHA512

                                                                              a0b461d931e312127be41c8cd4bbc1df6ad93146c4ad481ee960727d93146a69c8330be514d5cd33c242b08b21c948f4623660656031d183433e4cbedf708178

                                                                              Download Submit

                                                                            • C:\ProgramData\TEMP\RAIDTest
                                                                              Filesize

                                                                              4B

                                                                              MD5

                                                                              c2f09542b6c7daf4288f3524c8cebb18

                                                                              SHA1

                                                                              9430b21baf07f0d105b9ee5fdd9f868418454517

                                                                              SHA256

                                                                              55d7808233c58f1606fff77eb382a02ed729bf5d8b2640fb313d0f7c91e970d4

                                                                              SHA512

                                                                              dcc19cfbc78b78708ce2586228424194f846d80b6d072045baaf93559d20f71e809a4eb57e7dac3b4ea109d90aeb585d0b5438dc1dd7d34054c03aa6350d6672

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                              Filesize

                                                                              471B

                                                                              MD5

                                                                              b96d1e17c779ea7b52ea1282811b4c37

                                                                              SHA1

                                                                              e21009598add6e41155faedb53aa9795f5e0999f

                                                                              SHA256

                                                                              5d9476be3c381c2d123f66e5efbff23600fa6e6b2bcf40e0a86b7dad107810a0

                                                                              SHA512

                                                                              1350d4be110e353930a6bccc8bc6100e5febf01ba120944d823deb7f7ffb26d231e3e0e83c260424056b2d0fa502fdf415bcb0118630496abda9afecf05b7b94

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                              Filesize

                                                                              420B

                                                                              MD5

                                                                              4b1ea5e0869ee41ca70cd407a15c5174

                                                                              SHA1

                                                                              0676c1123e5305399b33850157b7268eb4089df8

                                                                              SHA256

                                                                              c7116eecc93b3d3bba095645787a96c65e4c2489045c1da865c88c6fc0950a4d

                                                                              SHA512

                                                                              cf46f19bea4a67a597f3fb0f4960b51ec28305a97f7ddf12d7671212fc242ba1591d34098df2c19fa0073cc9428f46cf26afe2d20a05c7ba894d4fcb3e0936d7

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              290f01199789bc2238b426accf194e2e

                                                                              SHA1

                                                                              bdac1ed6dbe3fc35d0fa70beac48c96ea6fa7816

                                                                              SHA256

                                                                              fdbfee81f488cf164f951e38fb1398dafc312c36f47a762601ed5bfb755fb34e

                                                                              SHA512

                                                                              95614302d8f8ac28da66724f594e5f6568a119d547477fe3cabe4374cf462b2e052aabbff6bc41c5bd80b182ae577b98e003ac9a2c23be22804a85d45b96d189

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                              Filesize

                                                                              64KB

                                                                              MD5

                                                                              d6b36c7d4b06f140f860ddc91a4c659c

                                                                              SHA1

                                                                              ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                              SHA256

                                                                              34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                              SHA512

                                                                              2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                              Filesize

                                                                              67KB

                                                                              MD5

                                                                              69df804d05f8b29a88278b7d582dd279

                                                                              SHA1

                                                                              d9560905612cf656d5dd0e741172fb4cd9c60688

                                                                              SHA256

                                                                              b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

                                                                              SHA512

                                                                              0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                              Filesize

                                                                              19KB

                                                                              MD5

                                                                              1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                              SHA1

                                                                              6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                              SHA256

                                                                              af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                              SHA512

                                                                              b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                              Filesize

                                                                              65KB

                                                                              MD5

                                                                              56d57bc655526551f217536f19195495

                                                                              SHA1

                                                                              28b430886d1220855a805d78dc5d6414aeee6995

                                                                              SHA256

                                                                              f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                              SHA512

                                                                              7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              7171e1e02d07d423ba49d53e6d69695f

                                                                              SHA1

                                                                              b799d09bcec76affd693731b3720dcc9f54c8bf5

                                                                              SHA256

                                                                              6f7c4b9bcb774a8479707ed6ca24440cebb50a6f63877dc615741904919f6c00

                                                                              SHA512

                                                                              314c6d4784801bf30552c5e44e56196f50c6c628871fee320f706d52c259facc5bd08a46e22e61cfdf9addaf1ac7ee48fe3b8ccf4c96eff699d3b4601a5f9354

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              111B

                                                                              MD5

                                                                              285252a2f6327d41eab203dc2f402c67

                                                                              SHA1

                                                                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                              SHA256

                                                                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                              SHA512

                                                                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              021f8de6b0507e09a507f1314fd98cd6

                                                                              SHA1

                                                                              b8f636232ea348ef5a361b7b5dc9f904975ec8ae

                                                                              SHA256

                                                                              9d948fe698338fdd51f3f31a1bf3000e631b70453c6e8aa58190d9d3fc822f61

                                                                              SHA512

                                                                              ed2bd465b50944fe75ac2e91fb142fac8e888ac46208f49acd6604c1ce99284c91b8f99f32168abf720fd0dcf3f1f496e829f150443fc1a48c534d0c4d39d0dd

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              c77004f7db184d710164de0c3a42ee73

                                                                              SHA1

                                                                              a8f07c0621ee455a5a10e7ca4f0014a5b9336a10

                                                                              SHA256

                                                                              768bf7096c11fc41fa584834ee32494c0aa92723612cc01abe2dcf5d731de369

                                                                              SHA512

                                                                              f53cced8e562cf50c5634dc410236638448e7228d66be49baf3422c62594127e1d0a2ce61a3270cba296ff9245be8d300f7c11d9a54baed72c6bbfbf57f5085c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              e3783de8fa2ce2ad6e625bc6afa12f33

                                                                              SHA1

                                                                              14be24a482cbed20bf8ee737e2a2e2e687e19302

                                                                              SHA256

                                                                              605f6d7da0b581a78bbf18ea07a2e3402bd4893f81b2bef05aee13ee1fdfed2e

                                                                              SHA512

                                                                              25857a7be22b1d7972b3654cb5f4d8ff5915a9a231f6ea603493ffa022c55ad155936236b2683c619baa1e07889a1be6d4c0a5db65dfc1057ce64bd9e045eb47

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              2bf0f3d4b3e6e8e0a45b66b683e36f40

                                                                              SHA1

                                                                              8cdcc1a5bef02b39c78ab1eb57d7cb1a56a68a41

                                                                              SHA256

                                                                              0171c8a5104eb78007f85e7eacda173d666dbfa4185e4dfb0146e0cdeab5a99f

                                                                              SHA512

                                                                              821aab5de08048898562d0a1a5986a17b2ce9e3899745085117a1efa99ded7663b0069fdfe9367d205d9dd2f517c8eacc5cff0e027ad905b213c1d325afe244d

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              9b9f8cceb4dfb64ec69e5205eae2f4a4

                                                                              SHA1

                                                                              054af4f119d7034d11bfcfd3e01a464c66d559da

                                                                              SHA256

                                                                              797b3fbb9d62b735e5c5ad9902d6f7aea9c8ce474b2f8d727843c00c3403f2df

                                                                              SHA512

                                                                              235770a66592c59abbf1bbfe566ec1ce6f0d4cc0d4d751c91cfa4c318be8cbcd555f2413249673e509539751612e9fb8abbe190b655fde4c0bd7d386bd785210

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              c74b16022bc3ea6a0b21e7685409062c

                                                                              SHA1

                                                                              92d31eeb925f7007fb2e00fcc4c1083701c5398e

                                                                              SHA256

                                                                              5ee1f02f6086b27ccde1ce326a8ccf5e4742c8004a0ae7afdbee62aa1b03b594

                                                                              SHA512

                                                                              931a8d99d87e14de98293d910234e745d3a0f84f711243f74b0888f3267f598dca096a66703b7b02bc662e51169c09c41593f3691978b13584d68dc45920e269

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              28d2b9bdece1410f100cf27b1d987b04

                                                                              SHA1

                                                                              2c68ce98fd7249094e0707136d091562c2710b89

                                                                              SHA256

                                                                              647645d26cdc0134b2f8b1ba5c297b669de5e212acd77f6120ba0dfb56af0711

                                                                              SHA512

                                                                              767c374980c860091a4fc0a0ea4d4ced773d9e125cebe8ac8aba7702f52484a612e71a0d59d624dee91ed134b0413e959ec90e27a62026a364c10937b9560772

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                              Filesize

                                                                              24KB

                                                                              MD5

                                                                              c040bd93c4c8ab5ab87b6b9f5c104b44

                                                                              SHA1

                                                                              e67da355193af06a0a5f073ce56a703cd0650540

                                                                              SHA256

                                                                              63cd6cb9c011e9a5742a74822956e8746c61b1ef31d78a40b87fd2b3709598fa

                                                                              SHA512

                                                                              96fdd4543bb5247e72cacf0d8bf8bbb38a0a9593aeaacbf7e642291c2a03b632c55ff2714b66e6941c9919330d539e0d4a21935d118111873c05e20108b5a320

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              7af17dbf5c68d5a91a6f2cdac21bb41c

                                                                              SHA1

                                                                              46f570eaa942eb2fe2c44a90f91e1d1adc7a86f1

                                                                              SHA256

                                                                              92b3e216ef37c0ca6b0a685efe19cb9adb6151d3e02285d308feaa1e077b1514

                                                                              SHA512

                                                                              fa571456b453897f92fd1cd2536aed4f8113dc0622ca9da1ebf6b9aa3a42f6c6876be8653df5c85b63241f2de0e2778ba106df5e027416dbdd2b05e00990d3f5

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              475b4f02f378ca35cb92998940e2ee0b

                                                                              SHA1

                                                                              b7ae18acbc96404abc60e72e8bffb9b7dc60c8a0

                                                                              SHA256

                                                                              cd648f8d603c798a40826c5471e8e9aa94978bb1dc66106b58ab488c6ad134bb

                                                                              SHA512

                                                                              2384aaafc44286d08f73f4685e8af3adf38e942e5b81458e317f140d2351f4ecf8f22144868dcc27ac52e852dd2397ae63de7b2082b5a0c8de73abc5b26da7bc

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              1ba5d4e277aac78ccaf83ccb82a15a02

                                                                              SHA1

                                                                              063dfc5c4efa5843e4bbe2e0e4ef9dd95b31c49f

                                                                              SHA256

                                                                              5d8db39529a4e07cc9d215b4bb0a94cce5f3e874b541be80d3488e6f1d992d46

                                                                              SHA512

                                                                              1b0808600980a675ffd237d727f523ba61835ca2fb96df461c9980a224f8f31a0e975863452a87d73def1e749eb6ea52b1a48fdbab352e3ee61385ef8e563abf

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a53af.TMP
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              689d82f660d06f62b6a3cfc23ff69693

                                                                              SHA1

                                                                              d8c447389ae9ab84fb2cbfeb04fa856c4536aac3

                                                                              SHA256

                                                                              dd269afaba4b0ae36bb14bdb81bfad2fcf26f45b10420917b0fa5ae95400c64d

                                                                              SHA512

                                                                              adb5f486e47d50737d1ae9c277bb41fa697f4e4f40e9424f3e6dc4e4ccbaaef76c87bec7dec24d386dcc51c5d606d66c4f9051bd17061a695e4c672c747b4369

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4601b36-eff0-4b59-a636-dedcf2d03b64.tmp
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              845c9266d8ec6b01e162f997c814b245

                                                                              SHA1

                                                                              9c36e1313cd458e6089e8f636d2ddf9a7b36a957

                                                                              SHA256

                                                                              630e8a7b062e45ed02fa3a671ddc43bd227e5531ea7fd7e442316e00386ac80a

                                                                              SHA512

                                                                              a237becd3b18d5cd94f19175051ef71c511285d394f27a1f8c52edf26fea074c951f3f46d02355bc8429840fb5c4183f62736b41d04d8b19898a0d0af3fbfde3

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                              Filesize

                                                                              16B

                                                                              MD5

                                                                              6752a1d65b201c13b62ea44016eb221f

                                                                              SHA1

                                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                              SHA256

                                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                              SHA512

                                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              c6d508942b6194ea8778899994d91648

                                                                              SHA1

                                                                              615d07be348fef6808122ed1536ba1cc1077787e

                                                                              SHA256

                                                                              9403d0480ccc50fb5bc16614b55baf6c9f3f5aa880eb919f7f117e69d90bee69

                                                                              SHA512

                                                                              3f590076f0194470e6451c7e253931daae734f89232df02338cbec86e1f627ae10374249688b987501db46b2ce69ecb0a1428e1bffc38bce818ecb3b23b7616a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              3317b45c1ee8595b4bdb6b7e67bd74f0

                                                                              SHA1

                                                                              fa95e30388d3aeaef158621d45d452e0fc6797ec

                                                                              SHA256

                                                                              a3a0c4cd48ae27c090167a000ea797e0d9e0ec4a5129172abd8d985985f6ad1d

                                                                              SHA512

                                                                              907767337935ad82d961cae997738ed8f7c4952c85110adebc9cb72e9a0742164e21cf924515b96d53013af99a373cd34d834a13a340ab80f07c9bf6eb2488c0

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              b1e49782b4e0ee2a4e82faae736b5ec0

                                                                              SHA1

                                                                              6077af7919b0e26946b86f7da8a26b6120652e49

                                                                              SHA256

                                                                              112e4c853f6f7d92edb4e73da75d64b9e5074d66da2bfda32d7e0fe666dde0e8

                                                                              SHA512

                                                                              d3d824f54b39f510d5e96a0c1a6d5627f758f006137c7bd3fc978b09af55f82b650c2952c6f6511045656cf8d03ba65c103a0c5ccebc19c965fdbce7088c4c88

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json
                                                                              Filesize

                                                                              21B

                                                                              MD5

                                                                              f1b59332b953b3c99b3c95a44249c0d2

                                                                              SHA1

                                                                              1b16a2ca32bf8481e18ff8b7365229b598908991

                                                                              SHA256

                                                                              138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

                                                                              SHA512

                                                                              3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json
                                                                              Filesize

                                                                              87B

                                                                              MD5

                                                                              e4e83f8123e9740b8aa3c3dfa77c1c04

                                                                              SHA1

                                                                              5281eae96efde7b0e16a1d977f005f0d3bd7aad0

                                                                              SHA256

                                                                              6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

                                                                              SHA512

                                                                              bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json
                                                                              Filesize

                                                                              14B

                                                                              MD5

                                                                              6ca4960355e4951c72aa5f6364e459d5

                                                                              SHA1

                                                                              2fd90b4ec32804dff7a41b6e63c8b0a40b592113

                                                                              SHA256

                                                                              88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

                                                                              SHA512

                                                                              8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C046446B-FF18-476C-A1A9-59635F68EED2
                                                                              Filesize

                                                                              177KB

                                                                              MD5

                                                                              4241fc7b21dff17581d094cfe993cb94

                                                                              SHA1

                                                                              c88d2371af76f0cf366e38c649de83f0c2a50963

                                                                              SHA256

                                                                              254a4fcfec259ab6b7002112f0ead0df559143ba7fdf036d19719be2f99c9db5

                                                                              SHA512

                                                                              1a246f353f28e9c9526bc9eb61d4887a661c55c4fb8b92edb76a5ecac9b34c10a32337111b235a4bb9a07cbc9a4c060f2868b3fc2375277ef5f685aabb4b86d4

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal
                                                                              Filesize

                                                                              8KB

                                                                              MD5

                                                                              d0a5b44bf851dc4b6c19cc805795727b

                                                                              SHA1

                                                                              64600f19fca80233b0ccff1ddc6797dea07eddb4

                                                                              SHA256

                                                                              f7f6de2e7b21d132e1196224b660c1d8c24e98b819bda5b6d49dbc2d50780a5f

                                                                              SHA512

                                                                              a217943ed526448ee76db9d00a21154161d05928d98e9ea92a78767471d32a8ff247c350b10ff46b895f72dd84a1800cf11baec4d9ef723310bb4beef6fa9f79

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              2b62e6d61b418c1ad5d7ea6ff27a9acf

                                                                              SHA1

                                                                              f475dff4c2a52437a0715ec5652a09aa9d03ace2

                                                                              SHA256

                                                                              debc6f7d03ebf891d0d40b34527717c68f17cfef389cbf75acce8c78a8aa7089

                                                                              SHA512

                                                                              2d33e8ae909ee489e52cafcba44569e01542e510240d9607e87bf1b43eee96e4dc50c55e87d0804dc2b983643a3899f67b10088e34b8c4c15c68ea9ab952598c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              f8d85621d4097c729af36ff091ac1f16

                                                                              SHA1

                                                                              80f5bfbc69c1e2a59e92eb34bde4ece4ca3828f8

                                                                              SHA256

                                                                              0b47de01cee7b1dbd6e398750a28292d7acc83e7cbf44f300cc6be5c80bd01d9

                                                                              SHA512

                                                                              6c551a098f4ef2ce0ada11d41ae9b2c63c445f4817560c12a88a184194fcae509159f238d5f89b4eee40ea966dddb94921593464feaa0ac21473c52ad9dd5413

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\OFFICE~1\i640.cab
                                                                              Filesize

                                                                              29.8MB

                                                                              MD5

                                                                              1c3d434504385832cd8baa82859d820a

                                                                              SHA1

                                                                              b4c27ddfbdc5f8bb551b4cfe143b1c297b295468

                                                                              SHA256

                                                                              ad6bb8b1a2020dbd4f92aebf1d815a0d8ec04d88f0d819ba28b6d65c5f479e2e

                                                                              SHA512

                                                                              9fef47f5873125c5825b9d93145b4aab085bc60cdd2d4336627c40d0ca360fd5165f0d4d3f6e9c5e4608dccf8c68380c0aab8946532c10c523e798e32a0ceeb0

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\OfficeC2R9FB59980-E796-44C3-8648-282375C9130F\VersionDescriptor.xml
                                                                              Filesize

                                                                              25KB

                                                                              MD5

                                                                              57ee54e0141f778aaf0940a653d812de

                                                                              SHA1

                                                                              3f310769add8d227db30c2ef29da5ec0fc7b5767

                                                                              SHA256

                                                                              14abc6aaddc7778488ae55206dacb7fa840e0e452b1c4f0f37ad245ad5c11273

                                                                              SHA512

                                                                              762248116de51586a7b5a2f92c979df7fff503e059f7678ec44f0ecd257a5fb7bdfb0560ed6e8c023c967cddbf490df3ab52a73a094436a377658d53e2928d86

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\TCD4295.tmp\sist02.xsl
                                                                              Filesize

                                                                              245KB

                                                                              MD5

                                                                              f883b260a8d67082ea895c14bf56dd56

                                                                              SHA1

                                                                              7954565c1f243d46ad3b1e2f1baf3281451fc14b

                                                                              SHA256

                                                                              ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

                                                                              SHA512

                                                                              d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\is-6OAR6.tmp\_isetup\_setup64.tmp
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              e4211d6d009757c078a9fac7ff4f03d4

                                                                              SHA1

                                                                              019cd56ba687d39d12d4b13991c9a42ea6ba03da

                                                                              SHA256

                                                                              388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

                                                                              SHA512

                                                                              17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\is-MQ2NL.tmp\NoteGem2024-75.0.0.355.tmp
                                                                              Filesize

                                                                              1.1MB

                                                                              MD5

                                                                              34acc2bdb45a9c436181426828c4cb49

                                                                              SHA1

                                                                              5adaa1ac822e6128b8d4b59a54d19901880452ae

                                                                              SHA256

                                                                              9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

                                                                              SHA512

                                                                              134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
                                                                              Filesize

                                                                              36KB

                                                                              MD5

                                                                              ab127ae7d7d4bc837e0b5bfbee289109

                                                                              SHA1

                                                                              268f2939e79966e98adb0cf58cf6ccf1649f1b71

                                                                              SHA256

                                                                              76c1f3dce87c8f47e75db4a5b56823a5152217c0a5f00e8ea99e10da80ab6303

                                                                              SHA512

                                                                              693ac63b350d6802ea6346b65f3b087230f31300eb3db4957d47e80dc3aaea2cf97b11dba452733c508a98d31c169141d101e6bd061b44f70e4124c8a8d9b244

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              fcead9cb75d49fa9d41145c03332b9d1

                                                                              SHA1

                                                                              5863fa7cd3bcaf8acc43445c8d19f833e5510674

                                                                              SHA256

                                                                              cf824112737fc02e383e6a9f61d8735f1c5a00eab16a5f59a2ac65d0c5f22b5e

                                                                              SHA512

                                                                              74d476610694d5b7d13775b6a98f0c3e07e8e68ed8402276020dc17cb4f9859e5d602e277b72899f81371ea6147e75c4297f145f5534022149daefa6517ad027

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Open OneNote Notebook (url).lnk
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              02727a623aba0520bb0cf71b32b005b9

                                                                              SHA1

                                                                              9a17390ddd3280de2234c0badd6d216c2a5170f1

                                                                              SHA256

                                                                              4b36bf38663a281a1fb9f9ea8e721c6ce70e940ad6ec003d7513032a57b52947

                                                                              SHA512

                                                                              8313b1317cc58c3bbe9808fb7bdef1670fa098d59a01fe338285f4e7aa8da66513a56a5134781b45d52beb803755d2392caecb5b50f89ce318276217cf75d3e2

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\NewTemplates.xml
                                                                              Filesize

                                                                              345B

                                                                              MD5

                                                                              beca0c1aba6ad9c7be31132edd717a0f

                                                                              SHA1

                                                                              6f39ff8b5917c4a5463016bcd562f812443fb2ab

                                                                              SHA256

                                                                              98d8c1919085511a65eb30463df95f2cab13787da445225673affdd44d67f277

                                                                              SHA512

                                                                              9b8d0bbf473a993ada027cb5ed8aaf050c5cde964c41b2d93c3944c5ac8005137b70a0c82861c18ae62cca5f438344587de77431473a785a91a31549cd6eae59

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{40071DE8-A8B7-4754-9121-89CF24C68E77}.bmp
                                                                              Filesize

                                                                              51KB

                                                                              MD5

                                                                              ad926b4199af73bb8d8c2d15845e768a

                                                                              SHA1

                                                                              265a5176cc20fc62dc83eb9c74ef4ec3138452cd

                                                                              SHA256

                                                                              2c8f268b6e182ac9d406136c5e72424c3d1575c2cfc07584c8095c885a3fd7f2

                                                                              SHA512

                                                                              4310c8c47cbfcff41a2b31bd1ef4c9f2fbf60f3178fe90dc5d921c1f19c54f3ee7da4d8593364fb0a896cbd329c0219ae342bef3d2c1f9546e952acf9669b377

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{40071DE8-A8B7-4754-9121-89CF24C68E77}.xml
                                                                              Filesize

                                                                              57KB

                                                                              MD5

                                                                              b32dde0c510657c24822e4ae723f36b5

                                                                              SHA1

                                                                              4c06e273ff3c709ea015726bc8cbdd1c58ba23a8

                                                                              SHA256

                                                                              6367b79aed7fe10e0491dd443d5fe3da6e72f3578a06be2c83a640db567ec315

                                                                              SHA512

                                                                              c28886404bd96118799af239de81e590c1b95e986eec64b298a5e9cc281f3651a4294ea98b03a09e47803b46aa177330c2ca456dc511d013dc281d78527bf3f3

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{573E999D-C07F-4952-BFA2-F5168C1EC51E}.bmp
                                                                              Filesize

                                                                              51KB

                                                                              MD5

                                                                              43bc15ba654a8b59b9cc715189ff2e87

                                                                              SHA1

                                                                              8e794de0bdd9fb95f6bf840aee8659819412ab90

                                                                              SHA256

                                                                              723adf2e108f9191f00b856b0167c9a1a7693edb3829c7bd1986e1daf7784b10

                                                                              SHA512

                                                                              5e5e2b35e3820e9afb5d5cfc096b187d0af724b754234d91ed054e0e90b3843a080da26c125e80da7768d19735464dd5e477d8bfb987a6b851a64a5f1fcbf91e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{573E999D-C07F-4952-BFA2-F5168C1EC51E}.xml
                                                                              Filesize

                                                                              116KB

                                                                              MD5

                                                                              c4b1ac446204c2894a767891ef943169

                                                                              SHA1

                                                                              ef4ed6436ad3959dacc1abe8d83eccf98639902e

                                                                              SHA256

                                                                              b8b757ab2062a5d016e76362e610517cbd7a07fa0c3479ee7f7e95c4405b13da

                                                                              SHA512

                                                                              e2965a6c106b447b70a097b3c2ead3d0abb87d815e787fda26a34ec6411f0ebe59b518018baca2cf81e797b8f1d0767a2e0e93e4c179f289cefbb579f1298bbc

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{728B53FB-88BA-44CF-B224-2A9D457DB2A6}.bmp
                                                                              Filesize

                                                                              68KB

                                                                              MD5

                                                                              676bfdbc7c4f6064efaf32413082775a

                                                                              SHA1

                                                                              70acf683e9db3ab41f5d159d0d889b746a9f6950

                                                                              SHA256

                                                                              c0f9aaa828f5f96f83701ff3e264d6fc8c1dfc0f11f4a84cf144050e0d780ba8

                                                                              SHA512

                                                                              532a8100d1a98df6a64041027664d22f0a94eb51d491c580fcedbf9952baf6c2740db77e57814e4aa8a2bf4bf16f77bb099a0ad326477a405cffa340405029cc

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{728B53FB-88BA-44CF-B224-2A9D457DB2A6}.xml
                                                                              Filesize

                                                                              30KB

                                                                              MD5

                                                                              f12eb9718f63d7d9d3727af84821ca26

                                                                              SHA1

                                                                              25b054537f8cf7d6af9fca6d17dd7a0c38b9af13

                                                                              SHA256

                                                                              8d06f11ebd9513bbd2d9508a740bde1b6bcae1fb5183e44def34243afe6494e7

                                                                              SHA512

                                                                              a609699d93d26576167524941036715d2063f4b890f75bf38b462ecb5d0a1d00dc563c8c2f49c13d823ac3f2e52c5403a46c2de028b630e6dfec5a8da86b79a7

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{D523AE92-4D48-4959-8CCA-2DD450D8D360}.bmp
                                                                              Filesize

                                                                              51KB

                                                                              MD5

                                                                              3de2fdecb5dd2287c6569a6da91f8714

                                                                              SHA1

                                                                              78d3462aa89b61cd55cb85953e0d54e5aa64ebb0

                                                                              SHA256

                                                                              45bdfaefc3fecc0f2053bc379fec51de908c1503153527adb904cc6356909b2b

                                                                              SHA512

                                                                              58ddb73bbf90bd50b47ee3164def6908068e4923e6451dfd58100d5bdfdd70f57932274adfaad854001a46159a562baf87f3ae8968ef80715ea308beb08ae191

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteGem\Templates\{D523AE92-4D48-4959-8CCA-2DD450D8D360}.xml
                                                                              Filesize

                                                                              22KB

                                                                              MD5

                                                                              105fd505d62ffd993668737d1025ad51

                                                                              SHA1

                                                                              708f346da4c944a37645c5d227ddda833f1ff6f9

                                                                              SHA256

                                                                              445ff9060f0294b557e38f49622ac2303580384e7384b7f6f2547ce6b592dc92

                                                                              SHA512

                                                                              aea3448e28cb9d1f060c7efe8310b81d9803d0ccb84a8fab5da465e6938c5cb8ef251ffb7c2162bc5c9c922f5cfc43add645402f63dfa031e8e96dca8843a985

                                                                              Download Submit

                                                                            • C:\Users\Admin\Downloads\Unconfirmed 82081.crdownload
                                                                              Filesize

                                                                              7.2MB

                                                                              MD5

                                                                              c7358b9add543f0b66fa1f82adf1bb58

                                                                              SHA1

                                                                              b77a0363b4b23985206392363be1b655532b9de3

                                                                              SHA256

                                                                              d14c4fd61edc1622cb30120c98b39ae68c73e7e01acfcfcf12db3c7297d6849c

                                                                              SHA512

                                                                              b71fb719cd1d895803b55d85ee619e636cad8bd15440496924d73d351e04eb8f8df75cc47abcdc76f109f737ab33d9d298c4a854762b77bc8948ac4d2f27a9fe

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\d640.cab
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              8c1784ad31ddf05a7cc5a91440f27e6c

                                                                              SHA1

                                                                              f2bfdc1ef722bdca81a89a6ea7d33a83672d741b

                                                                              SHA256

                                                                              f279e2dd7e79c8ecb175fe80d77a2d86d3990186a5a97f7f0a5e2634457106bf

                                                                              SHA512

                                                                              3b8284f21197630275b5654a91104106b250efa3cfe07aa4bc18172975121c66e2e27571dd212a5013ed9efc4775c53dddf61398a293bf3ae9a4dd6307735134

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\d641033.cab
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              8029d1fe252263a466d3684c57979b62

                                                                              SHA1

                                                                              815abc131152b225b36577f2388692194c071f46

                                                                              SHA256

                                                                              34721a10c0ad376ea9c00747811150278810dbfd7e0a50813d7df4b1e0a68d10

                                                                              SHA512

                                                                              e020e2938b3dfa6a2dbcef208fa3fd75cb68a99a29575c134f710dd50059ccc58843287383f2c0c0d02abf462693781c33050f9a3a52c471b0fe6792fb894543

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\s640.cab
                                                                              Filesize

                                                                              2.8MB

                                                                              MD5

                                                                              00c3fa822ba57203b26d09284ac89bf0

                                                                              SHA1

                                                                              0254a41db1dd8e1b13f13d6b7ad1493c9a7ee5c8

                                                                              SHA256

                                                                              a4feef91fc6ec1bfa92655473a52020eb73163a7cdba7657a83b89eea1432bab

                                                                              SHA512

                                                                              ab5100cbf60c55f9fbf1698a5226910c28944b8f266c0acf856f8be780c20e5b91257f70792f31c6b2c690f8ab43a4b03c7fc467d8ca0deffd3170b2a1088300

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\s641033.cab
                                                                              Filesize

                                                                              531KB

                                                                              MD5

                                                                              4bea369afb771cbff3f67964495543aa

                                                                              SHA1

                                                                              1922a7fc4d87c3515f2d36b9d4e6dda0c3a353ab

                                                                              SHA256

                                                                              e98b02639e56d5018f6ce2e3f92ad6952050246cb85620dfc153ec5fb7ae23b2

                                                                              SHA512

                                                                              61532c165549100929e6179c3061098795999f21b9dfc18021c00717ee084d1496171faf56191325b803b3d9c544ab6162d627c9e4ba3f37ae871b5c053b934c

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd640.delta00.cab
                                                                              Filesize

                                                                              2.3MB

                                                                              MD5

                                                                              44c951a8ed151c57d9d678d5913db005

                                                                              SHA1

                                                                              8accc0b55e2cc2165e996f1ec9e4340d739980ec

                                                                              SHA256

                                                                              89431983a704027cbf7b6eca502882f42dd4f70269498da5a465e57ce2b96070

                                                                              SHA512

                                                                              eb846780d29df97afcc601cb35bea386896e45c34498381682ce26e553ad452ab3797bad7722e23f09716ef5ba974fa0fc15824ae5bda8c6ab4c7154a260816a

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd640.delta01.cab
                                                                              Filesize

                                                                              34KB

                                                                              MD5

                                                                              22e42d69f69d4fc45e753b3c8250d9e8

                                                                              SHA1

                                                                              7c3fb0afabf3c4ad73f91f113636dcee4a25b305

                                                                              SHA256

                                                                              19bc1510eac123f3e453d3408d2cb4587347358354babac3f1ffdc33aecf5fbb

                                                                              SHA512

                                                                              3459445f47686b5e47189a3d09ffe7612f18a4afc31ee6aebb614737cd6e75273fe24b995eff79d599268c80e65fe06bd96ded27285a5c30cc50a0e5ddbcef35

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd640.delta02.cab
                                                                              Filesize

                                                                              34KB

                                                                              MD5

                                                                              da31a593a6a3dbc2efde09803d349d8d

                                                                              SHA1

                                                                              58b0d405b6a06c7107bb3ca3cad732736f7f25ad

                                                                              SHA256

                                                                              d59d82815624508715ded588d4dd385556291a924967f182bef7fae64366d2eb

                                                                              SHA512

                                                                              da7377bd0408a650c6860d3627e3b694decb4dda95695e18df53ccda610d2005d3c824b061dacdd87d6cd6a38dee9ee82ed41ba2ccca15cc13044f78c9ecc67d

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd640.delta03.cab
                                                                              Filesize

                                                                              34KB

                                                                              MD5

                                                                              1a5d783276517b157491ebefddc612f7

                                                                              SHA1

                                                                              79520f0af5b1289bc3c9eb67662afb88ff07775e

                                                                              SHA256

                                                                              850615b50741b15ab874d303e50dd0cb1c3cf5fa18e35361554fdc9574a9e066

                                                                              SHA512

                                                                              17825c978c8b6b17a28393edf1c7fc7d2f31daec8fcfb382f24f71f4de39f52809a6631b2e2abaf4d040a6cc951cb10c7b7d09582760c9d982dcf24037e69d21

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd641033.delta00.cab
                                                                              Filesize

                                                                              278KB

                                                                              MD5

                                                                              c11f4bf1773eed7d5d5cc695e6b5a7ef

                                                                              SHA1

                                                                              27b4903b3e9593beda8096a8ac61c5a1279c4095

                                                                              SHA256

                                                                              3a6da2bd83b8d50f6389786e52d2f4fd25da25a525dfcba3a441ca70d4741acb

                                                                              SHA512

                                                                              f8f9d2db35230d0a4580987c02082e410f3bb1d5ce6fb8136ac2cd9e23e1ed24c80dbe02d11298ef019bd0950b3567f6cff06a9a1d1d463e34ad65dfc8ede082

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd641033.delta01.cab
                                                                              Filesize

                                                                              30KB

                                                                              MD5

                                                                              8a0455821b4478ce9a0cf0a8956cfa8f

                                                                              SHA1

                                                                              7c7d140a8367e2a37a65b20394953cf0e0b16d24

                                                                              SHA256

                                                                              a492803f6e9faebd07bfc01451124d83a557d8ca143e5e02ed8fc0f33a5e95e6

                                                                              SHA512

                                                                              b17531e60928d45831ee7c7aa5d2489a8077c15e584ac335d4e3eb9d24b5b5fc1cc153d0a5302745eacc2d3a7ac3c9a37d34a29e88ca12aad5ea8827d1ec2a9d

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd641033.delta02.cab
                                                                              Filesize

                                                                              30KB

                                                                              MD5

                                                                              fb53d1088600ab464b3074a38e9f4558

                                                                              SHA1

                                                                              0ac8b076fc2dbda36247b91d556be97fa5c73e83

                                                                              SHA256

                                                                              aaf40f33031d64ea8012d953df6c1813018bf43ab5d2023bd6bb4100204a956c

                                                                              SHA512

                                                                              28280a52c3f649fcad2375f99610ed696f31a1baf9aefc92ddb2a71f317417f8ef94b67bffcc264a31ffce8d342a36e3e72a262ca8181d5e8f2b8bfed83444d3

                                                                              Download Submit

                                                                            • C:\Windows\Temp\OFFICE~1\sd641033.delta03.cab
                                                                              Filesize

                                                                              30KB

                                                                              MD5

                                                                              380a90492d64e155438b7c77fb9aad84

                                                                              SHA1

                                                                              4369eeaae10d60b85d2453d99061551eb5275127

                                                                              SHA256

                                                                              32ce00714bfd183a171857119ddbf45b281aa38048c88b072f26c8f0c5e40a11

                                                                              SHA512

                                                                              198c125f15324ac9f2b2b16031092770106de290895661f38272590ddc63f36f206b5400800a887be0a6e7110d3372aac48ea16b684f8eb90e2b4d916bb8e954

                                                                              Download Submit

                                                                            • memory/972-591-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                              Filesize

                                                                              160KB

                                                                              Download

                                                                            • memory/972-554-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                              Filesize

                                                                              160KB

                                                                              Download

                                                                            • memory/1540-477-0x0000000180000000-0x0000000180CC2000-memory.dmp

                                                                              Filesize

                                                                              12.8MB

                                                                              Download

                                                                            • memory/1540-481-0x0000000180000000-0x0000000180CC2000-memory.dmp

                                                                              Filesize

                                                                              12.8MB

                                                                              Download

                                                                            • memory/1540-478-0x0000000180000000-0x0000000180CC2000-memory.dmp

                                                                              Filesize

                                                                              12.8MB

                                                                              Download

                                                                            • memory/1540-463-0x00000000030E0000-0x00000000032CA000-memory.dmp

                                                                              Filesize

                                                                              1.9MB

                                                                              Download

                                                                            • memory/1540-474-0x0000000180000000-0x0000000180CC2000-memory.dmp

                                                                              Filesize

                                                                              12.8MB

                                                                              Download

                                                                            • memory/1540-476-0x0000000180000000-0x0000000180CC2000-memory.dmp

                                                                              Filesize

                                                                              12.8MB

                                                                              Download

                                                                            • memory/2480-594-0x0000000002C20000-0x0000000002E21000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/2480-641-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/2480-916-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3152-551-0x0000000000400000-0x0000000000C61000-memory.dmp

                                                                              Filesize

                                                                              8.4MB

                                                                              Download

                                                                            • memory/3480-589-0x0000000000400000-0x000000000052E000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/3484-493-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-518-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-498-0x0000000002C50000-0x0000000002E51000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/3484-494-0x0000000002C50000-0x0000000002E51000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/3484-506-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-509-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-510-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-511-0x0000000002C50000-0x0000000002E51000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/3484-508-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-507-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/3484-516-0x0000000002C50000-0x0000000002E51000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/4164-458-0x0000000010000000-0x000000001099E000-memory.dmp

                                                                              Filesize

                                                                              9.6MB

                                                                              Download

                                                                            • memory/4164-460-0x0000000010000000-0x000000001099E000-memory.dmp

                                                                              Filesize

                                                                              9.6MB

                                                                              Download

                                                                            • memory/4164-447-0x0000000000EF0000-0x0000000000EFF000-memory.dmp

                                                                              Filesize

                                                                              60KB

                                                                              Download

                                                                            • memory/4164-448-0x0000000003970000-0x0000000003B71000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/4164-457-0x0000000010000000-0x000000001099E000-memory.dmp

                                                                              Filesize

                                                                              9.6MB

                                                                              Download

                                                                            • memory/4164-455-0x0000000010000000-0x000000001099E000-memory.dmp

                                                                              Filesize

                                                                              9.6MB

                                                                              Download

                                                                            • memory/4336-539-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/4336-538-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/4336-540-0x0000000002B60000-0x0000000002D61000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/4336-536-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/4336-545-0x0000000002B60000-0x0000000002D61000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/4336-547-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/4336-527-0x0000000002B60000-0x0000000002D61000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/4336-523-0x0000000002B60000-0x0000000002D61000-memory.dmp

                                                                              Filesize

                                                                              2.0MB

                                                                              Download

                                                                            • memory/4336-535-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/4336-537-0x0000000000400000-0x00000000008B4000-memory.dmp

                                                                              Filesize

                                                                              4.7MB

                                                                              Download

                                                                            • memory/4368-617-0x0000000000400000-0x000000000052E000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/4368-521-0x0000000000400000-0x000000000052E000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/4368-10-0x0000000000400000-0x000000000052E000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/4368-9-0x0000000000400000-0x000000000052E000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/4368-6-0x0000000000400000-0x000000000052E000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/5060-0-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                              Filesize

                                                                              160KB

                                                                              Download

                                                                            • memory/5060-8-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                              Filesize

                                                                              160KB

                                                                              Download

                                                                            • memory/5060-2-0x0000000000401000-0x0000000000412000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                              Download