hxxps://www[.]ikarussecurity[.]com/en/private-customers/download-test-viruses-for-free/

Analysis

max time kernel
321s
max time network
317s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14/07/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ikarussecurity.com/en/private-customers/download-test-viruses-for-free/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000e574a8e01514e97b9fb2fcb12e6331213dad74e419bb76587acdbcb156e2f579cdbf58895ed37536a194fd22ec31c985ecd489248dac162e10b8	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "649"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9b5b734124d6da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d6f4126c24d6da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "14407"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	notepad.exe

Suspicious behavior: MapViewOfSection 12 IoCs

pid	Process
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1284	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1284	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1284	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1284	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4444	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4444	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	224	MicrosoftEdge.exe
Token: SeDebugPrivilege	224	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
224	MicrosoftEdge.exe
4144	MicrosoftEdgeCP.exe
1284	MicrosoftEdgeCP.exe
4144	MicrosoftEdgeCP.exe
212	MicrosoftEdgeCP.exe
212	MicrosoftEdgeCP.exe
4684	notepad.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3756	4144	MicrosoftEdgeCP.exe	76
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79
PID 4144 wrote to memory of 3840	4144	MicrosoftEdgeCP.exe	79

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.ikarussecurity.com/en/private-customers/download-test-viruses-for-free/"
1⤵
PID:1452

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:224

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1776

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4144

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3756

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3840

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:212

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\0aAptBQXnUUuRNzELv9VJq7s7Ec.br[1].js

Filesize
33KB

MD5
2ac64bafee103f5b7c498dd0aacbe630

SHA1
ae11a7571b37eec90f4054342bfe7758c65f5b2e

SHA256
69e9e2f395e447052f352953d983f2b40655a28315a11d97f06b4f55e3588570

SHA512
3aa783e483319c9f71e434a1212befa5a1f25e74f70fee8eece4a0d476193c4e80643ebc8b51917fba3301acc7a780ad8940b08c181bc601257df2f90ceb44e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\1rUTIFRcUHTZUBaDs_0q8KvUlR0.br[1].js

Filesize
8KB

MD5
c63e610f6bfb2687ee044cee7d3e16c7

SHA1
b78022432ac754cc41335341a8e07f2676bad789

SHA256
c150d5e192ece8d69ba8029d87ecbc66674013b8418264cc86f0abcb0da0a38b

SHA512
11029009d8d0885d16a4b546816cc0f22f51ffd035fdd87d58eaf432017947460a1a78a543c0eb3875af49342a240ea606aced23654bc190ba6a4b7101e13a3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\3US3nNU_RgsSNFm9Bzw6xgeuOHk.br[1].js

Filesize
1KB

MD5
d42baf2a964c88aaa1bb892e1b26d09c

SHA1
8ac849ca0c84500a824fcfd688b6f965b8accc4c

SHA256
e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c

SHA512
634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\8Hi2PfQw5eooQrwqITfZZ5pyvNo.br[1].js

Filesize
7KB

MD5
e51b7eb6cb390c2123c4fb6beff38fe0

SHA1
e30f700b250bb6c43c07ff2a654b7c5a464c6d5c

SHA256
3350bf7fb98eecb656369997de56fb9f8a8c97c28780cae0e64b70e5e7575604

SHA512
c03f314a5d882bd94843bf9f651bb6d9150f6580a78ab14d470ae7c2be54c9ab3e68196d889b27ec590ff87ab0151cae7655d80e1efdb1c4a43d9d2afaeef3ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

Filesize
1KB

MD5
a969230a51dba5ab5adf5877bcc28cfa

SHA1
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265

SHA256
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f

SHA512
f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\IPjqENt_x1c56fZCsFxov2V2J84.br[1].js

Filesize
226B

MD5
9a4dafa34f902b78a300ccc2ab2aebf2

SHA1
5ed0d7565b595330bae9463ab5b9e2cdbfdb03c4

SHA256
ba98a6ebc3a03098ca54973213e26f0bf9d1e7e335cdfc262346fb491c3cad69

SHA512
1a8b4fce1c0e585bfcf8f11e0192fb04a80dbde7035a9c8fc426cd6383d6902bd77222331372ea33aa50d92b7cc7965656b11f480085af70267b3fd8355ebfd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

Filesize
242B

MD5
6c2c6db3832d53062d303cdff5e2bd30

SHA1
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d

SHA256
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70

SHA512
bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\YAB1ZaPmwRYWaHea-ak9hOrHvKg.br[1].js

Filesize
183KB

MD5
aec7f05e04f72de5910e9619dfcddcd7

SHA1
476a7565f37457afbba5fa078ef3fc84b6d720be

SHA256
b6dc0df3f742d35c0c1181300817f1b8dccfe29a5609a72f63f7ada0aea84d2d

SHA512
af4e195a7e9e1f2bf74920a1aca233992ed4cb6740c828b388593ce3fd137373ae1366b1678d984386d435deb2ac1cfdb5f3695e8ac06feb770d1b957e8af368

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\g2mFaePdYzQOubI8JEItbebrED8.gz[1].css

Filesize
824B

MD5
6d94f94bfb17721a8da8b53731eb0601

SHA1
ae540db8d146e17cfc3d09d46b31bd16b3308a6d

SHA256
21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd

SHA512
bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\lVV08F1da0WpM29E8OkhXe0yr9o.br[1].js

Filesize
19KB

MD5
02f23d233e9c3ff79a227592a1ef39ed

SHA1
f4160ad9edeea3009d57373a83b6395409c67844

SHA256
10d583a958ddf9850d7a9d2d85fa2da4cf468e3d5b5f8ab82e3e47ee03366048

SHA512
64ec3227bedb820ae760226bc2b24325dc3eedafcdded9a813bfd2137b22337870164bd1fe6ba415f8c64d64fb14e651b027daa0fdc23ab514e549f222ef22bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

Filesize
1KB

MD5
f4da106e481b3e221792289864c2d02a

SHA1
d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994

SHA256
47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9

SHA512
66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\tPLNa5UcMaQEzzg0acZfPM45N6I.gz[1].css

Filesize
2KB

MD5
9baa6773c6549250a3393e62c56eb395

SHA1
5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d

SHA256
dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2

SHA512
cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

Filesize
3KB

MD5
fabb77c7ae3fd2271f5909155fb490e5

SHA1
cde0b1304b558b6de7503d559c92014644736f88

SHA256
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c

SHA512
cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

Filesize
2KB

MD5
17cdab99027114dbcbd9d573c5b7a8a9

SHA1
42d65caae34eba7a051342b24972665e61fa6ae2

SHA256
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de

SHA512
1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

Filesize
891B

MD5
02b0b245d09dc56bbe4f1a9f1425ac35

SHA1
868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673

SHA256
62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6

SHA512
cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

Filesize
888B

MD5
f1cf1909716ce3da53172898bb780024

SHA1
d8d34904e511b1c9aae1565ba10ccd045c940333

SHA256
9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01

SHA512
8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\VbSztIaSY8XAi9dm3h6m51N3zH8.gz[1].css

Filesize
610B

MD5
f8a63d56887d438392803b9f90b4c119

SHA1
993bd8b5eb0db6170ea2b61b39f89fad9bfeb5b5

SHA256
ef156b16fdcf73f670e7d402d4e7980f6558609a39195729f7a144f2d7329bf3

SHA512
26770bb2ac11b8b0aef15a4027af60a9c337fe2c69d79fddaa41acfd13cac70096509b43dc733324932246c93475a701fd76a16675c8645e0ec91bd38d81c69d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\_ykiGO1K5rjAQeICdJheT3jfLeY.gz[1].css

Filesize
589B

MD5
7a903a859615d137e561051c006435c2

SHA1
7c2cbeb8b0e83e80954b14360b4c6e425550bc54

SHA256
281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666

SHA512
aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\mW1ZgH2VSjzsDi62IUPF3BaLL2s.gz[1].js

Filesize
9KB

MD5
b6f48aebf11d0e4a6afbbd8d9ffe254c

SHA1
6c35c2ca1487540e0072bcecedab58d1415e764f

SHA256
78ef52aa349eaa269d9216b55df476cb41e8746434763dcb09c720012b11ef1d

SHA512
66f9627fdc47d03f344530383dd19c15c33f0722180785fc266b29fc8981d91ea0b9b61d421a7c29949977349827c12a32398c3c1115a20eca0e5a81910a8184

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

Filesize
1KB

MD5
8898a2f705976d9be01f35a493f9a98f

SHA1
bc69bec33a98575d55fefae8883c8bb636061007

SHA256
5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108

SHA512
c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

Filesize
883B

MD5
fd88c51edb7fcfe4f8d0aa2763cebe4a

SHA1
18891af14c4c483baa6cb35c985c6debab2d9c8a

SHA256
51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699

SHA512
ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

Filesize
576B

MD5
f5712e664873fde8ee9044f693cd2db7

SHA1
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4

SHA256
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2

SHA512
ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js

Filesize
622B

MD5
3104955279e1bbbdb4ae5a0e077c5a74

SHA1
ba10a722fff1877c3379dee7b5f028d467ffd6cf

SHA256
a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1

SHA512
6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

Filesize
2KB

MD5
fb797698ef041dd693aee90fb9c13c7e

SHA1
394194f8dd058927314d41e065961b476084f724

SHA256
795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da

SHA512
e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

Filesize
606B

MD5
0c2672dc05a52fbfb8e3bc70271619c2

SHA1
9ede9ad59479db4badb0ba19992620c3174e3e02

SHA256
54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39

SHA512
dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

Filesize
1KB

MD5
45345f7e8380393ca0c539ae4cfe32bd

SHA1
292d5f4b184b3ff7178489c01249f37f5ca395a7

SHA256
3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9

SHA512
2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\2IeqNnpxuobNf8w1fP2Oy2HEFfk.gz[1].js

Filesize
358B

MD5
22bbef96386de58676450eea893229ba

SHA1
dd79dcd726dc1f674bfdd6cca1774b41894ee834

SHA256
a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214

SHA512
587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

Filesize
371B

MD5
b743465bb18a1be636f4cbbbbd2c8080

SHA1
7327bb36105925bd51b62f0297afd0f579a0203d

SHA256
fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235

SHA512
5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

Filesize
1KB

MD5
2ef3074238b080b648e9a10429d67405

SHA1
15d57873ff98195c57e34fc778accc41c21172e7

SHA256
e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da

SHA512
c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

Filesize
226B

MD5
a5363c37b617d36dfd6d25bfb89ca56b

SHA1
31682afce628850b8cb31faa8e9c4c5ec9ebb957

SHA256
8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f

SHA512
e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

Filesize
1KB

MD5
56afa9b2c4ead188d1dd95650816419b

SHA1
c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

SHA256
e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

SHA512
d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

Filesize
511B

MD5
d6741608ba48e400a406aca7f3464765

SHA1
8961ca85ad82bb701436ffc64642833cfbaff303

SHA256
b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c

SHA512
e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\CcMXS8Oo0OUnUE0LzYK9AFJ6la8.br[1].js

Filesize
1KB

MD5
0c0ad3fd8c0f48386b239455d60f772e

SHA1
f76ec2cf6388dd2f61adb5dab8301f20451846fa

SHA256
db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7

SHA512
e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

Filesize
924B

MD5
47442e8d5838baaa640a856f98e40dc6

SHA1
54c60cad77926723975b92d09fe79d7beff58d99

SHA256
15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e

SHA512
87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

Filesize
824B

MD5
3ff8eecb7a6996c1056bbe9d4dde50b4

SHA1
fdc4d52301d187042d0a2f136ceef2c005dcbb8b

SHA256
01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163

SHA512
49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

Filesize
1KB

MD5
cb027ba6eb6dd3f033c02183b9423995

SHA1
368e7121931587d29d988e1b8cb0fda785e5d18b

SHA256
04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f

SHA512
6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

Filesize
1KB

MD5
d807dbbb6ee3a78027dc7075e0b593ff

SHA1
27109cd41f6b1f2084c81b5d375ea811e51ac567

SHA256
0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7

SHA512
e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8L81Y5DZ\favicon[1].ico

Filesize
1KB

MD5
b974bcb54676ba60e848acfffb4e8ce2

SHA1
7819fba5024ad5e37acb9f2d90594cb3edb6a1aa

SHA256
aa18baf02ab1346d691e0d4df7e4ae76197d464fa912fcc4bef42547f6d1f70c

SHA512
b2ef832daf0f6977659f6e539b801cbdd6d5486d4bc54b00cc990ce685fcf44d5d9c019dc743cdbc1c347360b0c614d27b0a77279012b5d2c79bd65bfe2ade53

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QP6ZO89V\favicon-trans-bg-blue-mg-32[1].ico

Filesize
4KB

MD5
541125626974b62082f9471fd2e536a8

SHA1
e09e29bb3bd83a90241953afd06f807a5ea79cd2

SHA256
52e6402b00587feaedfa3507edcfc981417bb1c1888102b44f1405eba6e506ed

SHA512
292651eb847c55394aaf0500e9cee6db49bbe2c35ec0a6043b4b363efaf06ec858587ef98724ae5a53e1ed43e91485a98d944b7471b0147d45bfb20378147bd8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QP6ZO89V\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YP09M5HB\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF656AF9DF0293E5CA.TMP

Filesize
92KB

MD5
76af3de7fc24aaf21173b252989440f0

SHA1
c3117fba73d040a0f0f9b61ae573d0f5fad2c4b6

SHA256
7081ff9683e0e106ad738f8fd1aa9e318a5edc150ef717f5ba0bcfd139ebcb53

SHA512
6e1337809dcd74d8752274045435dd0dd5ec420802df04b0a419284a2ae74ca44af5a9a62f47aecc3e3cb9955b88f22f9bde362e62fdc1fedf0d97504008f62e

Download Submit
C:\Users\Admin\Desktop\BlockDeny.vdx

Filesize
762KB

MD5
5c035976bc44d7d5b8f5bc2f1a009438

SHA1
44c04819e6eb834e7b695723ade35a34fcb86151

SHA256
847bc3cc0629e1f6adb8f746ac46e0b66865973aefc955cdb9739ccbedb9599b

SHA512
94c835cdc5b3332ab2444129c5c99ce5adb2ae583e66041b41ec94207d4586a3564d1ab15e94306ec10acb66be04586a813248f028acc71af278b8415df49645

Download Submit
C:\Users\Admin\Desktop\CompareCompress.wmv

Filesize
887KB

MD5
91e34d032ca64506b92398a64dd1528f

SHA1
e83c6f7020a3fcfbee49b5d1283229a75765d1d6

SHA256
c26d4d485e528ff4cfde6b296b32c3d4dbbe21edeb248a6ac70b0009e423e1a9

SHA512
094b6ab3990d92c13567b456ebd3007add728ecce9e7d48ea2a1f15409889d1196cae8ce8a80249c3143245b5181d9966092cbbbfec8d3112cfa8db1d8e43072

Download Submit
C:\Users\Admin\Desktop\ConvertCompress.xlt

Filesize
607KB

MD5
234669fa38135f28e6f8a77328882583

SHA1
8b3e5ddedc1a9e378237161763f3528beeb0b54b

SHA256
b49e3638332b9e034427b25ca3680786261c433101200b62d63e26e815fe06a0

SHA512
e5851697326a0cac9cf9f41899ac10465a00c151fbc38488af8150d6b3ccec9ecb31d5cc8a912e3114edbeeef1a618db40d898a11497cb5e75abcf785820e6c2

Download Submit
C:\Users\Admin\Desktop\DenyStart.gif

Filesize
1.0MB

MD5
58ffa734580a8d1583f74c1472480bec

SHA1
689eb86fd4258f81d4f19324dec897bbd1dc28be

SHA256
0eaee667d110dee9dd296a9e059f72a88408e12b4c5d88c9b7b991874ad379fe

SHA512
274ca04974fac18b3fa12325fd89385ac3f3ea7c334dafb5d32a20095e11842cffcf4643e090a6d35cc7e0ad1a335045441d009096bb3e337d22aa8ecf8ad408

Download Submit
C:\Users\Admin\Desktop\DisableRedo.wmx

Filesize
856KB

MD5
e399ffbcbd8911597187102fce76f053

SHA1
b421487512b61d2190c61ede200bdfa642313a25

SHA256
146db25945572d56f12f6b591eaeb1e4ba4aee544a82ab4819243573048d0103

SHA512
8f24948815a02a4745930823464230048ccc704c33fdb39eddcedf8be70493a076ef5f961f70437c00d1f8776ddcf9c8a04962a2f5a599a416b42c93a2d00ad3

Download Submit
C:\Users\Admin\Desktop\EditRestart.vsdm

Filesize
793KB

MD5
224caf9b302f4d8cb196504abd92c4b2

SHA1
f5aed0f536233bcbd1d372084ca0b38415ce0af1

SHA256
204bee8ff944fc6ff2ddbecead2be1ad72fb70ebe95a34f9f30921aaebe5e6b8

SHA512
4fb85ff75eb906eff4a47e8ccda7c6e0d3ccf711c6f185076b9686b80632eb29c3b2e1ff74d09a93bd14482cf0622589b7c8ee811255c4d6de2857d3b47f6be1

Download Submit
C:\Users\Admin\Desktop\EnterExit.iso

Filesize
731KB

MD5
ea6ef5220e05477ed5238b6e6db1b288

SHA1
5ab28514c5f83fc11d46cd870f2311bf3fc42172

SHA256
df2edc6468d5b782a65819fa1ed54e7352f2faf25dc8614f65a8473a6de8a0a4

SHA512
792494ea68243f02d139e162f72675ea4a75bdde5311ba61337fead2329b3b60e9155a6e9c33018797bbb301649d1939f292040211ddb95a586b621c5311be72

Download Submit
C:\Users\Admin\Desktop\ExitCompress.png

Filesize
513KB

MD5
92cda99df7c90e7564910d77a3df4732

SHA1
18ba9c92f1193a9f9bd03733465780bad4109c0a

SHA256
d837f9e9b82dceb6413d89e19ba087d384add03b7cd3da1792cda905fbd62405

SHA512
7548f2cdf0358e9a98cd121a668187bcfc7a14ed07f187fcad27247f2e148355e3d994d8eb294f40a357f593d4689c74105946821d393e2bdbde8de8254f450e

Download Submit
C:\Users\Admin\Desktop\ExitGrant.asf

Filesize
451KB

MD5
d2a6f086e144bccf598a59b38724da27

SHA1
4a041dda0feda6f4f0bc5d7d7d275cc4f618e976

SHA256
a12a9b31802eae97858073e82ed1df1b92eab2169b3aa1a2bc71d8ac5aa84b00

SHA512
bd7cdb8a3d218747f5de191668909ce3f5309ed3af4aca6a81536be1217c76059a28ed4bde0239d5418ddecac7066102a183c402876b8b14943cd05ca1ec7bc7

Download Submit
C:\Users\Admin\Desktop\ExportRestore.avi

Filesize
638KB

MD5
4b0ec328989f89cc0e1ee4194a9fb739

SHA1
b67e9383c308315765a3929ec64a50628a501cf5

SHA256
482fa4fb880bcdd195e13839f04c863e9f8184a6a564bdb974d9db4af13901e5

SHA512
eb1215030a420209fc27988eace9f2e789bcdfa0b0e28381c2d257d2ce1d48a1db38d3f93e25c64ff43365f84adb8f26396a541e18960d519659dde5ad118327

Download Submit
C:\Users\Admin\Desktop\FormatDisable.dib

Filesize
1.0MB

MD5
1b27d7637342d0a642a4a45fdec6de2a

SHA1
6dd223286ac2419cb084e3f6887b1471af1c0ff4

SHA256
34b5ad6b9c898d4d08c91336d37df9be5750f29cf24a1a48307713e2c8248d34

SHA512
1bd5623c9fc40bc450ee93ddfde50427707194e076306a8a996ac9d0f54f3c74c09a09369b828752ae230d8931bb6cecc5642691be741aafbfcd84c1efbec333

Download Submit
C:\Users\Admin\Desktop\FormatRestore.contact

Filesize
949KB

MD5
482a34b70d7c54e16c9b66fa182131b1

SHA1
6cb1acc139852cbaec614f4c0edc2f50a77a29f3

SHA256
89dc3712923ffdef02423b34f55f4c127f77c80c0b429f8f397765d513967ea6

SHA512
7660351b38fb463a7da02848308c1dd0b5f6a80afcea8ae8882b05586623c4f7f353bb1c897d170e06828fa8f3f9108605ddfc64d8ccd7ee326ef3e7d0df8c25

Download Submit
C:\Users\Admin\Desktop\GroupRestore.pcx

Filesize
420KB

MD5
12abdc59f8b42531a8fc544fb8756cd3

SHA1
29d382da4e1b466e2655708546c62d3161f002c5

SHA256
9ff9cdf614d06aff6a861118354365b3e603795094980e711f6ed4acc260b319

SHA512
0ae12597ddcc74254058567709237d0845a605ad27b36aa63140ce842cc9c55ca216ebe6e7e8ee4ee895102010d7dde554e7cc36d66d6c11af1d8754c07e843d

Download Submit
C:\Users\Admin\Desktop\HideRemove.xsl

Filesize
669KB

MD5
f4ea038a188f9c534883ce12868b3698

SHA1
4ba4d46eb87b44dc6d024250bf49fbd611bb2d61

SHA256
22f07a863bab3c2dabb80e640a0d514f21f8c0845e12f126268d9d17c0c89c7e

SHA512
86403457c42bddcdd3d462522776750ea0b9db0f24f883d4e1b7254e31e02ec894bb1d4695fdd24d0888c757471bce8f46bd68df8600dfc65bdc6001bfdeaafe

Download Submit
C:\Users\Admin\Desktop\JoinLimit.wm

Filesize
575KB

MD5
d317a2a7b286e0dc9e93320815760a32

SHA1
8133d1e306a2916e198e176236301be59f8542e3

SHA256
72e098f43f672a0b4f952c613b80e59787e774d8c46f9f03cee3913fe9d6acef

SHA512
11f024554d470b0bcbcd2c83c3f12827dfca51764e90eb653da7cd615eb7deb5dc4edaf708e78056bf8a1ff5ffd9ac1c8d810258a20f51355ed4bb135cf87f37

Download Submit
C:\Users\Admin\Desktop\PingApprove.dotx

Filesize
980KB

MD5
03d8a01d69651d1bdb7a138b4d4a5496

SHA1
61c2f9599e5166f7721b7c294e2837340dbc8e59

SHA256
32888530e7d52909c8231d8cbf48ecb8963bc541518394da96d8ce463c4c9b74

SHA512
82a7d80211b134dc0027cec0e46ca6badff608354df517a894fd051659c59b64016f94349a70d3aa7eaa64557478272f02afe5d503c80be3d861ca9e0b773958

Download Submit
C:\Users\Admin\Desktop\PingBackup.mov

Filesize
1.1MB

MD5
a380a019b811e08e8c7378a9b8d9f5d4

SHA1
e7026f425f10533e7828b46ed2d351445c0977f2

SHA256
2a66b8677de1d9de508b0905344472f60e7d8005226454de5e154d603eb3f8b1

SHA512
eeed98f7335b3499246c425344de04cd026222aeace9de3a2ac212981113964091d180b9b73fb44ad137e2b7b7d2dbce5531c4100e929005893c223ca3e3f1bb

Download Submit
C:\Users\Admin\Desktop\RequestAssert.txt

Filesize
918KB

MD5
8847e09e5809a4fdcd4b6c608d681c2c

SHA1
15276ce181e120b605e7a09c33725ded71a852a4

SHA256
642415af4db1feca8aa0d28104138ac2c84a400824b4bfe20e0394689fb83828

SHA512
446b7c8b33fe8856372ad4ec2b10e987cc849dbfd596415d3e75c00777f69161dab28b637a70ece4cd1a7e005b4e8b24f3f6bb663b0f53048f8a968f83438348

Download Submit
C:\Users\Admin\Desktop\SendRestore.cfg

Filesize
824KB

MD5
70d21dd2323d10d911ac7f14dca7ec38

SHA1
58eaf24e72b1804c35fc7f8e3e7fa9af7ac483a7

SHA256
08797491f03267244a9130fda182a89a161d6d86497010d276b7962d8c90a974

SHA512
1ed825f94079afc23a46a45bd2bdf994963661d69cbb4691d991a7ae393cd61571b56c7dc124a0320b13eb54da9eaa09a8e0be66abcfa5d158a6843f7cfc8e00

Download Submit
C:\Users\Admin\Desktop\SetInitialize.gif

Filesize
700KB

MD5
2f6b66142178295fe40c52c9b90a8aa3

SHA1
dca9658040d6fe3d57f31d38b07d2728f4e69782

SHA256
dbcb3806e71c008f4d59a2ee48a617d0127b291706c986e960410ce264294907

SHA512
4bcf600f320a8aff53760892b8edbf163fba9f3cbc87d2b8b5a713b9ae16b1ac37f932a083d0bce6354b48bd8420aeb979d36c2e37da53f69c1e93f91a34746b

Download Submit
C:\Users\Admin\Desktop\SetPush.html

Filesize
1011KB

MD5
a4a5716aa5f4c539a879810c3a988a5c

SHA1
cd55b3d397aa0a978942161a33e6a7cb8e7b9524

SHA256
d40f4783c49b48b91aca05032e1bcad89465d4f2a1f77ffb98789bf7e21d857f

SHA512
036ba19ceaff41005f1a5a78180c54ed265c22d8533dcf16795d2b5b5128b6258c6f46ff3dd49bb590195fba9a1d95efc026600f9f559cce97ba1d783d3c9ea6

Download Submit
C:\Users\Admin\Desktop\SkipConnect.vdx

Filesize
482KB

MD5
6ffd67b8d1f7cb146788455d2451427c

SHA1
3e0af41b4d028653fddc93e8adae6c7d2ad9deda

SHA256
8afef5d281974429e7a6431b2c9536dbca879a66035e32de2a070dc36fe9ebe5

SHA512
bc5cf0057d96c05938557604aa6db5eb359e6eb37018aa486080d6736325f576a7ca8c07fa96ea704693be484d8a2c98e8d28c203813e678be7f8bfa0efeb4b5

Download Submit
C:\Users\Admin\Desktop\StopRepair.css

Filesize
389KB

MD5
073a492f906660c24a89042e84d1fa50

SHA1
bc2cdf644714daa70abadbc6222d039fb81ed3c4

SHA256
fe496a3a8ea3507623ec0eabec2135ffd75f127758f6d2b9666184401504ee45

SHA512
c95caf8f99f995521179ebf6c9dc8a8d74bb089419440925f146c4749ccea4f137dd76dd62a8317f4d00eb747f8401d55333f226f0ef16375296a15cd82d569e

Download Submit
C:\Users\Admin\Desktop\SubmitConvert.pps

Filesize
544KB

MD5
21dad9dd935374ad51d738b1464f539a

SHA1
39c6f554a485fa18f2e199a7c376167c9c767486

SHA256
b7e509e70f113f199205b40068defdba7cdac833e5fb3aec7374e5e0fe0431b3

SHA512
556eb9fcd4ef7ec4dffd755d500e7cd1a15065467ab05babdbaff7372ecbfa470794900555cb9ae78ac12a3cd1ec9247002f881f56a7dfda747c5a5a6eb9e4ea

Download Submit
C:\Users\Admin\Desktop\UndoInitialize.tmp

Filesize
1.5MB

MD5
2191bea83267411f0d8d4b13726f0895

SHA1
e65bf113866efed17e8c6b393a01fc71daaddca6

SHA256
55b8c0015c4e60ca80c524d626e0c2e18a247eab5053f756aad84f7422773c88

SHA512
1f2441f9d28460d85474c75835b1f092124487fdd21ae3980b835137c9ac46c9daa81dd5d67aa0ba940cd773d4efd20530a5afcaf0561149b09cc7b67c40057b

Download Submit
memory/224-550-0x000001EC21D10000-0x000001EC21D11000-memory.dmp

Filesize
4KB

Download
memory/224-551-0x000001EC21D20000-0x000001EC21D21000-memory.dmp

Filesize
4KB

Download
memory/224-35-0x000001EC18190000-0x000001EC18192000-memory.dmp

Filesize
8KB

Download
memory/224-0-0x000001EC1AC20000-0x000001EC1AC30000-memory.dmp

Filesize
64KB

Download
memory/224-16-0x000001EC1AD20000-0x000001EC1AD30000-memory.dmp

Filesize
64KB

Download
memory/1284-42-0x000002BE0A340000-0x000002BE0A440000-memory.dmp

Filesize
1024KB

Download
memory/1284-44-0x000002BE0A340000-0x000002BE0A440000-memory.dmp

Filesize
1024KB

Download
memory/3756-601-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-62-0x0000024C4B500000-0x0000024C4B600000-memory.dmp

Filesize
1024KB

Download
memory/3756-68-0x0000024C4B0F0000-0x0000024C4B0F2000-memory.dmp

Filesize
8KB

Download
memory/3756-70-0x0000024C4B350000-0x0000024C4B352000-memory.dmp

Filesize
8KB

Download
memory/3756-65-0x0000024C4B0C0000-0x0000024C4B0C2000-memory.dmp

Filesize
8KB

Download
memory/3756-306-0x0000024C5DDF0000-0x0000024C5DDF2000-memory.dmp

Filesize
8KB

Download
memory/3756-303-0x0000024C5DDD0000-0x0000024C5DDD2000-memory.dmp

Filesize
8KB

Download
memory/3756-308-0x0000024C5FC80000-0x0000024C5FC82000-memory.dmp

Filesize
8KB

Download
memory/3756-310-0x0000024C5FCE0000-0x0000024C5FCE2000-memory.dmp

Filesize
8KB

Download
memory/3756-337-0x0000024C5FCF0000-0x0000024C5FCF2000-memory.dmp

Filesize
8KB

Download
memory/3756-559-0x0000024C60840000-0x0000024C60842000-memory.dmp

Filesize
8KB

Download
memory/3756-570-0x0000024C60890000-0x0000024C60892000-memory.dmp

Filesize
8KB

Download
memory/3756-568-0x0000024C60850000-0x0000024C60852000-memory.dmp

Filesize
8KB

Download
memory/3756-594-0x0000024C5C0F0000-0x0000024C5C0F2000-memory.dmp

Filesize
8KB

Download
memory/3756-592-0x0000024C5C0E0000-0x0000024C5C0E2000-memory.dmp

Filesize
8KB

Download
memory/3756-606-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-602-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-603-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-604-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-605-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-610-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-609-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-608-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download
memory/3756-607-0x0000024C4B0D0000-0x0000024C4B0E0000-memory.dmp

Filesize
64KB

Download