hxxp://Google[.]com

Analysis

max time kernel
505s
max time network
2302s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
16/03/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\System32\xenia.log	xenia.exe
File opened for modification	C:\Windows\System32\xenia.log	xenia.exe
File opened for modification	C:\Windows\System32\xenia.log	xenia.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3829149121\806280961.pri	PickerHost.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	xenia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	xenia.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	bcastdvr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bcastdvr.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "2"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "122"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bing.com\Total = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "115"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	PickerHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e0cb36cc5577da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedPickerData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEd	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = df8dd1df5577da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1311"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "122"	MicrosoftEdgeCP.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\xenia_master.zip.arn4sr5.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3640	sdiagnhost.exe
3640	sdiagnhost.exe

Suspicious behavior: MapViewOfSection 16 IoCs

pid	Process
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4976	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4976	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4976	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4976	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1092	MicrosoftEdge.exe
Token: SeDebugPrivilege	1092	MicrosoftEdge.exe
Token: SeDebugPrivilege	3640	sdiagnhost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4764	msdt.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
1092	MicrosoftEdge.exe
2164	MicrosoftEdgeCP.exe
4976	MicrosoftEdgeCP.exe
2164	MicrosoftEdgeCP.exe
4524	MicrosoftEdgeCP.exe
4524	MicrosoftEdgeCP.exe
1492	PickerHost.exe
4532	xenia.exe
3896	xenia.exe
1292	xenia.exe
1444	xenia.exe
3512	xenia.exe
2028	xenia.exe
1304	xenia.exe
4244	xenia.exe
4608	xenia.exe
2648	xenia.exe
916	xenia.exe
2768	xenia.exe
4288	xenia.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 868	2164	MicrosoftEdgeCP.exe	76
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 2164 wrote to memory of 828	2164	MicrosoftEdgeCP.exe	80
PID 3520 wrote to memory of 4764	3520	pcwrun.exe	96
PID 3520 wrote to memory of 4764	3520	pcwrun.exe	96
PID 3640 wrote to memory of 2944	3640	sdiagnhost.exe	100
PID 3640 wrote to memory of 2944	3640	sdiagnhost.exe	100
PID 2944 wrote to memory of 2388	2944	csc.exe	101
PID 2944 wrote to memory of 2388	2944	csc.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://Google.com"
1⤵
PID:3212

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:1100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4500

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:828

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2492

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:4532

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000040252 /startuptips
1⤵
PID:3532

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:3696

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:3896

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000902D4 /startuptips
1⤵
PID:2888

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000A02E0 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:2344

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000004038E /startuptips
1⤵
PID:4928

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\xenia_master\xenia.exe" ContextMenu
1⤵
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\System32\msdt.exe
  C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWC370.xml /skip TRUE
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4764
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
    3⤵
    PID:4468
  - - C:\Users\Admin\Downloads\xenia_master\xenia.exe
      "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious use of SetWindowsHookEx
      PID:3512
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
    3⤵
    PID:1028
  - - C:\Users\Admin\Downloads\xenia_master\xenia.exe
      "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious use of SetWindowsHookEx
      PID:2028
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
    3⤵
    PID:3316
  - - C:\Users\Admin\Downloads\xenia_master\xenia.exe
      "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious use of SetWindowsHookEx
      PID:1304
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\Downloads\xenia_master\xenia.exe
      "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious use of SetWindowsHookEx
      PID:4244
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
    3⤵
    PID:196
  - - C:\Users\Admin\Downloads\xenia_master\xenia.exe
      "C:\Users\Admin\Downloads\xenia_master\xenia.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious use of SetWindowsHookEx
      PID:4608

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tvhyvc2w\tvhyvc2w.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD274.tmp" "c:\Users\Admin\AppData\Local\Temp\tvhyvc2w\CSCA3C0D6BBAE5948D38DB4CE8331127863.TMP"
    3⤵
    PID:2388
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\okq54vgs\okq54vgs.cmdline"
  2⤵
  PID:3868
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD39D.tmp" "c:\Users\Admin\AppData\Local\Temp\okq54vgs\CSCC59BD6684D1B494582A3AF8CE8F68B86.TMP"
    3⤵
    PID:5076
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cko1wpmq\cko1wpmq.cmdline"
  2⤵
  PID:2912
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD9F6.tmp" "c:\Users\Admin\AppData\Local\Temp\cko1wpmq\CSC671F616438F945B7A99A3B8D45DCBB53.TMP"
    3⤵
    PID:1724

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000403AE /startuptips
1⤵
- Checks SCSI registry key(s)
PID:652

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000403E2 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:4636

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000020378 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:420

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000040334 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:4304

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000050378 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:2796

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000D03B0 /startuptips
1⤵
PID:4468

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:916

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000007038E /startuptips
1⤵
PID:4968

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000110440 /startuptips
1⤵
PID:5056

C:\Users\Admin\Downloads\xenia_master\xenia.exe
"C:\Users\Admin\Downloads\xenia_master\xenia.exe"
1⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:4288

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000130440 /startuptips
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024031603.000\PCW.debugreport.xml

Filesize
3KB

MD5
d0c6056d2334c6f641abc24a15ac74e3

SHA1
fe3fba89fd942a282b120a81ce42fe759db868e4

SHA256
c6a3cd1d964197f797f141b5450bf925bcef077bd18fafb1a81d7a0abb3d627d

SHA512
31375f34eb4eea540019829d8cf8bd0d54880dba91559fad34682abb3d346c98b0c4361568084c6fb428e1f9e5395fe333dff5bb058ef6331292bf780a4cfe8a

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024031603.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\06bQtOdvnqIODKnOBKJedLV7FUg.br[1].js

Filesize
300B

MD5
b10af7333dcc67fc77973579d33a28e1

SHA1
432aeaee5b10542fc3b850542002b7228440890a

SHA256
d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68

SHA512
c0afa2847a873b82c83f45a03c40fbb435668465a4dcefa21a31895a4d1106300f4041b385eefff2c85fc87fd9f1d0560d283116294468b710f6ca4f88fca1e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\6vCyFNGnnVU8S48wTC2z3sb5-Rw.br[1].js

Filesize
17KB

MD5
3ab43757646e2f1bb8a408c6f1176831

SHA1
156d2857585339b1af88463bea667fd17c50cea9

SHA256
5fd9b1191accc9d3e86ed6281d54d5fe169618d640b208bf76d12072caad6cc0

SHA512
6ce0862ba0db403fdc6d93074f12df2125bcac27245a5c371411199ce129c455011c245cf6fc8163b47e42220f080fbab113ed6b4523fd7d8597116c6e2dd315

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\8w26ODmd1hk4C30WJtfkdBYFSfE.br[1].js

Filesize
574B

MD5
072d0f8c7fdb7655402fb9c592d66e18

SHA1
2e013e24ef2443215c6b184e9dfe180b7e562848

SHA256
4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a

SHA512
44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

Filesize
1KB

MD5
56afa9b2c4ead188d1dd95650816419b

SHA1
c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

SHA256
e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

SHA512
d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\CcMXS8Oo0OUnUE0LzYK9AFJ6la8.br[1].js

Filesize
1KB

MD5
0c0ad3fd8c0f48386b239455d60f772e

SHA1
f76ec2cf6388dd2f61adb5dab8301f20451846fa

SHA256
db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7

SHA512
e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

Filesize
883B

MD5
fd88c51edb7fcfe4f8d0aa2763cebe4a

SHA1
18891af14c4c483baa6cb35c985c6debab2d9c8a

SHA256
51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699

SHA512
ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

Filesize
888B

MD5
f1cf1909716ce3da53172898bb780024

SHA1
d8d34904e511b1c9aae1565ba10ccd045c940333

SHA256
9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01

SHA512
8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

Filesize
674B

MD5
8d078e26c28e9c85885f8a362cb80db9

SHA1
f486b2745e4637d881422d38c7780c041618168a

SHA256
0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461

SHA512
b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\VJnSxYcv7TZB-im7xvuwo7wcIGs.br[1].js

Filesize
4KB

MD5
f0b47869072148871c9ef8fd599d1561

SHA1
1e5697b450db16224d42caf50de711a405c4b5e6

SHA256
a214296c5311c24def18e675844a5b9363e5e262a3f21388d5fd9d14e49a6322

SHA512
f1b398cab77387a9704ca8be98069353fdeb409d20c283610de22199c2390de38eaea1d0413b4b183cde58680518ac9900b1f8811cb6e758759866c2c33a7d15

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

Filesize
2KB

MD5
fb797698ef041dd693aee90fb9c13c7e

SHA1
394194f8dd058927314d41e065961b476084f724

SHA256
795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da

SHA512
e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\hx1FP91l4PKrDhCLfXHf3ouMwSg.br[1].js

Filesize
358B

MD5
22bbef96386de58676450eea893229ba

SHA1
dd79dcd726dc1f674bfdd6cca1774b41894ee834

SHA256
a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214

SHA512
587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\lDSK5WXW01RCyGzCzzxdJDFYfO0.br[1].js

Filesize
5KB

MD5
f8d7bb518048387bb7c7d55943949e3e

SHA1
f8c7854ef3870d88bca04971400dc2a4f6c89e51

SHA256
d397dca6127ef1fa1a7e87af89e1ac6829489f1c7bf756f43438677cc74b4904

SHA512
f8f82b687d70cd1aec0924e3f2d344af517063443ed9787625d3d5fed408e1ec442e5eaebff92883a1f177e5777f15c11120bc84c68a18dda73dc38d89af3b7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css

Filesize
6B

MD5
77373397a17bd1987dfca2e68d022ecf

SHA1
1294758879506eff3a54aac8d2b59df17b831978

SHA256
a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13

SHA512
a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

Filesize
1KB

MD5
45345f7e8380393ca0c539ae4cfe32bd

SHA1
292d5f4b184b3ff7178489c01249f37f5ca395a7

SHA256
3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9

SHA512
2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\v77SiQbcxtK1O5ek11TdloiB5zZ00UAxE3PsP-319e4[1].js

Filesize
17KB

MD5
b1446b9fffe2c4cb28bba7ae4c10b361

SHA1
687a693116cc2884d3f23a01dbfdf64fa82225a6

SHA256
bfbed28906dcc6d2b53b97a4d754dd968881e73674d140311373ec3fedf5f5ee

SHA512
2a774188f103d6c311c288ba66312d02750ec41f6f4c033e4fd6fb2b8de146e6d829fff30c67d11b631571daa2b3afb6df14ec43c03e6c86a9b07703e62b3927

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\y1tiMssL1_ZRGIkBjxDYmR2kX8o.br[1].js

Filesize
198B

MD5
e3c4a4463b9c8d7dd23e2bc4a7605f2b

SHA1
d149907e36943abb1a4f1e1889a3e70e9348707b

SHA256
cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6

SHA512
3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

Filesize
1KB

MD5
d807dbbb6ee3a78027dc7075e0b593ff

SHA1
27109cd41f6b1f2084c81b5d375ea811e51ac567

SHA256
0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7

SHA512
e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3FPBIXNZ\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js

Filesize
838B

MD5
8c8b189422c448709ea6bd43ee898afb

SHA1
a4d6a99231d951f37d951bd8356d9d17664bf447

SHA256
567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff

SHA512
6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\3US3nNU_RgsSNFm9Bzw6xgeuOHk.br[1].js

Filesize
1KB

MD5
d42baf2a964c88aaa1bb892e1b26d09c

SHA1
8ac849ca0c84500a824fcfd688b6f965b8accc4c

SHA256
e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c

SHA512
634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

Filesize
1KB

MD5
2ef3074238b080b648e9a10429d67405

SHA1
15d57873ff98195c57e34fc778accc41c21172e7

SHA256
e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da

SHA512
c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\7ywVvANfxyc5xKGJi7QlJNzipRU.br[1].js

Filesize
142KB

MD5
82ebee645a7b17cfb68a89c8639fd368

SHA1
a7396b110c9741a179e409032ddcba46be1e0746

SHA256
3cc90fae32261142599e0e1fdd3fb1d85385d93c0fd49ecb6335f2dc115eca80

SHA512
16c949c03df2e9a4caac7dd8364712abc160a610c6607ec3be7cc39b45b02d79a8a46aea846da58b6722810905e733aabb544989a32c0e6d7caebbeeadb2aa2a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

Filesize
3KB

MD5
fabb77c7ae3fd2271f5909155fb490e5

SHA1
cde0b1304b558b6de7503d559c92014644736f88

SHA256
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c

SHA512
cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

Filesize
511B

MD5
d6741608ba48e400a406aca7f3464765

SHA1
8961ca85ad82bb701436ffc64642833cfbaff303

SHA256
b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c

SHA512
e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\DIzd7C-3A87Szlq4YGdSRkauYJM.br[1].js

Filesize
27KB

MD5
373acb9523f334d73916a2ec3fe43a24

SHA1
2af01898236207d5a057bf7da6d4b33d10d3f604

SHA256
5c42e6e43d25319fd14faffc1714cc2c0a8d86f07c970dd1767052b4612082a5

SHA512
4fd9e73d943587bc8ef5cf4092bfa4fbd1670e5164a982b7af3ee84229b17133c672003bdaf912feabc8baaac14a614ae7068124e45336f73cdd1927953f8249

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

Filesize
2KB

MD5
17cdab99027114dbcbd9d573c5b7a8a9

SHA1
42d65caae34eba7a051342b24972665e61fa6ae2

SHA256
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de

SHA512
1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

Filesize
242B

MD5
6c2c6db3832d53062d303cdff5e2bd30

SHA1
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d

SHA256
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70

SHA512
bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\XJ8OmILbNhm0zU9tdkuGYeXVPRQ.br[1].js

Filesize
391B

MD5
55ec2297c0cf262c5fa9332f97c1b77a

SHA1
92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23

SHA256
342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467

SHA512
d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\jQ1w07qyCcc9l2abcuV-aLzD-d8[1].js

Filesize
529B

MD5
52112879d5349e8b00df2197105d30e7

SHA1
8d0d70d3bab209c73d97669b72e57e68bcc3f9df

SHA256
6d9847b1da91ca359d58f830db46d984b5101f108594cc9c05bc881185c2a977

SHA512
8684ce45dce557a551e5e577a090bb0ccfe92ad43125888c079d98b6835724c1263b30efbdcbd9299913c742367fef3cab1da89f20d38de5b5758c0b2b873469

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

Filesize
1KB

MD5
f4da106e481b3e221792289864c2d02a

SHA1
d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994

SHA256
47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9

SHA512
66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8SVB3LZZ\th[4].png

Filesize
616B

MD5
63343141c64682bd3e0f711730475354

SHA1
a2a7298e8f58a74292885bae9a3f44c76c7aa945

SHA256
f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402

SHA512
17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\4qLYPfN0EmVUH2TIgYLmYcXKYtQ.br[1].js

Filesize
821B

MD5
dadded83a18ffea03ed011c369ec5168

SHA1
adfc22bc3051c17e7ad566ae83c87b9c02355333

SHA256
526101adc839075396f6ddec830ebe53a065cddbb143135a9bca0c586249ff72

SHA512
bd1e5bad9f6fb9363add3f48fe2b3e6e88c2f070cfe9f8219dc3ae8e6712b7fe04a81c894e5ca10fb2fc9c6622754110b688bc00d82a9bb7dc60f42bd9f5f0b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\5-y8FBmAkXLBZZghI-X94CRnsqg.br[1].css

Filesize
589B

MD5
7a903a859615d137e561051c006435c2

SHA1
7c2cbeb8b0e83e80954b14360b4c6e425550bc54

SHA256
281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666

SHA512
aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

Filesize
1KB

MD5
a969230a51dba5ab5adf5877bcc28cfa

SHA1
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265

SHA256
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f

SHA512
f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\WRGhsWGnkf3ko69VafMSpLBwgbk.br[1].css

Filesize
610B

MD5
f8a63d56887d438392803b9f90b4c119

SHA1
993bd8b5eb0db6170ea2b61b39f89fad9bfeb5b5

SHA256
ef156b16fdcf73f670e7d402d4e7980f6558609a39195729f7a144f2d7329bf3

SHA512
26770bb2ac11b8b0aef15a4027af60a9c337fe2c69d79fddaa41acfd13cac70096509b43dc733324932246c93475a701fd76a16675c8645e0ec91bd38d81c69d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js

Filesize
7KB

MD5
b3ca28114670633e5b171b5360bb1696

SHA1
683f2fb3d4b386753c1f1a96ede3ca08547f0e02

SHA256
a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490

SHA512
bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\c4ruj6QGsmSnOG64gJJnnnYDa44.br[1].css

Filesize
824B

MD5
6d94f94bfb17721a8da8b53731eb0601

SHA1
ae540db8d146e17cfc3d09d46b31bd16b3308a6d

SHA256
21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd

SHA512
bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

Filesize
824B

MD5
3ff8eecb7a6996c1056bbe9d4dde50b4

SHA1
fdc4d52301d187042d0a2f136ceef2c005dcbb8b

SHA256
01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163

SHA512
49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

Filesize
1KB

MD5
cb027ba6eb6dd3f033c02183b9423995

SHA1
368e7121931587d29d988e1b8cb0fda785e5d18b

SHA256
04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f

SHA512
6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\recaptcha__en[1].js

Filesize
501KB

MD5
5a8547555d71e5846135a48dcc7ec3dc

SHA1
bdf99d0037d631ca1d24efa343781f55a11afb05

SHA256
7a01932abc324cbdf143534bd8dc0e665e045a2ae8a0d234d24f2d3ad9ebc619

SHA512
863d425b41d6b439618ccd38d5ea46d5ad6cf3c145a476e0a8596903cfaac4a2d04d40f5cd4f92ac74bdd73dfaaec9f4661c6a71116dfc78b6a41f7d3bd801e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\vDjLjnEkXEuH2C8u3tT0A004qwQ.br[1].css

Filesize
2KB

MD5
9baa6773c6549250a3393e62c56eb395

SHA1
5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d

SHA256
dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2

SHA512
cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N5Q9Q9LE\wk40sF7EbWa09yaLx4dkTswVzPE.br[1].js

Filesize
8KB

MD5
7aeedcebbfcded2c1897ac8327d13cb4

SHA1
c02ed543a1c597b126fb828b431587d5c6b734e0

SHA256
31fdc5d329d993be4c8c93f772e4e69eb63cfc833ecc744d1f26ebccb31256e2

SHA512
ff69da3a6d52d649cb2b096acfa0a23b105c6ea9629033f7ed4e002b88f09165e9dd0ed77b18bff364d90f200e0b7e00daeb4c4ea065f2d8a18b503ef09bb225

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js

Filesize
667B

MD5
2ab12bf4a9e00a1f96849ebb31e03d48

SHA1
7214619173c4ec069be1ff00dd61092fd2981af0

SHA256
f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac

SHA512
7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

Filesize
226B

MD5
a5363c37b617d36dfd6d25bfb89ca56b

SHA1
31682afce628850b8cb31faa8e9c4c5ec9ebb957

SHA256
8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f

SHA512
e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

Filesize
1KB

MD5
8898a2f705976d9be01f35a493f9a98f

SHA1
bc69bec33a98575d55fefae8883c8bb636061007

SHA256
5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108

SHA512
c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\JhaZdZmJyaq_VNNs1_tNVFAkBL0.br[1].js

Filesize
6KB

MD5
2d17b171524cb5c83dc3db5a8a060f65

SHA1
b67280934b1c7b10df65dc8584b1f3eeb738312b

SHA256
24bd447d8fc84b3d87459049cbcee0030096381a51bd5ad92e04de1ba51f72d6

SHA512
1a4dbe857cbce59bd3c5f840594a24928d6362c718fde6dcf44133f347441046b207623837718f080e13debf3a1f07fd56c7bae13b553f6aeddcd4e31b56eba5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\JigriHckblqcu1XwKpT4wumVS2k.br[1].js

Filesize
899B

MD5
602cb27ca7ee88bd54c98b10e44cd175

SHA1
485e4620f433c02678be98df706b9880dd26ab74

SHA256
f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8

SHA512
b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

Filesize
576B

MD5
f5712e664873fde8ee9044f693cd2db7

SHA1
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4

SHA256
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2

SHA512
ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

Filesize
924B

MD5
47442e8d5838baaa640a856f98e40dc6

SHA1
54c60cad77926723975b92d09fe79d7beff58d99

SHA256
15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e

SHA512
87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js

Filesize
1KB

MD5
16050baaf39976a33ac9f854d5efdb32

SHA1
94725020efa7d3ee8faed2b7dffc5a4106363b5e

SHA256
039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55

SHA512
cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\ulJ3ckR0YcGpvIX6xhO4prJhEQQ.br[1].js

Filesize
371B

MD5
b743465bb18a1be636f4cbbbbd2c8080

SHA1
7327bb36105925bd51b62f0297afd0f579a0203d

SHA256
fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235

SHA512
5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\xenia_master[1].zip

Filesize
8.8MB

MD5
4dde4a5fb8e9828fcd5f99405f525252

SHA1
6feb04d877e94cb3482176323087725bdd831dff

SHA256
7c439265ed42ecf89df3edfb3658c85a6cbab5521cdd2f2acb9b43cfe3455773

SHA512
6c4902fe4fd26aaa6b00c79ed4c21393e31f73508bb8084edf1cce221ec5840f2050ec5729378163b63aff6a2c8f28aa1ef12a268ccaa1be1ad18ad7a4098675

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZE6O0VU\www.google[1].xml

Filesize
99B

MD5
7917d72960334abb551a52f88656c307

SHA1
a35b2af4add9a144780d14077f9006f6b7f12a8e

SHA256
0b2c8c3fd7ec46d513ce3093a441d172489d1ef3b4af5771f92635146b640013

SHA512
1a9a87d345d4f7d9baae42d58cba5a62c23f7eb40aa605463616e0d37ef52c9a7644b4be8c31498a243b409ef89d0e1ba1f6ceafe551a66a5225ba0ccc4c8573

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\67DORS5A\www.bing[1].xml

Filesize
17B

MD5
3ff4d575d1d04c3b54f67a6310f2fc95

SHA1
1308937c1a46e6c331d5456bcd4b2182dc444040

SHA256
021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

SHA512
2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\67DORS5A\www.bing[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0LHC38KV\android-icon-192x192[1].png

Filesize
7KB

MD5
c84b8009d7b174cc6323390d575ce6f8

SHA1
6224c00c97fe463574cea6b8a84b78e17b9923c7

SHA256
642a89115571bcdba995eb170ddeaac6583ac26fda2aff3edd3210c057672c67

SHA512
eaf2c50ca57973738a4505e6f623acc06d2e754cb50a631b737238272edfe638973581d9c56b6e22ef68b9142e7b035c8c5639e7fd42bdac35440d77fce0f637

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1B9V32ZE\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1B9V32ZE\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VCN5A3H2\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VCN5A3H2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\wfqgli1\imagestore.dat

Filesize
30KB

MD5
785ae94f817773eb520ba475ce1317d1

SHA1
db0f9f89197fa39cb2bf6c98e3f1dcf5742a4f77

SHA256
10c51457f26ca2e0117dfe15f185a7b1ece5a3b96e618b35fd734fcc3517f43c

SHA512
16de648ab799c75fc3fbf37135231acb9c5804835783eeb3afd2056b9e7346bc57898e451a53a26789ae07cd6c0c085d84bc66d0657c8e67b148e7eec0869a59

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF66121D903A6AD8C7.TMP

Filesize
16KB

MD5
2f9190c28cb3412f8271615b906a546f

SHA1
ca36fc434fd25ceb186475b91f3935f15f454fff

SHA256
6aa5211c4c947f7a63498edf91c4bf879f3846ec92d89e843bb77fb0836ca21d

SHA512
88f8e38f0d00a04eb36345360ba4dde510a44580cae9290561dce7b32479a0b6bd012cbc8cf1886da1a6d4b394511f0e0fd79b5185c96487f6cb9586f26c1716

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SXGUR0V5\xenia_master[1].zip

Filesize
1017KB

MD5
e7be7fde45be292f1fb15608eade9083

SHA1
2854fd3aae096c32ff30262291137a20f180c0bc

SHA256
f07e9c2bc240327ec557eb7eed1526fdad6dbc0971b6cbb108d56c141311102a

SHA512
1885d3f79a0345ebe68c8c6af8d318f74fdf7880982c8ecc687566ed5fab930e4c061f1f40cb7b5e5f41e2fe78137259ac5d41f11d30186612a39da8f2d4a208

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e2cd60e8ebb84835443d52edcac14803

SHA1
788f0a74bc51f711b80c06cc6fddd4a58b5055f9

SHA256
3e33ad6d1c808adde217af7de349fc7a233e4d6732f36eb4f717755bed462379

SHA512
e17e1fc80b4cb66bbf4b446281dfab15b6a5ce33a985fe9251d5a6f7230035319733cff2bd21dac7fcc35a847091d564fad5076cc640a04630a44f79c26aa612

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
312B

MD5
0c637474cccc83c16b8dde5025d978c9

SHA1
bfa8e18ec205a11b82dd485f7e089e805a70eb3e

SHA256
9107cd4e9a5743da4b926ccfe6803e45ef07d258ec0eb4dc98b8225899b4d227

SHA512
b2599fba2aea267b4cb6753678adae665f2319f58c4791840144d059ca606391d582e735bbcf2cd8e381e35bfbb6750579637548c47bbed783c02372bb52217f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_749F323800EEA448718955FAC254DD4F

Filesize
471B

MD5
6f272f5f3a524fc1b106426f4742d4ea

SHA1
15d6ff1b4a183266034421d9cb30d1f133af9e4c

SHA256
dddc2b36549cf280d754939144b6fb8f6a99215d0e589551815ff256a07f6bb8

SHA512
02b777fe0288de413de2de96c993e1053268adb6121b2000d145567a9b38e1bc3eeaf8bb025c7cc3727f7938218de3cfc3563da8188d5d07510090428041ada7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
de9d45bcf1ca777ba4d5cf2c04ca8885

SHA1
06112f0dbd1b6788ae1a7c8d3e14ad8b39b04d0f

SHA256
bd2f1b9f0ad8166d95c258b0d6d621559c552276f97deb2c6bb8a64c7d3bce5e

SHA512
c3425eed674aa411119a41e89271458bd1af128fa3705710ac052354f6f5e02d38c51ddfc6a9008cbb267e3fb64edf035f7e0310973fe36edc0e1fd96962a625

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
049a02a7d2e09683480d77e4a6ab6076

SHA1
6a511d351362247e89f2fe928fe5de4f5be056fc

SHA256
2471a2a2b494ff09e149ec38d3cc94d819f8006ba4db866f624c7c0cdc0c1255

SHA512
f8f9c0c5034bdbf7a2c7d7c7351112e6a2b6302569a2ed6ed69c1bb100ec61accbb461d966f30435cb046bcd4dde6eeb493dbbc1a5f1c25eb896c2fd8bcdad47

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
eabf59374c9801f3b0b2890cb9f1b601

SHA1
b530b982ea5936fe535e8b7168ff90bb8f8f9c7b

SHA256
64a84e878a36ab198cfce17e578091b93998755ec02f99ea39122bd32ca552ee

SHA512
50eb18bdd45f4060f24511f64a21acb617df7832c2ad681a62f6d252583ebe026c40698b8e8308a7acf477c846fd4eed9cf47f1c3c495595adbe45b410299caa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_749F323800EEA448718955FAC254DD4F

Filesize
406B

MD5
bd3f26261325f92bfe6883bd552ef5a5

SHA1
89fa78dc2c2611339da700ce1318f8d3337b6ed8

SHA256
14bce35c21ef4f4d94c20542235b84a15f4bc285be4228228267714c866ebe16

SHA512
bc284fb2b9277e01a20d10ffd99597374146400a9161095b3619d06e8586fcc3555ee08dcf9f73f9be2c7944858d54ae8c376c84555b67c2e8f3c48b665e54d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCWC370.xml

Filesize
734B

MD5
6193973ecdef1b4caf7fcbc04dbb000d

SHA1
7ebfba0ebd97c591862c854902ef70dd154d7d2b

SHA256
3e371e0058bfb7b826d6ae2bc9cc8402f6e366dd48c1c39ce9978306995a7bad

SHA512
e3ad7be83da29a6966776b8ba510e4f870c77e3d748001e284e42c860aba0144a8c5270e8ba526f53ec4873dc5e087f6b0f8fbae39e4a30e749e0667b78c4188

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESD274.tmp

Filesize
1KB

MD5
8a2ddc90e6de74e09e5eb71e76fff9bb

SHA1
9d4461e496c92a83b7f054a27c919e4a364fca39

SHA256
bb271d243050317d6a42f97e471ecf34a6bf15afce6eb0439ba3baf0bd31867c

SHA512
fdcda2d1feb42c684e8f0a74c4fc7424b5d92555b20a66511d1bdaf063ef4882f244d4a4d38c816abb6e4603dc58c830c6af9787b941b60d0b687dcb71fa5d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESD39D.tmp

Filesize
1KB

MD5
80affa605993fb308e7ec070541cc3fb

SHA1
c2701472ee1b54cf6249acd9d9c195f9fc8b221d

SHA256
891114dcd3a253edac03e055e75c8222bfa4aa57a3b87e10303fccabcb8246fd

SHA512
af68dc72f938f1f3da1299858bc1cca3291a54d753eddaa2d5929b2e99c0fad46d31fd102a8f2cd5db6a5a44e9a16b7e7f194e746aa45d64efdc3385df703529

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESD9F6.tmp

Filesize
1KB

MD5
fa28bb451b7ca487e508e829f3d96e38

SHA1
d32204dc8bdac014776c36af266394c1d3b3d772

SHA256
2826ea2d14db9ff8fa41707afbc62b93af751131f138144cdf34441e434d13e4

SHA512
572b8d0b6d867d57452097fdc9ea253c660eb8d4b203b1fdb7b84cf386c8e6d2ead4933a0324035d1d0b49c6709d23ac771f7686700b8342a38ed5b00bfe5d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xmathsjf.2ql.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cko1wpmq\cko1wpmq.dll

Filesize
6KB

MD5
d7191a3cf25aaf42fe2deb0068a9aca7

SHA1
57d362585d5b7898fec46c2c5b0d1313316b81a6

SHA256
0f9aa04156ab586af5d679af92fc6a75f07f9fc27e6371c25701739fef7ea5ef

SHA512
f0008d59afe13cf92072024da29a8df62dc905916e74a8e25263f59facf1b384c8246d1f502ec8ef490623e8fabbe472d7fb0c2c2af264dd5f7957506b5079d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\okq54vgs\okq54vgs.dll

Filesize
3KB

MD5
b4ce6c98fb5eaff685c768f287359744

SHA1
4cdf1f0d95ab4c9fa8d493e73d0c61f77d222925

SHA256
794e7d52d56757bac8b77391440606aa87f6215d4202d15815d6056847fd8a08

SHA512
49286045f1150e8d567eff3f5cea924bdfb86d5530005f4a0ecc610c20bca555ece29386c8badf0b4dbc961cb2c7cb85adb1913a576d9edb40c185c033d758ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\tvhyvc2w\tvhyvc2w.dll

Filesize
5KB

MD5
8591981538e2206cf686ea8e7f2a0d9a

SHA1
a5ba5e18b75740d7049162c193013fb40bedb0b3

SHA256
4bc531f2a6b7e0fd0fea8763b2ee3083e563502fb8557f6adcbb26ec45ef32e2

SHA512
3de659dbd75a37084003dd4e3835a96f9e36f90b27ab9bf8e2755c18da63489d28921abf6a61bfb415a2532765f05b750dafccfd383bd428c0ba738625405021

Download Submit
C:\Users\Admin\Downloads\xenia_master.zip

Filesize
3.4MB

MD5
a3b6063a86cea2a0d5666873b8baba64

SHA1
9a79aeeab0c7cbf530538ad25242c52ce3836f09

SHA256
d7e0723a6b33b57294555b697dd64c78d933798d5f8bd167b71eac5e5fa2c3e6

SHA512
4429ef5895e71ee7edd6909e17c38c7d252681d72d67f5f3179b558e4fb4edda033506f90c0934adf67398255abb6256c7b445e93f533d9e35c27fb3381d6fc2

Download Submit
C:\Users\Admin\Downloads\xenia_master.zip.arn4sr5.partial

Filesize
8.7MB

MD5
0be52fde0538f590acd5491a5f5cd62b

SHA1
fabe85244d8bae392c55b59e03071654660727ba

SHA256
5f3bdd5113d461aaf041d953b1274917281c802a14d0c8e459c4f669299d86e4

SHA512
65a0d8f95e7a726dda706e0a3145be0bad3ca0c24bbc13b179c6103761753d7004ff136db413969168b42fbd2c4a246a7ce677c9d6040a0e22187efd15920775

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.config.toml

Filesize
42KB

MD5
4c43f16fcad9fcff81de9b870de6819c

SHA1
15a276fe3ee89274c9153fb95449ebda202bc3c4

SHA256
d4c13eecb8f9ca2b84eae71087a194b1fd92b4d24810bcb1663da2bcb7456f60

SHA512
72ef7ad04b17fbccf7bdf77d98a0f571fffe2be865eb674907c58d520c3c1f81b3987c6c6e56664d971b1dee338da5d8705dd878ed8e9db0f75abd07ab2343f1

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
117B

MD5
f987025aab9e9a55615f2e43cc710097

SHA1
22e68dfe21cec91279f1234871543054ae843cbc

SHA256
1fe82277f623e612a02b047e1676d4eef4528ec81457fc50f414d15a56742d9b

SHA512
0d89075456cea6efa0424b5ca0df694ad2e6d37692f21ac7e7627a6bc0e6a4ce071256d195366ca64d0377a39533fd552d3885d8a17acab011dbc08843ac9229

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
52B

MD5
d3a66c66642a0d3225c9e1cc96a131a3

SHA1
28e3861dc4b946c01bf45c072c73bc19de70ed93

SHA256
969e723b715661fb19f1960f0a4bc26e3dda2022514381f90587daab61fa879f

SHA512
ec9ea87ea24f9b82aea1ade42cf767d71d59348967f566f6abc9df54b0ed3e25570d74e02112c908a5bf89d5714032aef9b194012f34ab24cebea8eb1cad5090

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
117B

MD5
82151535912d16e2d5bd78cf2259d7f7

SHA1
c58e74b3542c9ec79d03a98e09ae5672ff86dd35

SHA256
32b622ec6e6629ac18065279f41105867d26208b80e483d960320bedcf385d4b

SHA512
487712b3d5410ff2979b5fb52c491a9458cfe1a06d955bf31498c6a743570f6725abad3f8b63c6e31303fac02ce5fde407db6f647c58d2509553393106e6c780

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
117B

MD5
b9d6ccd5c870a6b355004446bf260864

SHA1
6f4ae5e993f8b6c3cdf71c8708ee0c1d65dd9494

SHA256
e41ff325f58adacc79f793d533bb2f8044c4276763d53485a3e42624bdbead44

SHA512
fa23d9307f860a2d4869bb5822c9e10cffc09749ed8a4790263215767876259d1030fb8ad8334e468d6e2a8d0d0dd4b05acc328cf06cac57e4a1fcf960820c6b

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
117B

MD5
fcf427afd050289bd27ba09ecfacfde1

SHA1
a3fbe7ee38b50fdbd6d972a260641aac1faac0ab

SHA256
c0fb3134cb7fb985c6f43543405dd688ef1b30c9e828f2185988eece4b7cbc16

SHA512
420e92431bce759ce54173a292d69c0420ea8097539a777b3242bfe474ca104cdbbcecd1a913f7ab52120195569b65b678d6b56f6d4baeec189c52a512982287

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
201B

MD5
e44cc5503316d2d4fc2a4b49a390ed12

SHA1
015066e781f2fe2628cd033bf84e031116c09455

SHA256
9dffb73bb6b8a626ccc8240341cb497f270477fdc99f061ef1c63e587f03c21e

SHA512
f90ab1639417c5f8414fbabfd649e0218cbd90b9a6834ebb54ca6d52427932f4078694f7094b7d3f752cb8a2c866586e92ece0144f1fd631475f534686eacc8c

Download Submit
C:\Users\Admin\Downloads\xenia_master\xenia.log

Filesize
117B

MD5
021bb01af5e6b6115fd403f19a0a3a1a

SHA1
363eae263ae217195608e1898137396ef238c6bf

SHA256
52dcc2d6d8ef3cbfee5981c08b3b6a9cecb083cbd943137213b390cadcc94bf2

SHA512
dbb67e85ac01c862b2a1e395108eb50eba5607ceabd905f8c00201038edecfbaa04303b458a56ef26c3b63e9c324baba0eb917dc0e2046bb0c3cb960d64012e4

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\System32\xenia.log

Filesize
117B

MD5
fe3974f350aa6cc55195680b8bc7db99

SHA1
80268cc9bfdb474295ad9191b3c247a7a498dfb3

SHA256
9bea9fbb828806886fbbd982f9f3e27a6a6789c97edfb20a5336f0a93a6efeed

SHA512
5e900552c5f76c3c3a43965093bbd93db25e525e2d8cdb233e6620f5c280ec18dc2de308788cfc0dc30b5397450700f5264b59253a7a3be388c5248fb6242150

Download Submit
C:\Windows\System32\xenia.log

Filesize
117B

MD5
3f387c89cb0d27fcb8ffc992f7977e62

SHA1
6d769d8d4b31492fa732dd3f2217e37ef6d617ca

SHA256
2fa75d072497c61d25bfacafd286bf5a89a569687718894f8b6104e9a627992e

SHA512
b34fd783a969f8863627d311a41ba83a51405d6dc5c279efb3ccb3c365808ded0afb2272ee97ad36ad2d8b1d6127cbf6feb74973ed8908c661bb8c24726ef07a

Download Submit
C:\Windows\TEMP\SDIAG_634a900d-4f9d-46b2-9432-1eeb3804dc1e\RS_ProgramCompatibilityWizard.ps1

Filesize
41KB

MD5
a49550a947238f4e23a81f8c765da712

SHA1
0c3daf73301d87c958d7f4f840bf060d87312d8d

SHA256
baf71bcc730ab740670653283eb97a6991af6d52bc82ad83dcc66e9ce9a9dd68

SHA512
3f0cb6e664bd7a998f81b783abaf37dc68ea55360ab021611c2336999b4b61bf6797ba9c427ad93b60c6382cb016c2f8474bc3fce0af85c823583be1d3013f02

Download Submit
C:\Windows\TEMP\SDIAG_634a900d-4f9d-46b2-9432-1eeb3804dc1e\TS_ProgramCompatibilityWizard.ps1

Filesize
16KB

MD5
2c245de268793272c235165679bf2a22

SHA1
5f31f80468f992b84e491c9ac752f7ac286e3175

SHA256
4a6e9f400c72abc5b00d8b67ea36c06e3bc43ba9468fe748aebd704947ba66a0

SHA512
aaecb935c9b4c27021977f211441ff76c71ba9740035ec439e9477ae707109ca5247ea776e2e65159dcc500b0b4324f3733e1dfb05cef10a39bb11776f74f03c

Download Submit
C:\Windows\TEMP\SDIAG_634a900d-4f9d-46b2-9432-1eeb3804dc1e\en-US\CL_LocalizationData.psd1

Filesize
6KB

MD5
5202c2aaa0bbfbcbdc51e271e059b066

SHA1
3f6a9ffb0455edc6a7e4170b54def16fd6e09a28

SHA256
7fd5c0595d76d6dec1fcbace5bbcd8ff531d5acf97e53234c0008ff5a89d20e2

SHA512
77500b97fcd6fe985962f8430f97627fedcf5af72d73d5e2b03e130bca1b6b552971b569be5fca5c9ece75ab92c2e4be416d67a0f24d3830d9579e5f96103ac9

Download Submit
C:\Windows\Temp\SDIAG_634a900d-4f9d-46b2-9432-1eeb3804dc1e\DiagPackage.dll

Filesize
65KB

MD5
e99b38cf7f4a92fc8b1075f5d573049d

SHA1
406004e7acd41b3a10daae89f886ef8b13b27c32

SHA256
812ebb05968818932d82e79422f6fd6c510fd1b14d20634e339c61faeb24b142

SHA512
5637e6e949c24dca3b607b4f8b5745e0bb557e746fc17eff1274af36d52d5d7576723f4cd055fcf8fcf9fd267254e6d7fbb53cc173a15d3dfd3cce2015ac757d

Download Submit
C:\Windows\Temp\SDIAG_634a900d-4f9d-46b2-9432-1eeb3804dc1e\en-US\DiagPackage.dll.mui

Filesize
11KB

MD5
65e3646b166a1d5ab26f3ac69f3bf020

SHA1
4ef5e7d7e6b3571fc83622ee44102b2c3da937ff

SHA256
96425923a54215ca9cdbe488696be56e67980829913edb8b4c8205db0ba33760

SHA512
a3782bfa3baf4c8151883fe49a184f4b2cba77c215921b6ce334048aee721b5949e8832438a7a0d65df6b3cbd6a8232ab17a7ad293c5e48b04c29683b34ecee2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cko1wpmq\CSC671F616438F945B7A99A3B8D45DCBB53.TMP

Filesize
652B

MD5
bc4bd6f23b759474663bc5fade880c44

SHA1
fc6bbfe4a4ee0618600941e0c0dc052b89d2577c

SHA256
4ffacd79728a43d03dead7e5627811c4c452d768862d26a2d5f48102cd1a27d4

SHA512
d3649201d1528f3bceb00b7be5d16058d22803d6cc00bcf81351cd8141b5e2f790d1fc9b8be41d2f0625e2e30aa931b12379ab36f9e17886fe4065b62b1533e7

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cko1wpmq\cko1wpmq.0.cs

Filesize
7KB

MD5
a6a5eb65b434fd6612543820a3e623f0

SHA1
a2034ad0126c821a52d46d7c8289f136bde963c7

SHA256
5e06c62640983f93e9ec11fecd221c238f537cf110f03a61049a25eb6030c02c

SHA512
0bcd9e7662731750f90510fa9f3f83afaa688636f0e312343ed05b420e4d3311d25b08370a705e2e43b0b4619541e0af9f213b27845b4e95155180ecf989d483

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cko1wpmq\cko1wpmq.cmdline

Filesize
356B

MD5
f26c6e0f61cb4a8ea5807f4281ce00ad

SHA1
7598d1932aa96f505f89db760de934d3bf2920df

SHA256
984f7614556d6da7356a2d2c861287b97718fa263a83d0d648077dcf588f2fd0

SHA512
26a575385183739e64f1958fd6bf00d73064891c33ed02999533fcf76ab0a26ac9b0689f91e0596c51265c841b1020f54fcd96989fb06812dbdca9ebb9fd5574

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\okq54vgs\CSCC59BD6684D1B494582A3AF8CE8F68B86.TMP

Filesize
652B

MD5
ce8e1d8b91fcc1d552ce2f26a374c2d9

SHA1
2e4274df3be217ce1bb4c595e3bd6d0522b976f2

SHA256
fef1492167cd1bec84af88c75e21f142e9eb4a065aafc372d7500dc0b0ee9c65

SHA512
fef85d563592637ede237752b0426350966bf683271363e90eae222f4b36ef6bdc8ea7c05b231d1ee853a2078545c03f511e139432bfb6080c27bdaeff8d9146

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\okq54vgs\okq54vgs.0.cs

Filesize
791B

MD5
3880de647b10555a534f34d5071fe461

SHA1
38b108ee6ea0f177b5dd52343e2ed74ca6134ca1

SHA256
f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e

SHA512
2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\okq54vgs\okq54vgs.cmdline

Filesize
356B

MD5
fa5f45e98ddd42894d35aba590dbb517

SHA1
06595f9ed830eb356d0b5330ebde0cf1869afe7d

SHA256
060d042b07b45b1ca3992d08d32eddaff9d093beae724e102321be1ccfab29b4

SHA512
5a801fb9bd0e7060193810d0b8f7aa723f46ff328dd3d4911542e36cc29156951dd2f4305d9a33e7f8a432f7918bb1eb1c512ed992906b9e630c995824aa47a9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tvhyvc2w\CSCA3C0D6BBAE5948D38DB4CE8331127863.TMP

Filesize
652B

MD5
395869e14ce99c8bc723c1c4801a7493

SHA1
e98e098d922801d5a1e38325232ba13578e66024

SHA256
f3c92bd2de67ea1c1608460d13616556240e3dfe7d85cdbd03061007b4f7a5fb

SHA512
1ba3174eab45570ee5cdf9248fb328ef076d85ae1d2ef423425b110b2b758624dc84d25b3404a9ff03351b6c1d081e839564d783de7af414e710d67920fc5403

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tvhyvc2w\tvhyvc2w.0.cs

Filesize
5KB

MD5
26294ce6366662ebde6319c51362d56c

SHA1
c571c0ffa13e644eed87523cbd445f4afb1983d1

SHA256
685699daafafa281093b5c368c4d92715949fc300b182d234e800e613be5d8dc

SHA512
bc91bb591368bc511ca5169b3c23cd69a163eeb77f0d7a083fe09cc6aa15d7044a24f95811fa1518f44368dffda6d346f44e1568e7a5373a6450a63ae31883ee

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tvhyvc2w\tvhyvc2w.cmdline

Filesize
356B

MD5
7aff844a0ebb243c0a251178f845334c

SHA1
e53f68dee0203405d74075b4885ff1d78904da3b

SHA256
b33779f80b9d2be82a818561a3803af2d92b7d942b0badeb87b5488a3d3d8462

SHA512
63ec3dc734e3996065f7cb92831b7dd1ff7d594bd15c6d7dbd5d5b5aa4c886ce10a4cec56f7f86860d2c90ca6dc1937f0139c112bd393b761897690476722346

Download Submit
memory/868-338-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-349-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-341-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-352-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-351-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-61-0x0000017811950000-0x0000017811952000-memory.dmp

Filesize
8KB

Download
memory/868-63-0x0000017811970000-0x0000017811972000-memory.dmp

Filesize
8KB

Download
memory/868-350-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-59-0x00000178112F0000-0x00000178112F2000-memory.dmp

Filesize
8KB

Download
memory/868-53-0x0000017800BD0000-0x0000017800BD2000-memory.dmp

Filesize
8KB

Download
memory/868-51-0x0000017800BA0000-0x0000017800BA2000-memory.dmp

Filesize
8KB

Download
memory/868-339-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-94-0x0000017812240000-0x0000017812340000-memory.dmp

Filesize
1024KB

Download
memory/868-345-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-348-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-104-0x0000017812240000-0x0000017812340000-memory.dmp

Filesize
1024KB

Download
memory/868-177-0x0000017812FF0000-0x0000017812FF2000-memory.dmp

Filesize
8KB

Download
memory/868-185-0x0000017824110000-0x0000017824112000-memory.dmp

Filesize
8KB

Download
memory/868-346-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-48-0x0000017800B60000-0x0000017800B62000-memory.dmp

Filesize
8KB

Download
memory/868-347-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-340-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-343-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-342-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/868-344-0x0000017800B80000-0x0000017800B90000-memory.dmp

Filesize
64KB

Download
memory/1092-67-0x00000241569D0000-0x00000241569D1000-memory.dmp

Filesize
4KB

Download
memory/1092-0-0x0000024150220000-0x0000024150230000-memory.dmp

Filesize
64KB

Download
memory/1092-68-0x00000241569E0000-0x00000241569E1000-memory.dmp

Filesize
4KB

Download
memory/1092-16-0x00000241504E0000-0x00000241504F0000-memory.dmp

Filesize
64KB

Download
memory/1092-35-0x00000241505E0000-0x00000241505E2000-memory.dmp

Filesize
8KB

Download
memory/3640-4874-0x00007FFF9DF70000-0x00007FFF9E95C000-memory.dmp

Filesize
9.9MB

Download
memory/3640-5001-0x000002A8DEC70000-0x000002A8DEC80000-memory.dmp

Filesize
64KB

Download
memory/3640-4925-0x000002A8F74C0000-0x000002A8F74C8000-memory.dmp

Filesize
32KB

Download
memory/3640-5017-0x000002A8DEC70000-0x000002A8DEC80000-memory.dmp

Filesize
64KB

Download
memory/3640-4959-0x000002A8F7940000-0x000002A8F7948000-memory.dmp

Filesize
32KB

Download
memory/3640-4911-0x000002A8F74B0000-0x000002A8F74B8000-memory.dmp

Filesize
32KB

Download
memory/3640-4875-0x000002A8DEC70000-0x000002A8DEC80000-memory.dmp

Filesize
64KB

Download
memory/3640-4971-0x000002A8DEC70000-0x000002A8DEC80000-memory.dmp

Filesize
64KB

Download
memory/3640-5135-0x00007FFF9DF70000-0x00007FFF9E95C000-memory.dmp

Filesize
9.9MB

Download
memory/3640-4970-0x00007FFF9DF70000-0x00007FFF9E95C000-memory.dmp

Filesize
9.9MB

Download
memory/3640-4881-0x000002A8F7530000-0x000002A8F75A6000-memory.dmp

Filesize
472KB

Download
memory/3640-4878-0x000002A8F7480000-0x000002A8F74A2000-memory.dmp

Filesize
136KB

Download