af3a373b06166621175105df5827ac1a295ad9ba0ce4724abbb35b85d641a223

Resubmissions

28/04/2024, 18:45

240428-xeasyaeb87 8

28/04/2024, 18:41

240428-xbwk8sed9y 8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28/04/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Galaxy Swapper v2.exe
Size

6.6MB
MD5

362534604c83884bcbb66742e6d767fa
SHA1

ec50397edce3ddc80efbe717ce1dfed6017c18f8
SHA256

af3a373b06166621175105df5827ac1a295ad9ba0ce4724abbb35b85d641a223
SHA512

b6e3d58c8b45e69deaf9e3547b120f0b0470bdcb7284dcf3b7513bc35349d685c5bbe4c664a27087d404c3387b3bf23d01f360fcba952ea205f7e9f23f34d0eb
SSDEEP

98304:w/JuhFG34eXXRYgqatNSTptB4SROZ3T0EIMMOb6z4eDluupSUD39:w8hU34sYgRNSTZJQgEcOb6z4eD4uP

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Galaxy Swapper v2.exe

Executes dropped EXE 3 IoCs

pid	Process
1000	windowsdesktop-runtime-7.0.18-win-x64.exe
3580	windowsdesktop-runtime-7.0.18-win-x64.exe
4228	windowsdesktop-runtime-7.0.18-win-x64.exe

Loads dropped DLL 9 IoCs

pid	Process
3580	windowsdesktop-runtime-7.0.18-win-x64.exe
3440	MsiExec.exe
3440	MsiExec.exe
3360	MsiExec.exe
3360	MsiExec.exe
1040	MsiExec.exe
1040	MsiExec.exe
4772	MsiExec.exe
4772	MsiExec.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{9926fb6d-a007-472d-b0dc-38d7e8c475e0} = "\"C:\\ProgramData\\Package Cache\\{9926fb6d-a007-472d-b0dc-38d7e8c475e0}\\windowsdesktop-runtime-7.0.18-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.18-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ko\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hans\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\tr\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.Primitives.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Threading.ThreadPool.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Threading.Channels.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\tr\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\pl\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Linq.Parallel.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Threading.Tasks.Dataflow.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Drawing.Common.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Numerics.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Text.Encoding.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.IO.Compression.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hans\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\Microsoft.DiaSymReader.Native.amd64.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Text.Encodings.Web.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\.version	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hant\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ja\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.Sockets.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ko\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\tr\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ru\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Resources.Reader.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Runtime.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Runtime.Loader.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\de\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\pt-BR\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Windows.Controls.Ribbon.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\pt-BR\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\fr\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Runtime.InteropServices.RuntimeInformation.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Collections.NonGeneric.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Transactions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.HttpListener.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.WebProxy.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Formats.Tar.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ko\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.ComponentModel.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\msquic.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\tr\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Reflection.TypeExtensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.IO.Compression.ZipFile.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\fr\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Xaml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\pt-BR\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ja\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Xml.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\mscorrc.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hans\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\de\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ja\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Linq.Queryable.dll	msiexec.exe

Drops file in Windows directory 42 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e582ebf.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3BA3.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}	msiexec.exe
File created	C:\Windows\Installer\e582eba.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3CBF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3E75.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI432E.tmp	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\Installer\e582eac.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e582eb1.msi	msiexec.exe
File created	C:\Windows\Installer\e582eb5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI45AF.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\e582eb6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e582ebb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI510C.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F91C5C9A-FDEF-44D0-88D8-40113345FAA7}	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\Installer\SourceHash{2BC88C2F-92B5-4BB0-B40E-EC88F0EEA057}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3A79.tmp	msiexec.exe
File created	C:\Windows\Installer\e582ebb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3FAF.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File opened for modification	C:\Windows\Installer\MSI3004.tmp	msiexec.exe
File created	C:\Windows\Installer\e582eb0.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{97B1AA87-A6DA-474C-B607-7627F2D7B98A}	msiexec.exe
File created	C:\Windows\Installer\e582eb6.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e582eb1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4129.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Installer\e582eac.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3237.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI396E.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\Version = "944254718"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\galaxyswapperv2.com\Total = "160"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2C88CB25B290BB44BE0CE880FEE0A75\MainFeature	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{97B1AA87-A6DA-474C-B607-7627F2D7B98A}v56.72.12030\\"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\galaxyswapperv2.com\NumberOf = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\SourceList\PackageName = "dotnet-hostfxr-7.0.18-win-x64.msi"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "27466"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2C88CB25B290BB44BE0CE880FEE0A75\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.galaxyswapperv2.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "27466"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPublisher	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{B8FAA44A-726C-4181-8D72-A965DB80CF = "0"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\DisplayName = "Microsoft .NET Host - 7.0.18 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{16C063D6-0C7E-471F-B316-6DF404373A = "0"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "389"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9C5C19FFEDF0D44888D04113354AF7A\Version = "944254723"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\662C3EE69A35C8C504D8F4BC03E5C654\A9C5C19FFEDF0D44888D04113354AF7A	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{16C063D6-0C7E-471F-B316-6DF404373A = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000ddbc2bf49b99da01ddbc2bf49b99da01680230f49b99da01585500000000000001000000000000000000000000000000870314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f006100640073000000180050003200585500009c586d952000732e68746d003c0009000400efbe9c586d959c586d952e000000000000000000000000000000000000000000000000009898330073002e00680074006d000000140000009b0000001c000000010000001c00000034000000000000009a00000018000000030000007a4d4b741000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c732e68746d000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000064667a706b7a726d000000000000000058fc8fce82925947897e17c6d1d514b85bb095fb84f2ee11a2ffda737a3b0b0f58fc8fce82925947897e17c6d1d514b85bb095fb84f2ee11a2ffda737a3b0b0fd2000000090000a08d00000031535053e28a5846bc4c3843bbfc139326986dce7100000004000000001f0000002f00000053002d0031002d0035002d00320031002d0031003600380037003900320036003100320030002d0033003000320032003200310037003700330035002d0031003100340036003500340033003700360033002d00310030003000300000000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000da0ecd39000000000000d01200000000000000000000000000000000	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\galaxyswapperv2.com\Total = "2"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "445"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.galaxyswapperv2.com\ = "160"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D58386B80972EE14D8C7B3284BFDE287\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}v56.72.12030\\"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\galaxyswapperv2.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\ = "{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D58386B80972EE14D8C7B3284BFDE287\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9C5C19FFEDF0D44888D04113354AF7A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F91C5C9A-FDEF-44D0-88D8-40113345FAA7}v56.72.12035\\"	msiexec.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe.bqmi8ah.partial:Zone.Identifier	browser_broker.exe
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\s.htm.u024wmc.partial:Zone.Identifier	browser_broker.exe
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\s (1).htm.125uyom.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2156	msiexec.exe
2156	msiexec.exe
2156	msiexec.exe
2156	msiexec.exe
2156	msiexec.exe
2156	msiexec.exe
2156	msiexec.exe
2156	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4076	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 20 IoCs

pid	Process
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2708	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2708	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2004	MicrosoftEdge.exe
Token: SeDebugPrivilege	2004	MicrosoftEdge.exe
Token: SeDebugPrivilege	2904	taskmgr.exe
Token: SeSystemProfilePrivilege	2904	taskmgr.exe
Token: SeCreateGlobalPrivilege	2904	taskmgr.exe
Token: 33	2904	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2904	taskmgr.exe
Token: SeShutdownPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeIncreaseQuotaPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeSecurityPrivilege	2156	msiexec.exe
Token: SeCreateTokenPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeLockMemoryPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeIncreaseQuotaPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeMachineAccountPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeTcbPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeSecurityPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeTakeOwnershipPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeLoadDriverPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeSystemProfilePrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeSystemtimePrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeProfSingleProcessPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeIncBasePriorityPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeCreatePagefilePrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeCreatePermanentPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeBackupPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeRestorePrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeShutdownPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeDebugPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeAuditPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeSystemEnvironmentPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeChangeNotifyPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeRemoteShutdownPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeUndockPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeSyncAgentPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeEnableDelegationPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeManageVolumePrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeImpersonatePrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeCreateGlobalPrivilege	4228	windowsdesktop-runtime-7.0.18-win-x64.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe
Token: SeTakeOwnershipPrivilege	2156	msiexec.exe
Token: SeRestorePrivilege	2156	msiexec.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
3580	windowsdesktop-runtime-7.0.18-win-x64.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe
2904	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2004	MicrosoftEdge.exe
4116	MicrosoftEdgeCP.exe
5108	MicrosoftEdgeCP.exe
4116	MicrosoftEdgeCP.exe
4076	MicrosoftEdgeCP.exe
4076	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 4116 wrote to memory of 764	4116	MicrosoftEdgeCP.exe	76
PID 3976 wrote to memory of 1000	3976	browser_broker.exe	80
PID 3976 wrote to memory of 1000	3976	browser_broker.exe	80
PID 3976 wrote to memory of 1000	3976	browser_broker.exe	80
PID 1000 wrote to memory of 3580	1000	windowsdesktop-runtime-7.0.18-win-x64.exe	82
PID 1000 wrote to memory of 3580	1000	windowsdesktop-runtime-7.0.18-win-x64.exe	82
PID 1000 wrote to memory of 3580	1000	windowsdesktop-runtime-7.0.18-win-x64.exe	82
PID 3580 wrote to memory of 4228	3580	windowsdesktop-runtime-7.0.18-win-x64.exe	83
PID 3580 wrote to memory of 4228	3580	windowsdesktop-runtime-7.0.18-win-x64.exe	83
PID 3580 wrote to memory of 4228	3580	windowsdesktop-runtime-7.0.18-win-x64.exe	83
PID 2156 wrote to memory of 3440	2156	msiexec.exe	85
PID 2156 wrote to memory of 3440	2156	msiexec.exe	85
PID 2156 wrote to memory of 3440	2156	msiexec.exe	85
PID 2156 wrote to memory of 3360	2156	msiexec.exe	86
PID 2156 wrote to memory of 3360	2156	msiexec.exe	86
PID 2156 wrote to memory of 3360	2156	msiexec.exe	86
PID 2156 wrote to memory of 1040	2156	msiexec.exe	87
PID 2156 wrote to memory of 1040	2156	msiexec.exe	87
PID 2156 wrote to memory of 1040	2156	msiexec.exe	87
PID 2156 wrote to memory of 4772	2156	msiexec.exe	88
PID 2156 wrote to memory of 4772	2156	msiexec.exe	88
PID 2156 wrote to memory of 4772	2156	msiexec.exe	88
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 2040	4116	MicrosoftEdgeCP.exe	92
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95
PID 4116 wrote to memory of 5256	4116	MicrosoftEdgeCP.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"
1⤵
- Checks computer location settings
PID:688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1000
- - C:\Windows\Temp\{FB25E95E-EBF3-426F-9D8A-F61B8994811D}\.cr\windowsdesktop-runtime-7.0.18-win-x64.exe
    "C:\Windows\Temp\{FB25E95E-EBF3-426F-9D8A-F61B8994811D}\.cr\windowsdesktop-runtime-7.0.18-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe" -burn.filehandle.attached=596 -burn.filehandle.self=604
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3580
  - - C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\.be\windowsdesktop-runtime-7.0.18-win-x64.exe
      "C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\.be\windowsdesktop-runtime-7.0.18-win-x64.exe" -q -burn.elevated BurnPipe.{961AF118-3853-479C-953F-39F69B1A2DBD} {02612759-B328-4B3E-987D-058ABB2D12C0} 3580
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:4228

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2708

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2904

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7CA6D1C4CFB2A2586E31DD643DCF7FA5
  2⤵
  - Loads dropped DLL
  PID:3440
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9BB0398C4960F2CD9D541BC06A51CF65
  2⤵
  - Loads dropped DLL
  PID:3360
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EFD48655850F0465F03CEBBB8DD82528
  2⤵
  - Loads dropped DLL
  PID:1040
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 47BBE41AAB47CA66BE422A8C7B0B7DFC
  2⤵
  - Loads dropped DLL
  PID:4772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324
1⤵
PID:5796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e582eaf.rbs

Filesize
47KB

MD5
707758511c6e27e40cdaa4d151865254

SHA1
7988492a8609a998dc2f0425959678d68c293eed

SHA256
bba39ceaacaa4f2c529f791438fba38af11cca71abe9f38b5be14e2f68a5e373

SHA512
99461394e2793983749a33d49122a4a22ddf37a74265dd6af26f623eb3ba1a61b9730357f1b78f5fd29f12a8aeb39a10385cc636875b752f557d631b099fdea5

Download Submit
C:\Config.Msi\e582eb4.rbs

Filesize
8KB

MD5
ec55c8eab61cb64beefaf7defa1289d5

SHA1
831cf617e676b14c6cff6e39e439ff961211d440

SHA256
69fcd15d9ce2db6eedcc4192ec64b76bf98e88985b217158710a3c2bcdba89b8

SHA512
02370f87cc88637ae204826ef8a4944203c1cd01cb7843f20e119ef4e96ca2e0abf640fe3628cdee9dafcfc813d7dd1a6431f1a1e547390ecddf2b90b76c3cc7

Download Submit
C:\Config.Msi\e582eb9.rbs

Filesize
9KB

MD5
51c96e970d7fde6e644a7a9203de9595

SHA1
bb961713dd5ac11827488f00f42c1104dda6f79c

SHA256
55b14c7fa748d32684bcce5f8f1c6473105bb2baeaccaa70741fda19331dbe97

SHA512
35e668ceb9ea8ae08569ed5c165c5e55f7a42a2f3c6c61fc28661009cb1ad15115930543a101e118ffc1bfbe872bc9bd23a2fdd01bbfb668d09c483bbf4614d1

Download Submit
C:\Config.Msi\e582ebe.rbs

Filesize
87KB

MD5
ba43d262b53ee0473b8251d668211bd5

SHA1
a6099d89bdd812eef0379a7eaaf6ab47d0e2a970

SHA256
3626b33cc6f5ebbfa3da5dfcdeaf97fca20f0567058ae2612fe71b3a17245215

SHA512
7f1261a63432cf278c544b72d9426c94a86db181a5ce957cf0b9c8c8547b27172c007996c96ac0e7998e9b1e21b190c0a621c9ffadc3c76cdf9e0382e447fd7e

Download Submit
C:\Program Files\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
85KB

MD5
5c13a5ea8c8cc3474240981d0ffa88ff

SHA1
1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80

SHA256
4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da

SHA512
32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8S7W85J5\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\2RFgnacsz6nPw9vvxd8AGFyaQr8[1].js

Filesize
308B

MD5
e849f94cd30ec77987643a0d405e33e4

SHA1
d911609da72ccfa9cfc3dbefc5df00185c9a42bf

SHA256
b39968f3ab3c3867efc7115c77d0239b0a2c505ae87766231bf46e32f7797c43

SHA512
dbc5ef102c16d14a99f090821176b3706ba08d87d1efba817d763af969a10f9058c7aa0ce54d442dc816e84d294b52dc78623416044c1b6efa59a28055b48504

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\5-y8FBmAkXLBZZghI-X94CRnsqg.br[1].css

Filesize
589B

MD5
7a903a859615d137e561051c006435c2

SHA1
7c2cbeb8b0e83e80954b14360b4c6e425550bc54

SHA256
281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666

SHA512
aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

Filesize
1KB

MD5
2ef3074238b080b648e9a10429d67405

SHA1
15d57873ff98195c57e34fc778accc41c21172e7

SHA256
e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da

SHA512
c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\8aj_I6fSAQ2HauP0CPPAfDwa2j8.br[1].js

Filesize
598B

MD5
4ff32905762c3a445028e11ed69f04a0

SHA1
809535e72d3dbe00f945893f7581eb3897f4439a

SHA256
336342b76b1eec2f9698dacb5d7d7749148a2036172435cd0c1a80a80a9886e7

SHA512
8b20273037fc33b549b6322d4b6a7623b0e24cf737c8d562e226f3bee2f5ba5a0692569fd0039e296146e9845e4f00ed5f08566980ede5fe449be08ff1f0b79f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

Filesize
1KB

MD5
8898a2f705976d9be01f35a493f9a98f

SHA1
bc69bec33a98575d55fefae8883c8bb636061007

SHA256
5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108

SHA512
c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\9YAQCrq1aCvJQNyORXytYpPYETs.br[1].js

Filesize
1KB

MD5
be2d8a4651ce06cfd994f74999a4e024

SHA1
605b3dbe002f3480683ee7130b8098fb57c18976

SHA256
da463de775286aa611759f49ab574cd1bfddde4e390f32dce49603b087d9d67c

SHA512
0cecb0fcd377b14b8681b58e42f09e2d82af78fd67066675485c91eec0d45f7de670960caafd9471048d2c1c467c234bf27fb48c09164888fa04e84759b5d507

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\HdiojNH85n4iu87NAQvDH5bKMnM.br[1].js

Filesize
353B

MD5
794184fae3c0890ae4ea642fd8f7fbf8

SHA1
91f8e72f3517d86a28edeb1b476f90fa5f972168

SHA256
00ea5dc006fa84e08d604bf9708135b98138ae0a092bd2c101a912b5efe3fe17

SHA512
3bcbc295c3e482ba7d8d99df3ac396fc1da973745a82dcae8d02270afed54b758d3f2c9811ed3c08e817f78a1a6a73eb5564d05e0c78d8009cf2608d14bb96fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

Filesize
891B

MD5
02b0b245d09dc56bbe4f1a9f1425ac35

SHA1
868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673

SHA256
62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6

SHA512
cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\LTCT2zdUcB3ayDDUpC7BI5zxXuE.br[1].js

Filesize
1KB

MD5
480df9ada0ab4f05ef58e5cb2e2392e1

SHA1
5510d9c30128875621b2f587563e7c1d0153f164

SHA256
1c56cffb0e9950e4a61b6955e8708befa2ceca71017838f1fc233e2038b23c2c

SHA512
dae1a6680c0f1dfcac1c2b7b23c459f162d3d00d83548dce37bb86a74d2c04f2ec6b68449631eb53dd176153bdec74086f287b02688ef8d4d977671060709d09

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

Filesize
888B

MD5
f1cf1909716ce3da53172898bb780024

SHA1
d8d34904e511b1c9aae1565ba10ccd045c940333

SHA256
9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01

SHA512
8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\WjC77O8uVx9--UZpQC4Qfpa7qaE[1].js

Filesize
2KB

MD5
10102e62e2b6e663ed22e989af46c43e

SHA1
1edc8b99bcfb0cdfffead624663d6c127b04398d

SHA256
fbfdbb1fe8b890ca294b4d46b4e747949d618b12bf0f9476553fdde6c7a425e2

SHA512
104f2e4767c6e72e75ed009c13eebe71349c3a28d01e7d972a3c5fe9b272da0d94d9d09bffc82411960755babb52a9ace12baa8a1823d47687a70ae75001d885

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\hulMy94NWe4P3UsIN3zt_iGS9n8.br[1].js

Filesize
884B

MD5
472e4c0f78992e66f029d6cfa0061b36

SHA1
c04a9b6151f4113564346bd2d3ddf4b1bcc3c7f8

SHA256
627cbd6266a53e45d4a8cd0dcbb580dc2e07e7f2327d936c103031c2003f187f

SHA512
c02b98dce8cd787f5bce00c590d08dda6761b3eeff0de4cb92127ef42a277160145c6eed66e1b1372ca723c5fe5ae899a13c593b31290ba6b48e6e3def1c3016

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\hx1FP91l4PKrDhCLfXHf3ouMwSg.br[1].js

Filesize
358B

MD5
22bbef96386de58676450eea893229ba

SHA1
dd79dcd726dc1f674bfdd6cca1774b41894ee834

SHA256
a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214

SHA512
587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\k_1vDJ7YnYEjL9Qod9Nov34mjlg.br[1].js

Filesize
5KB

MD5
30b634412769ade1c905cf02675d09b2

SHA1
0595d3eca18b384d4303332fcc25cbac5cdc3055

SHA256
d28ad6eee0acbb28a3a3f2145962b74daa6b4c241833f18f1aa084204d164168

SHA512
ec476944cc9c3aa97c06f916f625cdfceef83f969ef45fc23d43091d8a639f9a59d0a8790b5cf9d30da80f21ff6ed4274d7eb0ec47226586ffe32bba0bff7471

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\l5qlKyb5rPv_F2YU5blrntiAB0c.br[1].js

Filesize
17KB

MD5
da20be4389802036c4857b825abe6455

SHA1
5e398314932dd98d32f7140375d98a7b57a7b0c4

SHA256
52c76adee81b0c1137d223fc099b04fba37350434ff50b0739ba5706c2d6ed10

SHA512
5313c88c8ce50d3f3c59413ed3bf50e1797978dba17bbc29cc065183d4d7593e9bbeb410ee1508241a4e963082a2c340e5b59c9c976b584a48f26e104ef9ea00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\nc60aT-MXWFDGmlflZLjNBVVxkM.br[1].js

Filesize
8KB

MD5
1c0981ac86e2ea5b7f08f34548af3280

SHA1
57324208ddb3a9e80abd3346607d712c999c2e50

SHA256
00ff3483d93259aedb929a9fee4454a623830b18a08f08781ac1961c1e98774a

SHA512
0f7185a8579d9bf1b89623bf126c58789010c76f7e279a3f44064c78b2e3e04bb0a89394e6be185618071153bc872e43a69211255f3470e1120e51ab0d5f2329

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

Filesize
1KB

MD5
f4da106e481b3e221792289864c2d02a

SHA1
d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994

SHA256
47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9

SHA512
66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\runtime[1].js

Filesize
20KB

MD5
4f6d0ac2c43a81b1890d6442a2a72494

SHA1
5cec1237fc2cd482064efb78c55096560ffd4419

SHA256
b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07

SHA512
b513e08a30b27f90e72b9f9e4e0602314d995736079820f23e35fe7a160029c8082c39bebec6b96270b72bf1f3e9af6ed68e70e943874395a6e42cd51012d83f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\sIrFa3Z4evrarEWoCqwvr1_C5xs.br[1].js

Filesize
15KB

MD5
250a4e9ccadad02b287c0c5ed8842306

SHA1
93677202bf23b04a4a51e332b2cb0a2267ff91ce

SHA256
4990a3ea1cfeafe7500a144f3eea9f0cc8e37c1412eb8a4fb9a3b32e68542bbf

SHA512
a23cda1692ae15d907eeb540e70d39204f4293369cc2a7e088e66166cdcd12d052faa1bc2d17a078d4edea6e7b6ef503d7255359d88b25cbfb3b4ede11a96b16

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\ukaQhuYQyTz3agbHIeyBRoBxhmE.br[1].js

Filesize
2KB

MD5
2fe892c04cd5ebc84869d9b76a995ad9

SHA1
7068354f113dbe13e4a36d26b99278864b1cf373

SHA256
66b8178c7d9750e9ef11b6bef9296bd98e8898779aa4863426aa78e3a592b7d0

SHA512
2ed41cbd6ab2c5717cee790de22220af44c34d6e849b9b1dcf8451c7cb7e6058c6021af63d39fdaf5ca3e5e8199d33c33ae0143bb325c44e3fec55c7125a6f99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\ulJ3ckR0YcGpvIX6xhO4prJhEQQ.br[1].js

Filesize
371B

MD5
b743465bb18a1be636f4cbbbbd2c8080

SHA1
7327bb36105925bd51b62f0297afd0f579a0203d

SHA256
fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235

SHA512
5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\-Z5PGVGl9RD5ty_T685A55-u_qo.br[1].js

Filesize
31KB

MD5
f3ecd06be0ca1afee2caf5edc9d23d64

SHA1
4ddedc495e11f0e439bb2f60ad1734746e4196b2

SHA256
3f75671bccc514395672bc6575c047ce12194644e3e94529269dc5c223f66b44

SHA512
e948014f1ea8a1610878c7c35a31045275adb61248a590cc09ff913e78278d0e6802f4ae437a70266ba54781363e1f3319eeee146cd8d5a9e626c5914a1c531f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\06bQtOdvnqIODKnOBKJedLV7FUg.br[1].js

Filesize
300B

MD5
b10af7333dcc67fc77973579d33a28e1

SHA1
432aeaee5b10542fc3b850542002b7228440890a

SHA256
d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68

SHA512
c0afa2847a873b82c83f45a03c40fbb435668465a4dcefa21a31895a4d1106300f4041b385eefff2c85fc87fd9f1d0560d283116294468b710f6ca4f88fca1e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js

Filesize
7KB

MD5
fbf143b664d512d1fa7aeeeba787129c

SHA1
f827b539ae2992d7667162dc619cc967985166d9

SHA256
e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff

SHA512
109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\6ae84K2oVqwItm4TOpI[1].woff2

Filesize
46KB

MD5
595a20eb90b1a3b429e1088e114b6f10

SHA1
3c0fd511c526f921f256dd2437362f1404a21765

SHA256
6e955e29cb1e96cdcea163f9995a08e1369202a7b2bc821f2bb0e686c9b4663d

SHA512
771cf54329e0f1656a330b7069f42753e7989e16ea5661d4ad7cc64a06190f2e61b90685ff13e8e5c62ee344e286bb464675619c87517900996340a139ae362a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\6aez4K2oVqwIjtc[1].woff2

Filesize
46KB

MD5
ac058aba73ba0e5364c9aaf4fc42bd87

SHA1
5363b7679a8b1c786285683d6f9818c7ebbd418b

SHA256
3e50420cc0e40a62028ea644d36cc5f75ffbeff5be96b6da25fcd183d5b2cfd0

SHA512
15d74bfc798d1627c5b2162aa2a139b9b1ebad70ab6e9f17fe5032aa61496e74ee06243dff8e9c69aa9302c540a3d4f77ec967c041aa7bb42058422e62b3685b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

Filesize
511B

MD5
d6741608ba48e400a406aca7f3464765

SHA1
8961ca85ad82bb701436ffc64642833cfbaff303

SHA256
b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c

SHA512
e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\CcMXS8Oo0OUnUE0LzYK9AFJ6la8.br[1].js

Filesize
1KB

MD5
0c0ad3fd8c0f48386b239455d60f772e

SHA1
f76ec2cf6388dd2f61adb5dab8301f20451846fa

SHA256
db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7

SHA512
e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\FLbS4sMDF_AAL4geGmkhCan3K7Q.br[1].js

Filesize
2KB

MD5
c0423387659756bac316ad4c3a2c0dc3

SHA1
b5d9cf4fe69b29a69839c86979643e7a6885e145

SHA256
8eeb1cdb826bc855f7254c15609b44fbde63a6c660adf21ad0fbf00cd015499d

SHA512
a471dca94efc4027ecac3cff0003a106dc2c55df9d157dd09a721e4f679be28ba29d805c0dcc27034664e423c65efe6f8e4677372156748bd9c8824b88b30db8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\GwvTDzr-_7Ipq8Y_s09cnrmtIeY.br[1].css

Filesize
180B

MD5
c38ed67c584f412d68541ccdba3bf2a8

SHA1
8947287b32583add11390f318983a6ffb7bde9a0

SHA256
20ecf53c4dafe3bcf8a9ddfb4246ab41df880aa2a7475397c7aeb435053495f9

SHA512
002cb6402be416c94b469a2607b62d9d2ec091e8f7ecaae6c8aa25b22a4523f933f09218dc7dea9cc4eafb4678b80604cda611b474add539933af07af35cf537

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

Filesize
1KB

MD5
a969230a51dba5ab5adf5877bcc28cfa

SHA1
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265

SHA256
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f

SHA512
f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

Filesize
883B

MD5
fd88c51edb7fcfe4f8d0aa2763cebe4a

SHA1
18891af14c4c483baa6cb35c985c6debab2d9c8a

SHA256
51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699

SHA512
ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\JigriHckblqcu1XwKpT4wumVS2k.br[1].js

Filesize
899B

MD5
602cb27ca7ee88bd54c98b10e44cd175

SHA1
485e4620f433c02678be98df706b9880dd26ab74

SHA256
f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8

SHA512
b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

Filesize
242B

MD5
6c2c6db3832d53062d303cdff5e2bd30

SHA1
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d

SHA256
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70

SHA512
bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\Q1Z1cF6gZCkTBd0Gx8Q7LjbPAlQ.br[1].js

Filesize
5KB

MD5
7a0dd3b8ac06a6b4a01953955606ed27

SHA1
af6453882542d8bd119a768c025af1c94bf7b3ca

SHA256
f1b3acd8757d2c9db87cb851eebf25909c0355483520475c2ed1f29bb36e062a

SHA512
e5cc3aa206c4a62e746ea9743ae92fd5efb4d46f12c9f51ba04eefffc58e04fc8b085eb0fbeca42290a8ecd3d8c07b40ad80f80db3cf3309d098022f948865c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\QtJVX2BWG_pKK8Kg_EqULgkLsrk.br[1].js

Filesize
5KB

MD5
4a7fbd9e7ea63c6d763f333644256a62

SHA1
ef3dc9076b76d0a6109d42fa88915165e17f14e0

SHA256
d27b551812ab2092c10677a8a587f808164cca3fae2d49d0b2a89fa348330084

SHA512
de3966360449e59d45f0671ab3a2f0a6fd2c6c61328320d257fe17877168029e4515b06b373433f2e0eea7eb4d07184710e0c01b643ab7f836c586e6ceb91c5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\RvRBoZ5KQDNHwbHfo-_ZBZIoYQo.br[1].js

Filesize
1KB

MD5
718c9d9c2d2a498de3c6953b6347a22f

SHA1
b2f1a5400618972690d509e970cc3abeb72513f4

SHA256
66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081

SHA512
ac55ef9f45d29cfcf7d80c009df4c55335f7c3b55d66aadde275f580f321125a2c7669f7157d5bf9a34b3513c1231935a461f46eeebdd87b7801685fc95dc6c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

Filesize
674B

MD5
8d078e26c28e9c85885f8a362cb80db9

SHA1
f486b2745e4637d881422d38c7780c041618168a

SHA256
0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461

SHA512
b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

Filesize
576B

MD5
f5712e664873fde8ee9044f693cd2db7

SHA1
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4

SHA256
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2

SHA512
ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

Filesize
2KB

MD5
fb797698ef041dd693aee90fb9c13c7e

SHA1
394194f8dd058927314d41e065961b476084f724

SHA256
795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da

SHA512
e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

Filesize
924B

MD5
47442e8d5838baaa640a856f98e40dc6

SHA1
54c60cad77926723975b92d09fe79d7beff58d99

SHA256
15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e

SHA512
87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\hZfkuFpBGPXb-rVM9rgqiZMJkak.br[1].js

Filesize
7KB

MD5
b77caf26cd1268fd95625fdd2ffd0176

SHA1
caac48d57cb960134109c6743afb7bd9368137ce

SHA256
2963d320aad7d63efeb1e0bd40246c2395abd19352397dd401751d829939bd94

SHA512
87adce70395bdc73bfeaf5cfb37d1f751b288f6a7f169df7db0025ba35ccc4cb5df3122e72413935689f3ef169b128c7da9d7969dbe7962d4427edea9dd46f2a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\kNUdPzzLEbQzYr3icm3MTxwk6-Y.br[1].js

Filesize
4KB

MD5
fc3708a7ac43ace3d3406c2e5f7f1116

SHA1
cbd3116ecd59fd4a44f8b3cd958cbff724989a29

SHA256
37d9b83c929f1a8d94c4f29000cbfdfa72c4bc61c3950df02523252928591c29

SHA512
12122417b29aed27eebf3bb36e740c86567daef7060b5e8d64d11c83a5045e6eca5f3b1bc5a6d6b1a8e3eb23f8c34d48b63fcb41e43143e6b146fb2d51cdbd58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

Filesize
606B

MD5
0c2672dc05a52fbfb8e3bc70271619c2

SHA1
9ede9ad59479db4badb0ba19992620c3174e3e02

SHA256
54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39

SHA512
dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css

Filesize
6B

MD5
77373397a17bd1987dfca2e68d022ecf

SHA1
1294758879506eff3a54aac8d2b59df17b831978

SHA256
a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13

SHA512
a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

Filesize
1KB

MD5
45345f7e8380393ca0c539ae4cfe32bd

SHA1
292d5f4b184b3ff7178489c01249f37f5ca395a7

SHA256
3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9

SHA512
2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

Filesize
1KB

MD5
d807dbbb6ee3a78027dc7075e0b593ff

SHA1
27109cd41f6b1f2084c81b5d375ea811e51ac567

SHA256
0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7

SHA512
e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js

Filesize
838B

MD5
8c8b189422c448709ea6bd43ee898afb

SHA1
a4d6a99231d951f37d951bd8356d9d17664bf447

SHA256
567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff

SHA512
6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\5cNYI-KHtSpU1cTpIG4CXkdsXFg.br[1].js

Filesize
5KB

MD5
4bd9efcb4aafe3b855d455fd01d22463

SHA1
6be51274703da67c1becaa6d0196bc8c93050815

SHA256
851dba4ff4d8c05904831a927424bde15a8d037313ced005820f4b2222ee1d03

SHA512
56f563a5d16d3e55852140e5eb5006f610fc3c0e1e3567a8549ba16625e4dc1a30bd51c2bb4888ff83361921fcfd8f63f0b8b1b8cfe32933cb263e7b684e4b60

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

Filesize
3KB

MD5
fabb77c7ae3fd2271f5909155fb490e5

SHA1
cde0b1304b558b6de7503d559c92014644736f88

SHA256
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c

SHA512
cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\BDwYWcRQC1NNdqbnczZFTEPNiGk.br[1].js

Filesize
5KB

MD5
6aa31b2e1206b5fb4457b17f7d8ff677

SHA1
3f76b2807b77f286f044592b87d7cd2d5342e3a3

SHA256
220641c38e01902f0ed9fe147e7213236c6ffdb63794057602bff534c8f0e437

SHA512
36e852ac26c0a7a834c9a55a9871f12127e2fb6b14a6d15d67d187a610d1e1d485ccd60bc819e78698082db6055edee56ded3f56e3799c6551538718517d85b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

Filesize
2KB

MD5
17cdab99027114dbcbd9d573c5b7a8a9

SHA1
42d65caae34eba7a051342b24972665e61fa6ae2

SHA256
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de

SHA512
1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\MCwdqGFTwqu20jt3177s57V4wZk.br[1].js

Filesize
104B

MD5
41e1135d5d4aefe240c4dbd7b71f40dd

SHA1
cd1d7feee9a4202cf3a32172e8c5b081855f3061

SHA256
2e51a8c4ab5b014aeff1eeac9da5a0937f5ca7dcde7f089f88db05460f2c47ca

SHA512
8b43c0246a2a3447dd0fc818a67faf5c76d4bdbae52989c80da3004f032033cd2fd45e484727facea150125766a8c6b9b1094b855b9e1d23495e85d8ae1ce041

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\MggiPKJVRTZh6kI5PWTqdHZUasw.br[1].css

Filesize
50KB

MD5
b60ddc620a053d17781b481ba4025848

SHA1
13036e0ded47d3ed719439d9cf53e2cf8962fb5e

SHA256
6f81621bb9a27c68876ceebbb5ff9b8253a164239f7c9b8818b36970c53e78dc

SHA512
472a049cca27f7dc275ac58791f1937310107e7076678f34d17503cee607ec4572369cebf29d42a8ead4679b1f321e568f6156d14cb40d43a85d79715f285db2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\QGgDCAP4Fmzft4oE0wUK8k18tLI.br[1].js

Filesize
3KB

MD5
3c0e47e84a81f367dab175bd020ac9ee

SHA1
7e3f061ce0fbf6aa88bd4c49ae5f74e5e84fc2bf

SHA256
73c11b91b105e2ceac93645e1d90515326ab52ca600f881504e86fc845ea8587

SHA512
cc89bc0a79abb462149dc8cfe011f4ff7ea9e9adf4e9710fc246c171d509596f008deb7e668099160b02b3b2f010fe8a1997f7d51dfbf0cffbf2b5217deaaf2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\R14ozkkie30zM6FSjzwWFp8Ffzk.br[1].js

Filesize
21KB

MD5
30280c218d3caaf6b04ec8c6f906e190

SHA1
653d368efdd498caf65677e1d54f03dd18b026b5

SHA256
d313c6fff97701cc24db9d84c8b0643ca7a82a01c0868517e6e543779985c46e

SHA512
1f329898fa0e68f65095b813ca20351acfeaa5f74db886508fd4f1fa85811a8cc683c6fab9d9f094f596c8957219f8e29a6307ea0b2d470bdc809a4b9c9d34dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\XJ8OmILbNhm0zU9tdkuGYeXVPRQ.br[1].js

Filesize
391B

MD5
55ec2297c0cf262c5fa9332f97c1b77a

SHA1
92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23

SHA256
342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467

SHA512
d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\c1oaHnUIK4RsWhyq0vJTXo5FgJI.br[1].js

Filesize
6KB

MD5
46b51a2683cd619a530a0eabbf6873f1

SHA1
67a93b27b2116adf0b28e2c5ae231fd2724ed7a8

SHA256
9691bb3b3570f288f741c61574fd52071ffe29e1f72a148adeb7e0c4e4fb11fb

SHA512
60c6c153850d44ebf369ebfad1502ea19a8921a98c90b39029ac0c3e5cc2fdf179d74c02028e9fe3562031a2d43ac8325223dff2aea99529f72c12c4c07f6a0f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\detect-gpu.umd[1].js

Filesize
9KB

MD5
04097de36063721ce2a465141fefdf3a

SHA1
c9e87adb8472e2536da2563bfffea5a15d60de47

SHA256
98f0bbbbeefc45c94a7ad0d7a43837517e0d3b133daddc609fc074a173e1a4d6

SHA512
e1d3b4acedca74314d99ddbf4ffcc4f1a0cb30e0f30148688d35e5a885eb406a24fa4316af607c27c8393c615ee987d8038d0427eaeb87faa5e460a356993fdd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\jpTw59SbX2XJjw7loFjFsMElxfM.br[1].js

Filesize
8KB

MD5
c5f979ff1dd16458243ed474aa93426e

SHA1
398a5f6ef41640eb233c0392ba50207b11b3d2fa

SHA256
7113a9cc42df33608e7a46d6d2127d988a1c6b62a44109899eeda20576aa76fa

SHA512
07bbdf0b54bf3361c415fac0ebfac721c91bc54b5ea913409439fa44020c9a9cbc1bd63f940cb1a291f7c231e4bec51e54bede691b12b6e0045e0e49923b3fc2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\pYx84E5QxKsDa_GCjDkQj38YO0k.br[1].js

Filesize
4KB

MD5
487d9ac02e3cf57172045869ac3f97a2

SHA1
47c9870beb200a74d274fdf9e98aa2efcd54efbd

SHA256
a97799ff4c48323ad3314a13e6a20a69145d0f8257fdae6882551d6fb6610ea6

SHA512
f13633d84fe8133da9d1823ce418cf42717cbe79176c9c11f4a7dd66905ba1aef571b968bd29d7c7ca91d802b4b36aefdb0c5d715e480215754c5d164eac27cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\y9cMttd-SwSaYuiqhqk701fxHs0.br[1].js

Filesize
6KB

MD5
142a83c5800451a9731a262400de2419

SHA1
1e5f6598f7f6b43a6f4e1b2a900ce1676e0c024d

SHA256
7d49a33d66c98ab838f9a15d2ff49bbac72c1588d979644fc174116d0afcb852

SHA512
b1d7fa83b4bc787409c088f7cba58acaa031fe3239a7bc139b6d4839ad6c66156e44cdf6f545d7b6b9309b3ebbfa0b17d9f307884f679cb6d2ae11c6935eea2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\2pI-3yxS71qnL6vzhVIltDQouTg.br[1].js

Filesize
2KB

MD5
12ae5624bf6de63e7f1a62704a827d3f

SHA1
c35379fc87d455ab5f8aeed403f422a24bbad194

SHA256
1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543

SHA512
da5f5485e1e0feb2a9a9da0eaa342edaeeefaf12ce4dcd50d0143bf476356cb171bd62cb33c58e6d9d492d67f281982a99fef3bfd2ebb9e54cf9782f7b92c17b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\3US3nNU_RgsSNFm9Bzw6xgeuOHk.br[1].js

Filesize
1KB

MD5
d42baf2a964c88aaa1bb892e1b26d09c

SHA1
8ac849ca0c84500a824fcfd688b6f965b8accc4c

SHA256
e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c

SHA512
634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\4UY2jq3mEKk7NI4y4J9sHqyctKk[1].js

Filesize
1KB

MD5
9672a1df6f912de8c216915605eb242d

SHA1
e146368eade610a93b348e32e09f6c1eac9cb4a9

SHA256
89b5525e3432acfa36b46f3a88451fcf34c940fe38d8afcedd71e67b73713da0

SHA512
22d39c7937ab4d38569b6373cfc42135735356a5789ffceb8d585202f11fce72483eb21d1b28c392913e5a43b28dd0c335d239bc0e970a635c50d145bd3a8d7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js

Filesize
667B

MD5
2ab12bf4a9e00a1f96849ebb31e03d48

SHA1
7214619173c4ec069be1ff00dd61092fd2981af0

SHA256
f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac

SHA512
7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

Filesize
226B

MD5
a5363c37b617d36dfd6d25bfb89ca56b

SHA1
31682afce628850b8cb31faa8e9c4c5ec9ebb957

SHA256
8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f

SHA512
e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

Filesize
1KB

MD5
56afa9b2c4ead188d1dd95650816419b

SHA1
c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

SHA256
e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

SHA512
d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\HyF_h2_jxF_GhvjspJUeAw2WsFw.br[1].js

Filesize
162KB

MD5
dbb8ae8093b6d0c2faa4f86b9be79411

SHA1
3113230162a4b7a39b7a8181e71e9ab70420bcfe

SHA256
030d0f1d5207ba9b1746a9be5c3d41159dec829487ef0ef51dab0f4591ccef2d

SHA512
45cebe2b5f9713ea15d8d30f31fd4a8475905337611669f25cb29ba859d92f20c7e988e9bf8cde9f2b33448c42e9bd3ce85db173ee4ec09f0e1144c4d1ce8892

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\IPjqENt_x1c56fZCsFxov2V2J84.br[1].js

Filesize
226B

MD5
9a4dafa34f902b78a300ccc2ab2aebf2

SHA1
5ed0d7565b595330bae9463ab5b9e2cdbfdb03c4

SHA256
ba98a6ebc3a03098ca54973213e26f0bf9d1e7e335cdfc262346fb491c3cad69

SHA512
1a8b4fce1c0e585bfcf8f11e0192fb04a80dbde7035a9c8fc426cd6383d6902bd77222331372ea33aa50d92b7cc7965656b11f480085af70267b3fd8355ebfd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\IdUTPeerhJUBvXEe7f4gFEe3qoI.br[1].js

Filesize
9KB

MD5
f8867659eec16d15e723c56aeb7c34d5

SHA1
fbfb3436e5ba3b1653aa2216c717db403d9a0b8a

SHA256
c33b076ea6748367e9898c67afea2f0042988e544142d42bf324cbb62fd89d70

SHA512
808bb92c1ed4ce68711ffeb5836ce93cd4daa66d17c3ffa60cc317ae32dea841eb00e7b2b19fa3957ab7f1fd6c88f6cd5c45bf1c7ac67c30e5acac0acd8b851c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\IpXJDHKzfGJAg49_x5sRfvVvsvk.br[1].js

Filesize
14KB

MD5
6100d2a3324e8efd4da73ec7101f3000

SHA1
cb9987c5bba13d8fe33f0b420155aee4e8ced2d1

SHA256
75eb6620c2b15bbbdfda091dbaef7b9db040db70de388c30ec9df68bbc33ddac

SHA512
4db99f39035adbf3688ff934600817fd52dcd048b7a7fb2a5050d4376861f966ee11ca13f1744adeee3f3b1d620683853b64b36f6a88f28d65eaebe4b7346fdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\J8RV9vwjecQHPehTtsoViczbLyw.br[1].js

Filesize
33KB

MD5
4b3357605822cfdf0ae5e8ffc4664d7c

SHA1
b327bb4e9550f14c521bb6807daf7daaa63c1049

SHA256
d7ee367252ca67f1451c003039fe0c25ee286121260151398080cd5aeca6b318

SHA512
e0a789a322c2f11bf5dea3e58f1ced6a6e60f78bbd1d811939e246609fbcab4b2923b0925a165408fae2ffd89eb0f4740df47ca28a30b46c1fb7a0d5af8d1e1d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\WPedHfV8dQrn4qkif5azDZSqmn8.br[1].js

Filesize
1KB

MD5
f5dfb6428494da3c1f195528588587cb

SHA1
7575a1f3dc367b2332d837a46d1dd2748b225c38

SHA256
f45968b3999174976d6fbea229f627f0bda56fd84f8b1924c01da624bfea01e3

SHA512
bb677ee6f22dfe28ca9ebc94a6ea7b5bdfb95288ba246c85c135f083c3af765964dbe5f3a028dca6e8a6396e967f24c2734442432abf00e690f34bc8106dfe9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\WRGhsWGnkf3ko69VafMSpLBwgbk.br[1].css

Filesize
610B

MD5
f8a63d56887d438392803b9f90b4c119

SHA1
993bd8b5eb0db6170ea2b61b39f89fad9bfeb5b5

SHA256
ef156b16fdcf73f670e7d402d4e7980f6558609a39195729f7a144f2d7329bf3

SHA512
26770bb2ac11b8b0aef15a4027af60a9c337fe2c69d79fddaa41acfd13cac70096509b43dc733324932246c93475a701fd76a16675c8645e0ec91bd38d81c69d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\c4ruj6QGsmSnOG64gJJnnnYDa44.br[1].css

Filesize
824B

MD5
6d94f94bfb17721a8da8b53731eb0601

SHA1
ae540db8d146e17cfc3d09d46b31bd16b3308a6d

SHA256
21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd

SHA512
bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\ciI4DrhPUNmhXgxM4MW52bFXjfw.br[1].js

Filesize
5KB

MD5
ffdc7892743e65d4e1747d695ab8fa3a

SHA1
02c6c4d62ba6806b28f1c69462e55e631ae13970

SHA256
e7f80dfe7b61e64faef1f7408f32ed0194ae648931d406fa987ec50c7326eb2d

SHA512
d85141d067a79df5b680fcc0d2a49e913847fed449315c238f08b2b92847cc5549798428b4921483604898dd44a75a3595e08e14ae132c4ac72f72caf731422d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\css2[1].css

Filesize
384B

MD5
89714b1624d884b3a5d8843ad838fe62

SHA1
16a703cdb77a05531f5fef918856674e24a43d76

SHA256
e5ffbf9f0289c50b567db69b203a1cdd4f6b874cfb16088644d52ca89516dc9d

SHA512
4874251c36f234672c3c4b83b69ec8b323a511f8e8571ace634f62782ffee27cc506db5b404d40ac593bb68cf3d38b3ad09dc50501f04bc992ee9949049d56bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\e5E3S-lkItFHIqVf6KjzTWPZb6Y.br[1].js

Filesize
1KB

MD5
00bee03327af12e5db14aa0967daea24

SHA1
c8afb873b9fa284b539010ca72220db8aee40fd6

SHA256
c8f912cc21b8a576a62b9f03976f49a6b6f96f10fbd1042ec56af4da02d985ec

SHA512
494860cdefb1d070b4f390ecf9803fbdaa88a94bf91c84dbd9b95d4e86205c1ab7b28e24aa074ca13a86fd74194cabd25fc4a64e4dd8730707879dc351f1826c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

Filesize
824B

MD5
3ff8eecb7a6996c1056bbe9d4dde50b4

SHA1
fdc4d52301d187042d0a2f136ceef2c005dcbb8b

SHA256
01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163

SHA512
49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\lOdiOLdMP6z7-OaP9ml2rVQNmVY.br[1].js

Filesize
8KB

MD5
30a55d7f83b516eed7798c941175b038

SHA1
ad96cceae3ca67bf2ccf622523d2e7040c94655c

SHA256
1beb7792869fc6246ab2eb45411cdc2b9673f35413f37a281bc85b382605dc7f

SHA512
261506d60ea104a5e3ffd763768f935bf665b184770a3da6361192b6884d21cc8df4c04b56a712b5bb9d0b09ff5eb78b9316dc2f94264a617fd93625956f7a8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\lcj8996lLPHohM7LK16sWWtGSzE.br[1].js

Filesize
5KB

MD5
2937c6dcad55e5e4a67945f4f803c7cd

SHA1
27399487b23109021f178841013d476f92b057c6

SHA256
acb0819704ddc4062d6a3b565ba7fe999fef298778b4b56c284e8f1bebf3c9b7

SHA512
2c07163f841a09d2061af35c7183984475247ce50a9000b4b2b0b5240701a64b140eca99853238db08bb94e9b9368bdfffe9e83185eda1745fb02e6f81110d3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js

Filesize
1KB

MD5
16050baaf39976a33ac9f854d5efdb32

SHA1
94725020efa7d3ee8faed2b7dffc5a4106363b5e

SHA256
039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55

SHA512
cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

Filesize
1KB

MD5
cb027ba6eb6dd3f033c02183b9423995

SHA1
368e7121931587d29d988e1b8cb0fda785e5d18b

SHA256
04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f

SHA512
6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\th[3].png

Filesize
616B

MD5
63343141c64682bd3e0f711730475354

SHA1
a2a7298e8f58a74292885bae9a3f44c76c7aa945

SHA256
f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402

SHA512
17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\vDjLjnEkXEuH2C8u3tT0A004qwQ.br[1].css

Filesize
2KB

MD5
9baa6773c6549250a3393e62c56eb395

SHA1
5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d

SHA256
dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2

SHA512
cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\wNhUjm3kl_kvyfrio44J6j1zdYo.br[1].js

Filesize
544B

MD5
2ac240e28f5c156e62cf65486fc9ca2a

SHA1
1f143a24d7bc4a1a3d9f91f49f2e1ba2b1c3d487

SHA256
4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3

SHA512
cb90cf76cd9dc16829a3ff12be5274bd26a94097ad036f199151f1c88534a15bbb8f8dafdd699e51df5c38e73c925c00728f807b20c0b097a5842963525baf4b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SC0OLMYO\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SC0OLMYO\dotnet.microsoft[1].xml

Filesize
84B

MD5
6056b5baf97f138e4ce2e8609acb1f3f

SHA1
ee9c7067b6685a173414c274007981605aa6781d

SHA256
12ab02b9625ecad12999871aea49c45e3dfa39cdecc176fa3dbf4d5e1e4428c9

SHA512
54687b39d4e058ecc71927c0a5735b6ecf04953be639139e68f32ff4580480344a7766ce6c6a1d827ce6dee772d6d4cbe01098cfa2ac53950195f1e092c33793

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\WO6BB11Z\www.galaxyswapperv2[1].xml

Filesize
301B

MD5
99d9c3a79e7e1d90e4f88bab3f17511d

SHA1
cf180763148aab363c6a020df8e9efd6427c0f42

SHA256
3cb4adaa51bf5ee089ee3358e8eac6c0b1f5741f2bc0d97cf5d28639731c0d93

SHA512
9827f56990b50597032899f280f4e25cc27a4bc772096a09b9eb9f896ef42234c885f1085cc30d1b4badca68a89a520bd7a595ba0924acdcee5a0fbfb12ef360

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\WO6BB11Z\www.galaxyswapperv2[1].xml

Filesize
436B

MD5
d63b87b92f6d3708e2cf711a95149689

SHA1
01c7a546a063771d12e245e5466ab1bb3f497187

SHA256
b26138fe528913755aef113c32985788e04c0ed7308f66c2a309c9459e2406bf

SHA512
c208f8f1bf514273dab17c4146c14fcf6860e07449a59d5ebd4ecd553fd42fcedb947ffee4396cf7e7664a728173a5785fea543a677d3763e0ee28111709aa1c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\0W4QIQQA.cookie

Filesize
439B

MD5
fa1108472b954dec5f2e110046463fd6

SHA1
c38fdd07d60ad6abdb9de27def471c4917c30874

SHA256
14313fd5e24dfa4dba7dc206ad82303aaf379601df9acf4c46325de02388dfa4

SHA512
79d2dec9915719637391f9eeba218c9b869198dc0e5461794bec8ddb48e54987c956f663829f8c53532cbd0a84f86bfaf9e3109a69f327746ccaed629d476289

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EDUAX9CL\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EDUAX9CL\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M2M1LSR8\img-2[1].png

Filesize
19KB

MD5
962629890da06ebc219ff259943ed681

SHA1
e2948c0ff3c5bac522f722858add140846a40e28

SHA256
5d95ffa8c4176e5fa20958b1b0065ce30fa27a28706c734c48a25537b65c696e

SHA512
4e0dab47e6a64b392c022dce293c9e5880e298056f4dbb25ad7d3677a5a891b343fe1b2e4b0051c0060c0f0fbbabffab2c2fcdb0671aa0765ae1399f191ebe62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M2M1LSR8\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF23F7844B806E21DB.TMP

Filesize
16KB

MD5
e4d5e64f0aeafd55dd966cbbdcf8ac4c

SHA1
2699f8bd82f89da5d3993c7ebeb748b3f1a077f6

SHA256
1709869dd9520c5cdf76ebce631e383c19fada76d6a8b076f2b813935e9b2a7d

SHA512
368e19fe9eedde217399c05f7a3609fc51519121cb7cae3373fabbe7794a640664cc622ffaf83dca3d3b52a142b8965e51873f2dc5bdb03bcdc1868d4c228529

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe.bqmi8ah.partial

Filesize
55.2MB

MD5
345b022ca4e2613460f7fb34e3b7e715

SHA1
14db196641d7cd5b55bd9caf2838dbab101c724f

SHA256
d898282af968cef765f7c9551fbf8877cebcb61d1e00b946162835bb220ff70c

SHA512
cbdd6fbdc4a2cf1810f59d247bee4843c91c244bff896b9b4de299edf1544d6ab55125c7f13c0e006fe3cf518141748ec827d5539a1f47ade852a62b5cd050df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\s[1].htm

Filesize
13KB

MD5
cfb17ddabd010ff73d25b5f83cb9c059

SHA1
239c7778d106087648835179e92c62dbffb7406c

SHA256
892686bafce39b353327258e738df41edf4cd63b2b602c8fb60450dc1c298e74

SHA512
74026423a5162c8c4f0e44eb0f95c218a68afbf22cf2a709e862d7d0cda5d06b2e1628b093fe5587d3c3c3d5563c7ed74da9574a7a9f250d1001a93e633f1729

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\s[1].htm

Filesize
21KB

MD5
119a2c6b5eefb7a501204d3578a651e3

SHA1
1b6a322318d55930ebfe2b9c20353cd034649636

SHA256
2b426ca78470bff00f770e964d7dffb30cf1e7b51ac03772ca11b3a5b6069694

SHA512
2de55545ef11f9e2407fc1a7fed163477f7336ab199e2074453a6287cca3c1d5808eaa90462e62d03f76d61d268c6de4e24e35c82c21bfe89c9fcd2baa925548

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\windowsdesktop-runtime-7.0.18-win-x64[1].exe

Filesize
96KB

MD5
a4aeedc365a5b7fec597a7af72732b4a

SHA1
1d4461cc4a147f6212f2e55bac95769ae9080878

SHA256
2e7914903dd00feff0da93f134e5519513c066016906c25b56ca738f51efe719

SHA512
a55af20e8cf474dfd90242864a8ab1279f8bb54064a6c6b9851fa2d0fd82ed3c1385971d857f4c76285ac780d4ff6c0586467be0090fab9f50dd82d8b6aa01b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f6eba5b4da2a6729ce49739376f04e87

SHA1
564f12037877a6b7cf73c4b130882f27375d6e2c

SHA256
b5d2109699d2e485bf989aa7595ab2877b6d59fa781364b9b2a6b64652a3a2e1

SHA512
a9327f2592d15eae2703bfe202c3c85d3353aeef6a0863571e9a15b7d73854bd8ee83c2e6e0f190d40ee3b471c43f98068f6f4bda2283b8d33b62e7cb29ec9a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5C77EC0FCAF0A83EAAF0F4351F61FA27

Filesize
472B

MD5
6200e8529448b08a6fb8243d32dbeecf

SHA1
28b288135fb9aa7dcc17e253c5053a92b784d65f

SHA256
1ff2f86c168de1e803eafea43f7ff601b14a47756581f664f8ca0ebf819782ef

SHA512
edc5e55bc7b6720a532faf3dadb7f383272d4c1e0cab4a43446275508beddf3815abcfda7ee45bd5f78051e8ae4e1dec96e4d3ab11e57117ea5cad4b3a623e35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
9823bdcedf1e48ea2598b1346c5235fd

SHA1
07b99e591bc2f43e1e5191898f47bee6adf78e00

SHA256
3072071a9e2ea3b9b1d863d3b91deb12d1dc2e420227d298810ea0e6e10bc0f7

SHA512
b43d097d866ca72d69cbe0f843dfb6aeeea7a4cb1f1223927d2341f9e1a2ce7e03fd22b7f649e2534e7663b825bd4a53fdb3a1851e0e212dc9f43c5166931bf6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8

Filesize
471B

MD5
5ebc073a67a03f9df24b7e4fe24d98a0

SHA1
b26f23a3b0c794a59febad444f479d4a80345387

SHA256
2f43123249e00c564b4b4585a0537c7d16a85475c8f5bb1af035490c86f08ba2

SHA512
3df82b5204bfbcb08d319dcae88e3db921edc5761bc738410f659a4adc88d2e01955bb6000cb48c71c58f8b33500ee66c8aa21c2b335a7fbdbeaccb7b33adec3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
312B

MD5
1c83e4cd5207f3b0cca54027e23fda4e

SHA1
669546dea73c32bc7e07f99c93803b64cdf007c7

SHA256
b87319bd59f5b3ee411fdcfea59cf879f4a34311ad56de7e80970e826dcb31c5

SHA512
e72bb44555d9932f3333ad0923c92fc92d7c9c59b35680f06f36d11ec3c11088ac0e65c51a9dc3d907f8467cbb7c42471513b43bc360616fa4fd58b59670a5c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1c7a0c71a77c4f2ac750ab2ba3f76282

SHA1
cd43d0795ff018c7b70a3d7b4bda3eea7194de76

SHA256
ff114d252af5a29bc1a923d2ec9e40b575388de8d7301988a51e800d87cb63a0

SHA512
0a394c33dba5701fe65459f1a5c366df6185590b9b2357936aea18df76101b1eacd9ec5a61e6cb437c7daf4b66ad2ec019a816cb87e4dfa45b8e42907bb2129e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5C77EC0FCAF0A83EAAF0F4351F61FA27

Filesize
402B

MD5
886f27b87036d7b85abceefc2b1f3e85

SHA1
119549908f815ffb6e1267a226069522fe6e3257

SHA256
5ddc02b9f1fa4b8d99339bcfe55c545467531ab2dd73486f7be3772322c3df3a

SHA512
27b4f1d9544b28639a7e911b6ccedba06bbc26176585e5e9292877246def28b66e4008b0c6eed63257e0b105f59fc7d44b8e701cd3590cb7fc314ff7af2fd557

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
4cb690dd9fb2d84f17eaead7c3c7fc22

SHA1
8691101dbd21eb2eef534f19319a2f6ab1a51c09

SHA256
d16c48eeaf32d33f518a6e92a40d7135baa542441307d8ca031c5780aa084d34

SHA512
75cf560e2761da04a8b7bc8e263e986672c8807ad4478d67614bb19687564a8a28c2e8ce4c852a957207f2452b5245c5a561ed63ab399b60dd689d026d40872d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8

Filesize
422B

MD5
2c2bc72702ff2961e6fb5a90107d0e87

SHA1
5deb1876dcf6e59bfba855fe9f95c46594a39aa2

SHA256
2889c8fbb0d817a2466e5c9cbf6686a6933a2506dca01aaa6225adf3a5428d7b

SHA512
9b04d799e7f4be60174481bc3850e883c551f29be4ed2a8a6b0ec914b39d68ed9b1e3f5f58c5b54c7c4b4e1a5e3512956a80634bbe58e32e9a2307624ed12e38

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
a41ab28de40d9db5a2237f8bbdda8646

SHA1
e8714df6eeec3c658b7018082efce9934921a662

SHA256
8926b7996300aa24e158d476e74a73c144ec21d8915d2039db1099c5e84476bd

SHA512
38cf204a5b1b9a7d96708c5848f15b90454553888d595e27d1a155bd637ed2bb4bc6f5f8736b43826dd955aed6289e0197d2f4882840144332b064bf15ece2a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
6b1660debe8c20acc5e4d0340c1771c5

SHA1
3cc7bc959f44dfc53a9746b1075456e1b0965fdf

SHA256
976257a6eff841746eb907e6e0b7b247f2eaccfcaeb3ddb71cff3634dd048520

SHA512
00cefc75d68b251689cac2967e7a39bf755498770929e05b4b25735dd540ed5853577154bc0cdc03c2dd0c34605c0efe0a20dc14608e85e23c5fb5276ad7e6ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
095c52a063f57b1e1f35d93575400439

SHA1
1d1d59c519ceae88af0b038f4d98a52acd5e8338

SHA256
ffa488797d5c84422b07c8b61b18667fb65d5aa213fb50d3806253119e111a3b

SHA512
3dc289070025e03bab12e50f1469dfcdff3073559f4eb65b74768c4326d6b563f4387b994fcb60198de6f86fe5f676bfaf5f7ea939ea088cda9841ed2b87211d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.18_(x64)_20240428184215_000_dotnet_runtime_7.0.18_win_x64.msi.log

Filesize
2KB

MD5
8f1ff973c47ee4a5e393459b58146824

SHA1
5b11240457b1d7484da584347580665ac8e42aa4

SHA256
2f9bcd3227c1160a6934832b726048b78938bb783b664ed357d633964daa7f54

SHA512
96ebc385fdcd48f9bb718b9d2a804db643c4bc86f29b55ecf80f0e0ada7e6cf84b8f90e4ce83a1284630ca0bb39a2f5f21ff29e6ff5958195be1c7adeff10ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.18_(x64)_20240428184215_001_dotnet_hostfxr_7.0.18_win_x64.msi.log

Filesize
2KB

MD5
1605bad4cfaa3a94fc1c969cb6090088

SHA1
b25a9986123a47a91629dd99cb6e8fb5eecc83e3

SHA256
1914ae79d4b9a176f88aacd382090328f0c689b21c0a4a244099f9a902eb3a5e

SHA512
b70d427957cc27cf41bb5af71257f73135dc396b0ac6c19d99978805a429d4db8b7cce320eab6090dca9fe5c5479c1def83f485d02cf19b58185a89d61fd9898

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.18_(x64)_20240428184215_002_dotnet_host_7.0.18_win_x64.msi.log

Filesize
2KB

MD5
1af95f0c7760633698665ebd124180b2

SHA1
87d14d499bf6a7972c8fe7bc36cba82ccd0450a3

SHA256
a855624d873499f8d6a4b3b08d3f222b790c4d250d7e93f09c326f01027cfb3f

SHA512
6bc2ec994b9ac3cca18f2dd0a9c51d2f1b9fd19bef82b7fca41d37803e5ef52917538b200ea1e14430ed4891dbf2d72844be4f45b348eb31f26868c745d45ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.18_(x64)_20240428184215_003_windowsdesktop_runtime_7.0.18_win_x64.msi.log

Filesize
2KB

MD5
dfea739c4e8348c417bd05327e9d7e74

SHA1
58676455109fee5113ee79cec5e95bf0b2a6ead1

SHA256
34195d7c495233fbbc762f6c72def34ea9d0ea3f3e8f37e308fe57eb40b820e4

SHA512
cd795b2d07d91125e3e9a0c6045f4011c8a85b9781722344ccb4d1aee953a5a9308b970424c12a3e9b004625c0cb490d50160752afea84e57d3487d0db541a42

Download Submit
C:\Windows\Installer\MSI3004.tmp

Filesize
244KB

MD5
c0777f5c9995b8c0b08ed33cee7e1008

SHA1
12f08bb8febedb3f16b22bf94bc47c5c3910a477

SHA256
cf531f10cb410f4825bab4fd4b15df8e02cb9a18505a3a3b05c4c2f4ccaf90d3

SHA512
a3478bc42730169abcb7635f1f73bc8b1a639fe2094c7e3866d8321b6efdf0740f8867dccdd5fb1b12f73b8e89a51758280ab9c3d184d36a7b86f3f91ac9dc0a

Download Submit
C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\dotnet_host_7.0.18_win_x64.msi

Filesize
796KB

MD5
62801b5a72c3f39eb36689c9555ca475

SHA1
0528ba1fe93b31f03334da2feaeaddbb910472d1

SHA256
1b17e0a5c89a9cd8368da78b5bc7175fd8479a4555278a7eae7f5157b15a9761

SHA512
98b9a07c2d7e3b082641b81cb07fe479df77546ca7790e77f3154dff72d2a31c3488bae6fc5726e10d8cbe3e7a93937ebec15b587694fe96b86cbc61feda2739

Download Submit
C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\dotnet_hostfxr_7.0.18_win_x64.msi

Filesize
856KB

MD5
6743e1a34af2252177f734579924aae8

SHA1
1fc41a87f2856f9d7baa4b530f794263c04c0174

SHA256
e39e496398ebb08b7ccd51d6e785549db9ecddaba35fc620998f0dc10c38493a

SHA512
51409d3001dd6f1321e57cc26c73b4d01e176b418847261ba4a9f305ea236a64ab4ba38014efa2374843e231fc59582a0d13ad69598e9061e1063d548ef640e6

Download Submit
C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\dotnet_runtime_7.0.18_win_x64.msi

Filesize
26.0MB

MD5
bcff68aab793ccaef1f80452d502b33a

SHA1
ae5306eb483ada5793711b3ea6cccb31f3afbffc

SHA256
891f48ddd30f92f01b7f45a6f5832525d65cbdcb21e55ff7b964d5aca93efcb5

SHA512
77d096716a580356e924c6f18c0838340a0242282a03d5dce00037cb3a9c22afe6236260adad0f3f3cf2b1dddf7d5d75b63258ffefed5b2eded601607396ff42

Download Submit
C:\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\windowsdesktop_runtime_7.0.18_win_x64.msi

Filesize
28.6MB

MD5
0e8b1352ef049507ff80d4a96b69769c

SHA1
5dc6a397f187205c8b28427b03eafbd0038e2584

SHA256
15609660284b2ee867ab6ccb75d0a446820ee23e962fa56174c5904d1e2b18a5

SHA512
ccc9abb7fb611688168bb381c2ea98aad6c83eea17fd87d1010080f7afb823c04e8af79be04e3d3f9d707450ea32deb6c1cd851ee116d13e88aa18ac27db9c73

Download Submit
C:\Windows\Temp\{FB25E95E-EBF3-426F-9D8A-F61B8994811D}\.cr\windowsdesktop-runtime-7.0.18-win-x64.exe

Filesize
635KB

MD5
873e39e876a0eb8a33eb28479ad956d3

SHA1
9ca0edb08b65717b82f7bc8a90c58032bb51683a

SHA256
a1017dafb5a0b6c6c1b2e1c0f79e0a2cb44493a82e490e4cb08f9362eab41a2c

SHA512
f193c7dc5ef3c99d4298294a366dbca8f6c1f667a661adf9f293b286b75a7123f7dbaafe96e324da1b908c9204d462c6e7c8bfc4e41c67dfd2618c55b83c33e8

Download Submit
\Windows\Temp\{2BCCC3BF-1445-4E64-A6B4-A62D650E626F}\.ba\wixstdba.dll

Filesize
215KB

MD5
aa531c5359ebfb8204c12e774c7ef280

SHA1
1a35e2a5d9d9c51ff59279fa3415ad0346573438

SHA256
44b362b78639baccd5c83f0b224a206730b1276fab849c77fd1fb17db2f07014

SHA512
49e13931d6575655ddbc1da4e09484dfee9c0308c5d071470b1d903ac37819730c6b7c7fe452f4425aa3c5bb18b1c0b16f189618517f81c378cce75e52b46722

Download Submit
memory/764-414-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-412-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-278-0x00000197F7DE0000-0x00000197F7E00000-memory.dmp

Filesize
128KB

Download
memory/764-313-0x00000197F2AE0000-0x00000197F2AE2000-memory.dmp

Filesize
8KB

Download
memory/764-322-0x00000197F7B80000-0x00000197F7B82000-memory.dmp

Filesize
8KB

Download
memory/764-245-0x00000197F9000000-0x00000197F9100000-memory.dmp

Filesize
1024KB

Download
memory/764-320-0x00000197F7B70000-0x00000197F7B72000-memory.dmp

Filesize
8KB

Download
memory/764-183-0x00000197F28E0000-0x00000197F28E2000-memory.dmp

Filesize
8KB

Download
memory/764-150-0x00000197F7730000-0x00000197F7732000-memory.dmp

Filesize
8KB

Download
memory/764-148-0x00000197F7710000-0x00000197F7712000-memory.dmp

Filesize
8KB

Download
memory/764-146-0x00000197F7700000-0x00000197F7702000-memory.dmp

Filesize
8KB

Download
memory/764-144-0x00000197F75E0000-0x00000197F75E2000-memory.dmp

Filesize
8KB

Download
memory/764-142-0x00000197F72F0000-0x00000197F72F2000-memory.dmp

Filesize
8KB

Download
memory/764-140-0x00000197F72D0000-0x00000197F72D2000-memory.dmp

Filesize
8KB

Download
memory/764-358-0x00000197F83C0000-0x00000197F83E0000-memory.dmp

Filesize
128KB

Download
memory/764-75-0x00000197F2380000-0x00000197F2382000-memory.dmp

Filesize
8KB

Download
memory/764-80-0x00000197F2470000-0x00000197F2472000-memory.dmp

Filesize
8KB

Download
memory/764-393-0x00000197F2460000-0x00000197F2462000-memory.dmp

Filesize
8KB

Download
memory/764-407-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-409-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-410-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-411-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-277-0x00000197F7DE0000-0x00000197F7E00000-memory.dmp

Filesize
128KB

Download
memory/764-415-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-416-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-418-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-417-0x00000197F2390000-0x00000197F23A0000-memory.dmp

Filesize
64KB

Download
memory/764-78-0x00000197F23B0000-0x00000197F23B2000-memory.dmp

Filesize
8KB

Download
memory/2004-16-0x00000232D7A20000-0x00000232D7A30000-memory.dmp

Filesize
64KB

Download
memory/2004-388-0x00000232DE780000-0x00000232DE8B8000-memory.dmp

Filesize
1.2MB

Download
memory/2004-35-0x00000232D4D80000-0x00000232D4D82000-memory.dmp

Filesize
8KB

Download
memory/2004-0-0x00000232D7920000-0x00000232D7930000-memory.dmp

Filesize
64KB

Download