Resubmissions
19-12-2024 16:24
241219-twqc6swkfr 904-12-2024 21:04
241204-zwlb4sxjdr 730-11-2024 20:46
241130-zkncbsyphl 310-11-2024 21:18
241110-z5t1lsylfk 1010-11-2024 20:58
241110-zr6r9avgpd 810-11-2024 20:52
241110-znx1yavgje 310-11-2024 20:50
241110-zm2yhatrez 310-11-2024 20:49
241110-zl3teatrdt 709-11-2024 18:09
241109-wrfpaazapa 809-11-2024 18:08
241109-wra4ssylcv 4Analysis
-
max time kernel
505s -
max time network
514s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-12-2024 16:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://itch.io
Resource
win11-20241007-en
General
-
Target
http://itch.io
Malware Config
Signatures
-
Renames multiple (98) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 6 IoCs
pid Process 3976 Netsh.exe 4884 Netsh.exe 2676 Netsh.exe 1852 Netsh.exe 2648 Netsh.exe 932 Netsh.exe -
Executes dropped EXE 14 IoCs
pid Process 4288 GLP_installer_900223150_market.exe 4992 Market.exe 1780 Tinst.exe 4896 QMEmulatorService.exe 3916 AppMarket.exe 4492 PcyybAssistant.exe 2652 wmpf_installer.exe 3976 syzs_dl_svr.exe 224 cef_frame_render.exe 4272 cef_frame_render.exe 4108 cef_frame_render.exe 3620 cef_frame_render.exe 3324 cef_frame_render.exe 1588 WindowsXPHorrorEdition.exe -
Loads dropped DLL 64 IoCs
pid Process 4288 GLP_installer_900223150_market.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 4492 PcyybAssistant.exe 3916 AppMarket.exe 2652 wmpf_installer.exe 224 cef_frame_render.exe 224 cef_frame_render.exe 224 cef_frame_render.exe 224 cef_frame_render.exe 224 cef_frame_render.exe 224 cef_frame_render.exe 3916 AppMarket.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: Tinst.exe File opened (read-only) \??\F: QMEmulatorService.exe File opened (read-only) \??\F: AppMarket.exe File opened (read-only) \??\F: GLP_installer_900223150_market.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 351 raw.githubusercontent.com 359 raw.githubusercontent.com 366 raw.githubusercontent.com 393 camo.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 GLP_installer_900223150_market.exe File opened for modification \??\PhysicalDrive0 QMEmulatorService.exe File opened for modification \??\PhysicalDrive0 AppMarket.exe File opened for modification \??\PhysicalDrive0 PcyybAssistant.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db QMEmulatorService.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db QMEmulatorService.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\window\small_tab\gift_down.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\window\tab\gift_normal.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\natives_blob.bin Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-super-player.ff8f53b6.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\Res\JoinGame\usage2.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-market-ajax.ff635b80.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\I18N\1055\GFStringBundle.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\menu_normal.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-welfare-component.6faaf14e.js Tinst.exe File opened for modification \??\c:\program files\txgameassistant\appmarket\AECommonDll.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\api-ms-win-core-synch-l1-1-0.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\ae_connect_app_normal.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\Menu\menu_cutling.gft Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\28.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\17.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\Res\JoinGame\join_btn_d.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\I18N\1066\GFStringBundle.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\loading.60bf42e6.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\webctrl\loading\12.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\msvcp100.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\Res\JoinGame\usage1.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\uires\window\loading.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\uires\window\logo.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\hover\20.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\liner.9b9d79a5.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\QQApplet\QQMiniGame.exe Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\swiftshader\libGLESv2.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-login-sdk-v2.609fe800.js.LICENSE.txt Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\tvoice_tips20.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\12.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\83.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\I18N\config-th.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-login-sdk-utils.22aeba24.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\cef_extensions.pak Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-login-sdk-utils.8f561e97.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\ajax-loader.c5cd7f53.gif Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\logo.679094ed.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\QQApplet\api-ms-win-core-util-l1-1-0.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\qqfeedback_normal.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\hover\39.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\reactVendors.0be66206.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\api-ms-win-core-errorhandling-l1-1-0.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\I18N\1025\StringBundle.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\QQApplet\api-ms-win-core-localization-l1-2-0.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\I18N\1055\StringBundle.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\Edit\Edit_down.gft Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\42.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\hover\19.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\41.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\window\small_tab\game_hover.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-welfare-component.c7c9bf71.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\40.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket.tpc Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-thumbplayer-plugin-poster.f55f098c.js Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\logo_uptodown.1d1ea0f2.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\I18N\config-id.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\2.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\window\OverseaTab\game_down.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\arkIOStub.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\QQApplet\api-ms-win-core-namedpipe-l1-1-0.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\QQApplet\client_extension.dll Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\68.png Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\AppMarket\TypeDef\TBSCoreTypeDef.xml Tinst.exe File created \??\c:\program files\txgameassistant\appmarket\QQApplet\api-ms-win-crt-filesystem-l1-1-0.dll Tinst.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 18 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh Netsh.exe -
System Location Discovery: System Language Discovery 1 TTPs 22 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cef_frame_render.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language syzs_dl_svr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLP_installer_900223150_market.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Tinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmpf_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cef_frame_render.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WindowsXPHorrorEdition.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Market.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language QMEmulatorService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cef_frame_render.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cef_frame_render.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cef_frame_render.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AppMarket.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PcyybAssistant.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language systeminfo.exe -
Checks SCSI registry key(s) 3 TTPs 2 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 AppMarket.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName AppMarket.exe -
Enumerates system info in registry 2 TTPs 10 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS AppMarket.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer AppMarket.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate AppMarket.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion AppMarket.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName AppMarket.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor AppMarket.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion AppMarket.exe -
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
pid Process 2260 systeminfo.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Tencent\MobileGamePC QMEmulatorService.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE QMEmulatorService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Tencent QMEmulatorService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Tencent\MobileGamePC QMEmulatorService.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Tencent\MobileGamePC\sf = "F:\\Temp\\TxGameDownload\\MobileGamePCShared" QMEmulatorService.exe -
Modifies registry class 27 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\DefaultIcon\DefaultIcon = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe,1" Tinst.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3973800497-2716210218-310192997-1000\{C803B91D-BCE7-40F3-A88F-6F762A938142} cef_frame_render.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\DefalutIcon\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\apk.ico" AppMarket.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant Tinst.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\URL Protocol = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe" Tinst.exe Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\.xapk AppMarket.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell\open Tinst.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\DefalutIcon\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\apk.ico" GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\Shell\Open\Command GLP_installer_900223150_market.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\ = "TMGAProtocolꔀ" Tinst.exe Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\Shell\Open\Command AppMarket.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open\Command\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe -localpkg %1 -from localapk" AppMarket.exe Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\.xapk\ = "syzs.apk" AppMarket.exe Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\.apk GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell\open\command Tinst.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell\open\command\ = "\"C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe\" \"%1\"" Tinst.exe Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\.apk\ = "syzs.apk" GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\DefalutIcon GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open\Command GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\DefaultIcon Tinst.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell Tinst.exe Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\DefalutIcon GLP_installer_900223150_market.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open\Command\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe -localpkg %1 -from localapk" GLP_installer_900223150_market.exe Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\DefalutIcon AppMarket.exe -
NTFS ADS 4 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 33515.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 522043.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 58 IoCs
pid Process 3720 msedge.exe 3720 msedge.exe 4880 msedge.exe 4880 msedge.exe 2804 identity_helper.exe 2804 identity_helper.exe 660 msedge.exe 660 msedge.exe 2424 msedge.exe 2424 msedge.exe 4288 GLP_installer_900223150_market.exe 4288 GLP_installer_900223150_market.exe 1780 Tinst.exe 1780 Tinst.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 4896 QMEmulatorService.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 224 cef_frame_render.exe 224 cef_frame_render.exe 3916 AppMarket.exe 3916 AppMarket.exe 4272 cef_frame_render.exe 4272 cef_frame_render.exe 4108 cef_frame_render.exe 4108 cef_frame_render.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3620 cef_frame_render.exe 3620 cef_frame_render.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 3916 AppMarket.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 3324 cef_frame_render.exe 3324 cef_frame_render.exe 540 msedge.exe 540 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of AdjustPrivilegeToken 47 IoCs
description pid Process Token: SeDebugPrivilege 1780 Tinst.exe Token: SeIncreaseQuotaPrivilege 2240 wmic.exe Token: SeSecurityPrivilege 2240 wmic.exe Token: SeTakeOwnershipPrivilege 2240 wmic.exe Token: SeLoadDriverPrivilege 2240 wmic.exe Token: SeSystemProfilePrivilege 2240 wmic.exe Token: SeSystemtimePrivilege 2240 wmic.exe Token: SeProfSingleProcessPrivilege 2240 wmic.exe Token: SeIncBasePriorityPrivilege 2240 wmic.exe Token: SeCreatePagefilePrivilege 2240 wmic.exe Token: SeBackupPrivilege 2240 wmic.exe Token: SeRestorePrivilege 2240 wmic.exe Token: SeShutdownPrivilege 2240 wmic.exe Token: SeDebugPrivilege 2240 wmic.exe Token: SeSystemEnvironmentPrivilege 2240 wmic.exe Token: SeRemoteShutdownPrivilege 2240 wmic.exe Token: SeUndockPrivilege 2240 wmic.exe Token: SeManageVolumePrivilege 2240 wmic.exe Token: 33 2240 wmic.exe Token: 34 2240 wmic.exe Token: 35 2240 wmic.exe Token: 36 2240 wmic.exe Token: SeIncreaseQuotaPrivilege 2240 wmic.exe Token: SeSecurityPrivilege 2240 wmic.exe Token: SeTakeOwnershipPrivilege 2240 wmic.exe Token: SeLoadDriverPrivilege 2240 wmic.exe Token: SeSystemProfilePrivilege 2240 wmic.exe Token: SeSystemtimePrivilege 2240 wmic.exe Token: SeProfSingleProcessPrivilege 2240 wmic.exe Token: SeIncBasePriorityPrivilege 2240 wmic.exe Token: SeCreatePagefilePrivilege 2240 wmic.exe Token: SeBackupPrivilege 2240 wmic.exe Token: SeRestorePrivilege 2240 wmic.exe Token: SeShutdownPrivilege 2240 wmic.exe Token: SeDebugPrivilege 2240 wmic.exe Token: SeSystemEnvironmentPrivilege 2240 wmic.exe Token: SeRemoteShutdownPrivilege 2240 wmic.exe Token: SeUndockPrivilege 2240 wmic.exe Token: SeManageVolumePrivilege 2240 wmic.exe Token: 33 2240 wmic.exe Token: 34 2240 wmic.exe Token: 35 2240 wmic.exe Token: 36 2240 wmic.exe Token: SeBackupPrivilege 3916 AppMarket.exe Token: SeSecurityPrivilege 3916 AppMarket.exe Token: 33 3240 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3240 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 3916 AppMarket.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of SendNotifyMessage 13 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 3916 AppMarket.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4288 GLP_installer_900223150_market.exe 4992 Market.exe 1780 Tinst.exe 3916 AppMarket.exe 4492 PcyybAssistant.exe 2652 wmpf_installer.exe 3976 syzs_dl_svr.exe 224 cef_frame_render.exe 4272 cef_frame_render.exe 4108 cef_frame_render.exe 3620 cef_frame_render.exe 3324 cef_frame_render.exe 1588 WindowsXPHorrorEdition.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4880 wrote to memory of 3716 4880 msedge.exe 77 PID 4880 wrote to memory of 3716 4880 msedge.exe 77 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 2996 4880 msedge.exe 78 PID 4880 wrote to memory of 3720 4880 msedge.exe 79 PID 4880 wrote to memory of 3720 4880 msedge.exe 79 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80 PID 4880 wrote to memory of 2876 4880 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f42c3cb8,0x7ff8f42c3cc8,0x7ff8f42c3cd82⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:22⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6564 /prefetch:82⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6780 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2424
-
-
C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe"C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4288 -
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe"C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4992
-
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe"C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe"3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1780 -
C:\Windows\SysWOW64\Netsh.exe"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="AppMarket" dir=in program="c:\program files\txgameassistant\appmarket\AppMarket.exe" action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:2648
-
-
C:\Windows\SysWOW64\Netsh.exe"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="TInst" dir=in program="c:\program files\txgameassistant\appmarket\TInst.exe" action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:932
-
-
C:\Windows\SysWOW64\Netsh.exe"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="bugreport" dir=in program="c:\program files\txgameassistant\appmarket\bugreport.exe" action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:3976
-
-
C:\Windows\SysWOW64\Netsh.exe"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="QQExternal" dir=in program="c:\program files\txgameassistant\appmarket\QQExternal.exe" action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:4884
-
-
C:\Windows\SysWOW64\Netsh.exe"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="GameDownload" dir=in program="c:\program files\txgameassistant\appmarket\GameDownload.exe" action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:2676
-
-
C:\Windows\SysWOW64\Netsh.exe"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="TUpdate" dir=in program="c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe" action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:1852
-
-
-
C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe"C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe" -apksupplyid 900223150 -from TGBDownloader3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3916 -
C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe"C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4492 -
C:\Windows\SysWOW64\Wbem\wmic.exewmic path Win32_ComputerSystem get HypervisorPresent5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2240
-
-
-
C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exewmpf_installer.exe --log-level=0 --product-id=1004 --wmpf-sdk-version=50056 --mojo-platform-channel-handle=19324⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2652
-
-
C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe"C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe" --conf-path="C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.cfg" --daemon --log="C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.log" --rpc-secret=93b04e25a16a5e17f6834aed3c1a79354⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3976
-
-
C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=gpu-process --field-trial-handle=2772,12392992024546642670,2013490571468182549,131072 --disable-features=OutOfBlinkCors --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=2884007897027601420 --mojo-platform-channel-handle=2804 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:224
-
-
C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=utility --field-trial-handle=2772,12392992024546642670,2013490571468182549,131072 --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=8157431790109959415 --mojo-platform-channel-handle=3352 /prefetch:84⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4272
-
-
C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1.00 --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --field-trial-handle=2772,12392992024546642670,2013490571468182549,131072 --disable-features=OutOfBlinkCors --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --disable-pdf-extension=1 --ppapi-flash-path="PepperFlash\pepflashplayer.dll" --ppapi-flash-version=18.0.0.209 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=686917441724718246 --renderer-client-id=3 --mojo-platform-channel-handle=3428 /prefetch:14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4108
-
-
C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1.00 --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --field-trial-handle=2772,12392992024546642670,2013490571468182549,131072 --disable-features=OutOfBlinkCors --disable-gpu-compositing --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --disable-pdf-extension=1 --ppapi-flash-path="PepperFlash\pepflashplayer.dll" --ppapi-flash-version=18.0.0.209 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=10488404716022032971 --renderer-client-id=5 --mojo-platform-channel-handle=3928 /prefetch:14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3620
-
-
C:\Windows\SysWOW64\systeminfo.exesysteminfo4⤵
- System Location Discovery: System Language Discovery
- Gathers system information
PID:2260
-
-
C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=gpu-process --field-trial-handle=2772,12392992024546642670,2013490571468182549,131072 --disable-features=OutOfBlinkCors --disable-gpu-sandbox --use-gl=disabled --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --lang=en-US --gpu-preferences=KAAAAAAAAADoAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=5928420797599132947 --mojo-platform-channel-handle=3816 /prefetch:24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3324
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:12⤵PID:128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6428 /prefetch:82⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,9133047097669846055,17679943594514310766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:540
-
-
C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe"C:\Users\Admin\Downloads\WindowsXPHorrorEdition.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1588
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1452
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004F01⤵
- Suspicious use of AdjustPrivilegeToken
PID:3240
-
C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe"C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:4896
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2948
Network
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
314KB
MD5e724123b2b2a718d0b1dd43738bba792
SHA126d0ff07529bfdb08f36e7920ea961cd6c36ae2a
SHA2567c1a4e8ca073a46998f08477a108f244332ee929c977bc30155f59cf14f11088
SHA5126be5fa8c38e7f167636b2e176174927f7f6d3ce1ece07545c62c40fe1fc74ac69cd9774c2ac0c360bf38d22f443c816e3c7baf881cf0a90337acb493d758a0c0
-
Filesize
6.4MB
MD5b32964b1f283ce35a96e14fdf8f8f6fa
SHA15cf288aba9cfecea125bda66d2359a7266169404
SHA2566068aea2fcf490fe6e2125a1eb50b7059424b6d3da5394bf4ab3245ba2f25cf3
SHA5128856c6275f0f68e1eb203b925ad98267718f35673938ebd8f1ae1604467f2bddbc290d06f40631fc56eb7389a05029312c5750616789cf57b4621c8435ce2f7a
-
Filesize
183B
MD5bba8d8127e3eb9e91679885c5f42a8f8
SHA1b7583827b29251253eb476d8553b78b8ec111725
SHA256aee0cacdf2eb6d8f5a0168a0756f1834c21632cb5238fcb366763e93b7c5d011
SHA512931d257f9a689e0fefaad5c7d3699fb998716638c03aa501575d9ad9dffff0d2bce3f485ac3dcbfa868380fda0bdbff84ac3a1e110c1ab0734f585c1a1dd5cd5
-
Filesize
268B
MD51f8732c2fffb83b09abae916afa417ea
SHA126102b442325fcdc3e7f72f0855f03d353f2a55f
SHA256e97f7ada887eb751c6e6927ab57b04f5121fd7c14eb266c45954abb72833327c
SHA5121ac6c7ccf50e69489c8e7fbd8d825d1a5e9e32d9e8764bd54de58efc0def5fa0c935097aed921c8cc89638e02154962ab9e8265e10843e3aa0a3e8cbfb7f6491
-
Filesize
269B
MD580c5d8008844619df82e2d5ad65b5da8
SHA103bfb95bcac5f2b52de056deb089e6495e7f9b30
SHA25676994bea62ad8c19e2ac0c193d05f87b2acfd7a4387c5adfbc24cd5e2d3da29c
SHA512d3ac11a03843383cb3496fe963df3665e879a5ef28a359bcbff3640ac084137aeb30d9bdf937c651762e6ba09d45b5722c4019290ba8e16d3f9f4a1f96548fcf
-
Filesize
269B
MD5b96fa0a7ce5d7baf6467d17db4112338
SHA106ffdb34e6aabe8e52d9f5c44c56b611700abe75
SHA25617e9689057e15cf5a4e51a4db9cf97524a07f3ce7acc2c9c1ced8dfab6fdc048
SHA5125cb997230ec2552e881dd32f2732d5ce4920b2f56f58e54bb0cfe840bbce3973094958ed2a0f77110f2f6eff265091ad4a2ad6a3c3d48467611482ebee5f6100
-
Filesize
269B
MD5051a004b05cb01bc4c7fa92ff498d390
SHA1215c2f4dc6ab14fad406dfc287f7e134e783c5bb
SHA256a418aac47f73420d812b9947229e9bab36b991629a3dd9a5f6c4649e8b02c955
SHA5127d2f70e8e54199c8c0bbc784a65022a1239af6adb8498ee676ae1e2114692b273211b45bede99123a339e05d92f132d05d1b86f86ad5f4aa39408e4911d4003d
-
Filesize
269B
MD50910e48c7ef6ee3cacba63d19b1d81f4
SHA1b9cf52f8ab64a5ac5095cd70a4c8d24873a486e4
SHA256f15fd6d344c1f926c818b18104a463e345c74a17dfda688c4d6af3a8ce8eafba
SHA512025437e36dc8f783afea950805b8cbc931677322985b98310fe86d9e1c96844193b9aa4bffa291d033e9e3513070a619695e037074cc48dc29fb961973aa7d0f
-
Filesize
269B
MD5a737838e3c93e95f1f8555c83e19bdf8
SHA101a3c3427c5badbc38ab065913a0f1ecba81aed4
SHA256a6d47646219f993a45eb8cb1b33625cfb357b1c2ecb69ec165fc6d62b91949ad
SHA5121e2dcfc4a01a43f16c9f5f89fe372b31b0e4f35ed4d2f7670c9edf2fd55feaebc96a409b47bf02a9e5485a5b05b11878cfb4132a73ef024797de54d11620a877
-
Filesize
269B
MD5d27fbebb5f581b0c9960d4cdaa093cbd
SHA1aa6238139cc6a48b83f226667806e4ac009d31ac
SHA2567f28d495375253347d1d947fb12a9d25082309b8288dd7af058f4cddb427245e
SHA512e79fce5afe37b7d44dcb7b1aada2f5f07209723dd71c5e4195658f125b18d2c4be23123079e30f8a12a0bf5c52717b701d01bd892e8ce0579060da4080c70d92
-
Filesize
269B
MD5a3cc17103e2f161042fa24dee1ebd243
SHA11e03ad708bc7b3c9878f367a4241bc9d83c02079
SHA2566c071064476b4bed118072014abf8075046dd5fc2afd9b0c9527b3c2722bfc8b
SHA512e4f71f4f2c6814a6ef50ce6260f22024a670c0768114ed048de38e1db62c8c3e105cd1f7f204f7dae03256ec5ee54d09b190a5f2cc1e851a61deb4a44890e0f0
-
Filesize
123B
MD5db1e630f6a2edbcbd4d6351de1e23178
SHA1c4a9444c25207fca2f66108dea4d3e00af2f7f44
SHA256766afb00a71210fd8a97331dc936aeb3bf5832da4011e0faf3de111479618604
SHA51223732bf4a2c530fbd5bf3f85593b33ac0ce47cd45369f7772299613b301a5b2099baa47f63268e823f7ed8d87458980c4ca262aa5148a59bb6f14442e4fd7d52
-
Filesize
135B
MD5ac8663eeb86f730ba61ea1eb7a305517
SHA1ed84d55fba2870b06a05a0366c1bcea5a18a1d32
SHA2563ad5369cf8b5e7c371c161dc222da9339da443d6f0d19192a75654a540211800
SHA51200d3fc94e8a243b35a4317b32e0c8b98a7c68bce54eed73341247bfacdb3c20f5194edad99ac14c7e3664fb5bc54f574d87346557812d1a53f53337712644a78
-
Filesize
134B
MD5f63b0bcdefce2dc6c560ee6dafc8305f
SHA1e01d7b5a99798e1b46d96a14daba6173cb51f428
SHA256a04f3175fd7d6d26bf58c0dde03b6f6e8c9edee5c0eebf6aedaafde6a6b968aa
SHA5121164aae024122600225649640079c49191b679d16b469ffadf806c9d0de1482032b235ec1ccfcde8b618393399b09c8115c20b45ccc9a0d68d7b2e2884f62ef8
-
Filesize
135B
MD558d267466f6716c513d8867d361e42d3
SHA1f1257787f3748c9298cf43ab435d2088b1e9fcaa
SHA256bb7e6b43a8d86aee131a31d84ebf71f592b89f45f9ec26b194406f90510c54c9
SHA512cd967beb40ebc0bf54630041296ed9cabe23472775474d6af5a350a1e39cccbb72d3cd38757115c7a86ee40d89975d076b4fcc3248639241b73cfb4345a1076f
-
Filesize
111B
MD5069a5181128070af374b7eacd0f1a9f2
SHA1e08c6e8ff34edcb59bb3e067f3297b0cf29fc203
SHA25628d44de3a3ed3039324730883b5ee7f36ecd77c351f0dd470f0addd3c90d7c46
SHA512dee9c6bd584aba5049daed7e845f49d7485d311a0f8a431376a2ba09a802b9f24b1f9c6fd25fda250e76ad7998b72fb792e542a0a885c7c0a72ce87d08144a89
-
Filesize
110B
MD519f33a66c1bbd4e8b1fc2208ebe8738e
SHA12a944bc87758f87877795716576594002bee0920
SHA2568862c6c91917a10615bd4ef11d1afcdc4f5c03cd498b15be1f00c6c7fd9e704d
SHA51292d4ceeb4500e5f183f3df4a1a8501945b16a8eff9f68273e89dc6d20711dc9931fca6153bc5c239d0f273aee43ebf2a824f5d9aaed25d1fad62fad2171197a3
-
Filesize
111B
MD53979eb2a7f4f11cf739af806e55dcf24
SHA1aea935b02b9eee4a6787ab40d1b66d06ba479827
SHA256495df5662da43a916eef4451f046526697b518c796d529d7a4afa0c4f62adf0b
SHA5122ef413d624c7d74daadb7e403aa34724597f395ffdb21cad5f65b38dceb44574e570cc8ff01885cba9212b1f4e8b1b9c114a45b3aaa5544f5890953823031485
-
Filesize
110B
MD5ef106171918eb3ea4a60ee955f851fbb
SHA145052d56ee73fecba4816f4ebfb23e5c4a114fa4
SHA2560651b1f15c33c959064acac84021bb92739dd0c36d59a4d37cd6e738257255b2
SHA51267fd33d62ab89a37478b829449b3eb795fbed37c3e38e8dd33801a28d7ab9a8460f688747d1f48e5ddbcfed514cbb808517e1c035e00a66a6c3625711a5bae82
-
Filesize
109B
MD5a8963c9a7d5f4e262cff6d6a3b7063aa
SHA1de2d4494bd44a8cf8f81944bf1966083102448af
SHA2564909bf144b1e5641ca945ed9046f46d5c6eb3d01f43581a575df826399e6097d
SHA512ddb78a911e297e84e67c5f3bc37034c27e7c8ca629da610d9b11df44f15fb40344024b4b847d1130df31107c406f694ac73daddf10e350d3ed93bd4f54260c9e
-
Filesize
110B
MD519ab5e38c56c0859b8d18c1bb84903d6
SHA1081319712069f6446a1ef792a287cb72845b4b37
SHA256bbd72095f035e68f319040b538d7af46e23c7222d5ecaba6404a1c96d647cd71
SHA5128c111d80ef37480ae7775c1fede09552708dab51b42c3481b658ea3a6640c555737b30fb50e64bbcb42cb412750d078f0f0e2b84b59f485c2427e81aaa640d56
-
Filesize
112B
MD5f0d939af0ddafaf08f9e4bf980796515
SHA1ab2a9c979f419e342f7b0240cc29eb2ff092ac3e
SHA2560b86dd63dc5087e6e5eaee29e08f32f866586f608263fb900262b065c28043fb
SHA512cc8319c323d07cad1efaeedb362a644446c61688d0e897ecca305f6e460cda98817b002e4866c67b3f3c4bf49a7c48cd3e1b7378d798ce5afa9d1f20dcf56ba5
-
Filesize
260B
MD512748b15d251c4708df86cbf00544929
SHA1132f82c4570045b92e25f8e68e34c4a6a03605cf
SHA256605161e8a540fc3c50381b7f25baad5bb5ea4a6ebd3efef31c41c4b8075615cd
SHA5120fba6314e5664ec88251abcc292d40a31327dd0ff0ef9f7d9dd292964c4d90a7378999a21c49278d6fc655885b3a499026f7ea6fcb45a8c2fdbb45b04871ef4c
-
Filesize
9KB
MD5f340d3ff3bda959d8966bfbf56d34d8c
SHA12bb7e187be9f74fdc42e11e5e4e7abf52a1caf48
SHA2561690526c13ed1ba0a8a3b811eb6358a09e145a2161a7fa0028c346388f866184
SHA512a2c6d48bd95d16b1dc90c265202f74e02683448ba8ca203f74ab04b1e3957a0f7c694770ce107bfa3f8f5239290ffcc3331a37f00062bfbed3b616ee6c0d46a1
-
Filesize
965B
MD5d1683ebfa9a9885a5319a11018ab795e
SHA1bb581cb096504b8c502853acbf20a239028e1577
SHA2562d34f1afda13d8eebb8fc1232f280214b27fa77196dd29a72bf175c44c5b3a1c
SHA5121db13bc2272d34761154c822e3a717dbc46870e6428ce306e915e589c7b9194d9d320e5674cb1d2b1435f8f64908d20a38f785f69569ce699eade454e9288145
-
Filesize
83KB
MD59725b213ac7129d7ea32be460cd85e41
SHA12d020148c5ab4d4cb523cca56d17cc255511e7b9
SHA256ba32bf96a3ba1ddd301399160398319378386e229937b7fea8c2daf2fc3e01e1
SHA512d8951bd3f79175274e309137bd6c69ce22e120c4379ca742033984e3f591740eb59c1ede24addc691f2d0aeaa337cbf1e3dd4554f89e2b13bfa861e996f6ddac
-
Filesize
380B
MD598fa6d64788dce991ee9d308e58cc4e9
SHA15fa038f6cca6c3e4fc4f1e48673194c2bcb95e97
SHA2560954e5e36d0f11e6cd6088b421844b21405c569565dfcdc1431ec849279ad56a
SHA51271ea6c7f0154674a0e0b65b16ecce681f891e615b7f443117bd0bf4f69ea2e7f6e45fd1e964b2d9b54f4d0e19067b0174c4473ce52e93add74df02aaa3563401
-
Filesize
9KB
MD5c771097a1d490053e97638198f2f02d8
SHA1f2d060f6e91688425e56e4b4f846f4ba4425f0ba
SHA256175760389e292e7bbdc8ba697551dee44d9e3727e54df1d50a6bbbb3db6d503c
SHA51228a70542fa4a2e1d6d434512bf46c92297a96266c40d46e54ce7e00a80bce438165d705e1828385dce434f59360b0e7135134e09da27eb4d72a5bbc7e26fc54d
-
Filesize
450B
MD5f7b1bcf930a68845930ac056877658e1
SHA12b97e403cfe29f39f0b908404d293af077c47a3f
SHA2569ce36b7d7b85d4c1b23b773cf78eb7c688ea3f0abe00a2bdbec30b6f9994b384
SHA512bc5be9f320607a89d3c84c2c481cf12c046f132cbbcf0753a32aee94d0b3c3ac7f60eb13f21c218487461fb927645f2771d6457abb19ace1266865dc6e1e85f3
-
Filesize
4.8MB
MD5456b7f7a9706c0acfe82bb7ae88c3406
SHA1264ea2a57626a314e8bdd5b6d923e7ee1329904a
SHA256a53ab0e94c7c763b1dee2761d4fd66b38fc13c5a2b5906797146446e22d09866
SHA512b8ae70f7e163254663efb667625fd8e9d3195e55a442eee290a221c988bc2657a49738309b67f07116a53a6ba678d25b62181b1fa6b9e7686830916d86c2f6bb
-
Filesize
236KB
MD509edb5a9bf963d0020e7fdfda2d79c34
SHA1f83bffeb58ec8b16340ff84ac25235252687b52c
SHA2562a49f8f46f90097824952e58ed65cb4c76957d00e86a9c5d329e9e74bef1cf6e
SHA51201d7af03cfe7fdb2a8ee8b9488c9e71518c4f09f11d10b3595498caf87cb6e709f2ccffc25d3ed7b71ec3eefef751d83a555c8265d18debc95e3d85fb1d6a10f
-
Filesize
1KB
MD5ddfc333a5cf6c05dc44f45bcd729a42e
SHA1cc452db43266b5cd6576af59c2393945d79b6aa3
SHA256d1cf9e7d5c67d1fd4c12fb317813f4c4ad1d4a94d992d3758b0ca30d7ee513d2
SHA5124988792ab971496a822615e2665f9c0653c02846a782af410e6b981f162b8e968426ade697ba835d357f5dfdfc62dd1041f6c25db2e5f240e0fac6c8b6c0fadc
-
Filesize
821KB
MD51d6aa4f0c1db1675696b845a1b0cb766
SHA1e95212c56868fcab76b2ee9b3b8a93a9f5db83f4
SHA2561d9a5ae40789be23effc6cfbdcbde2b07d442533370924240731e58484d7cf66
SHA51257723570de8be3cef7d8a6470bfec40700615dda3febde73116b1073aaabaa33fa95ae8fb1ed7586cb47b4c512a85cc6b9c4041774218f56ebed3dc4148dc3f9
-
Filesize
2KB
MD55f74194a68213f713c8ea5b7dd723290
SHA14180649a737062633d565ef307d14542ea3fb4c4
SHA25687d2d2efe41cbf51fe3bb18492e2818916336d43f8b021fed97863e5f14bc232
SHA5126845b701b27b3967912fa57c815c430aef74cd91aa8ab1dbe0f0d87b749580d1dc6ea38ad34442219d636ba61d54fe79261184e73d6fe3d93f795e5488868a84
-
Filesize
3KB
MD500aa757ab13bc8b6b2910b0ae8533cf3
SHA1f3bec91cc669e05527c7ac9094155e466c8cc721
SHA25628d9fb50468ceb55f01cd44153aec920038589349e86097a9e5f61d534fe77fc
SHA512a3fd92ad920ab61fc49e296d90d47d947fcab41b529961fa371afb4eb12bcb02f449c1d152ea3bb872d4ce96bb8c86f64366372406a7754df972e139b083f032
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\module\lib-syzs-login-sdk-v2.ac53bf12.js.LICENSE.txt
Filesize808B
MD5783f14fa45b10e088e68f98251448010
SHA1cd522246a57b87ba54b1b6b92174b9091f70e983
SHA2560d8f66cd4afb566cb5b7e1540c68f43b939d3eba12ace290f18abc4f4cb53ed0
SHA512b7c82962cb44702c31572d8d4057561649bf47fe553441f54a9527c14f5b4f0fd747bc346e0ebd108879a9482f5afc3cf73229ac52143c5914139e108b8b58d3
-
Filesize
80KB
MD5f9057c1192a7f5b1d180816137f0e730
SHA19b4795815e73d7f3ff9949ecb8d22a42deb66315
SHA2564f29fdcc65a006e9de11ecf94a82288ca73850271ca908214cbf1a167fe9127e
SHA512c1bffb4a7aa116bddb502f6e8875674a76fc8a7f44cbad1bbb56c0b66c4f89e2e021033381059449dcfc0261744f7fb86cefb4a4699568c7e8ba1781aee37eaf
-
Filesize
16KB
MD537a81c422383949c82ef3c87b87caf1c
SHA1e1cc6af8c16d83eb2b7f0c3d68a989a569b2e45a
SHA256266d447260366b3952638a4b579096bafcd4ce6b1eb36ea87de4040c595f42bf
SHA5122bb80be95be71fbcf449111cc049cb70527ac5b3c082474fe69d3bc793603bd7a7796c4b4cb949dee95ae8749f1ccda0450dc45eb711b785ea45d250ee8cd8d6
-
Filesize
73KB
MD559a39f95b189baa9b0d372ee20ab78ad
SHA11c7efdf40b467df9cf44c3ddde8797f0651d3df4
SHA256022c34380f513aef1011bfade4f6d42aab457cc1656b93e0d1d7b30a4aefcf62
SHA512f25dc8744bb5fd121b289ed5df4de424b0f39b70dce0964c1e684d883474023ac316c7969eaf655831f4312a6df0cdd4c1b70141171da0a171661e1c2e4ac4f6
-
Filesize
159KB
MD51881464337728d17657b7c23c6d0ee02
SHA1bfc5c3542c7b6f8e1fc28db3d1a0defe79ae539e
SHA2561f20afe2298cb15bcefafbcaa7ac8f5d7253b7e47ea52601f6f4ca3ea62fbb3c
SHA512701b7bb16b6e496f96cb037da0581d0c6f4d7d1c7e6e4d80217899faf24c34909ed90c83b649f4677dc543ea327ecd7d63feff5d6189d34632358275631fa1f1
-
Filesize
3KB
MD5b319838dc55fa679d5ec38c671796b2d
SHA1fe8f2bdc12b8d2a3371ca6ff02549f5a8fee0e7c
SHA256a42306a21a0faa17b36e78a4f25503cf58f161082db4babc587ac2d15f8f7742
SHA5125252192021fd2e1a97a9863d4403a827b0906c9ac677deb638fa49685d9dccc7fe8736ca589018205a08808b8bca7353c43b136dc6c8358c52314726c2235be0
-
Filesize
302B
MD58f021e0c7e6a699810382aa7b95d38cc
SHA111311156a5d230a07253b825ef594f994050258d
SHA2564c8c5aa8d5fcd32db82cf6caf18ca52c144b5b559298ec6e4fd527c12d7fd9ec
SHA5122e532d62780eca764c4fa8238dd09724b188d27fcacd04fa5cec8b647a264bd79770e0fab67eb7644528a21683379ca3e179d43fca420064a802a8cc5e12e950
-
Filesize
441B
MD5224ea384d24029ce8ca8c0e44803bb88
SHA1432ca47e034a0c6096528e69f93fce022989b7af
SHA256f535ecab5f2bf5d797da60caee9438d097389f91c49fbf2a8414f97fc326b6dd
SHA512f4f0343be8bbc983a434f0b3f3085073cacbad3fa0896c97f4d53094206b0049ed81e6eaba334aa84aef8b029a288839974e8f410889bc8a1c7b666abc05e4d9
-
Filesize
389B
MD5374e40458924d7ef173d117fdf71a844
SHA1920eb76babe7004cde1cb0b7bf70df8ea1c15c54
SHA25692164990579dd866f0882e7679f78df8eaf3006346ae7cb3ae8fe8e4ac86b054
SHA512bec29a1764469821ce6d49668b7123403f904d28b6c0d2a8278eb8bd1cae96175292fde613dac157fda32df6c34c5e1c3a0c699641e499c8d3748c0632efab4b
-
Filesize
43KB
MD5902d51bb5dfdc3a3b8c11af3cc56f901
SHA114df878f65df7447c14e690f1041da6968d4c4b9
SHA25639cddb576e0e62f6b9f9553dac9be7a5d41565907546f3c30e5af49cc62ad832
SHA5126be27b65fd5b50f78b07d5d91215ab094216e81b06a11541045f406b95ec4c512165484707b652ae8b07ec1610e73a9cc77a4dcc39d43c4fdc6f01678c591969
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\FontsFree-Net-D-DINCondensed-Bold.ttf.old
Filesize38KB
MD55846f45b4c6987e591316047f0840020
SHA1a241a05ce8c9e8102af34050527e233365dfe732
SHA256954d998202722eadeb5d1174457d25723f2add665f0448d2f23e8c42fe344002
SHA5120cfbca843fa5e7ef498ea3561775aac5d8affc657a547c399eb03c8956f339c2174b9cf1a1195490de6b53e5375ca1ce4f25828057085db476cc67a3f0389b63
-
Filesize
18KB
MD5cad24f189ae96628318a697e7b37305d
SHA19a2db8961a31a37cb4797874829bfe95fdd8b00e
SHA256c21264af4db3b76c28b6f74d6ff10f6d69342faf0033f18911fb6a85e1e240f7
SHA512f81c711b141c4a4d7e49097708c94ed33947795067f2cd95b273496aeb4c8142b5eef6f64ae7146e3323cca4f8e84fb4089d8b6a67019c1d473999be7483c398
-
Filesize
8KB
MD5339f6000254daedc8773ae6efcc89acb
SHA191b0e63eff58249d4ae4c6ddf56aef19c4ef087d
SHA256e3e59e4b32af5cda6073e7c39b77ae1e0fc0405fba4323813644cb5ed2f5a0af
SHA5126ce330b2e67b2b07cc45dfaa306c6725a6c1aa1a66d6652b2ff088a4cd46d42632f46ca235de59f217eb6ba3e811f10181f86c50926a2d8cf1c2eccc86bf7b90
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\SourceHanSansCN-Normal.ttf.old
Filesize7.8MB
MD51def9981faa460e4e4529d4656f28ff8
SHA11b9c02984a79104c455f25835d75a70825a885b3
SHA256cd1c5b9c6740c570ab7289402d1af2f39437c5e095e83baf81c74d80e56a75ba
SHA512cb6f798014b05bbe8f822063d309df9d1539232919346e1ed521cc5b9441b26917b61cd6ef51af638a11da8012f1fc2877449977153d1166fceddd61d6ec20ce
-
Filesize
2KB
MD5b02e269889ca9a96bff1afeab2b3eb86
SHA1b47ac993cef945659fb9e8b2d75186eaa7b5780f
SHA2569e8b81fce344100ba628b33aaaf4e797998211e770e2e82985cbe2f5673538d6
SHA5127e079c9139902e50b6f4e68840d268d05996d7a741c0dbf6d30c2ecf1c84e5bc53b4b06e1dd75b93136ceb2c8de9163d6806aab6aac6f7f161871d4002cf05c3
-
Filesize
16KB
MD5bb215fa807270e76f1b10875419994f8
SHA1fc7449af0833fded4f50a662f48205319c4674d6
SHA256b5f03327bd8ce54057730f4241b3eb12609f27c3376f24c18958e44b5c6d1329
SHA512341c2cdf93fc7545d7eb652e3441192ee999df5061684b5ed6384428806d2d660809d221c8401c7df5140e249abbbd22aaa37f0f53d931a4e18573ab9ec8ff42
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\about-logo-oversea.1db3cb82.png.old
Filesize54KB
MD51db3cb826f48df2106114a6afd3a4e4a
SHA1e4fe155f291af39f509aff9f42ab115690159108
SHA2562131c1444334e92a949c668c768e9f13a10ceb153a421ce15f71aa6f538ebc3a
SHA51214689f7f1eea5c5a96bd19cdcb1ed8f03905b5515146c8271e0a66e9ab04b67e6ff1f9d51115e58c7d7d910d8b695dc9a97d6153d3cd70bf8badeace67d1bfdc
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\about-logo-uptodown.f4b36feb.png.old
Filesize23KB
MD5f4b36feb94fcf2dff1c704c05ebc9865
SHA1946e0a8be7651959fe19f9c34e63934c40c48e17
SHA2567dea199c961b22190fb00f27a30a6393a7457668d0303b7a982abc8b8af99edb
SHA512bcd1d8b36b9e2aa9c99f57db92d91775c43cc41f553ab5786cb27e013a2b69617f4b5b2f86fedec14e0675c27036d6e1a6b3e4d7fe0d9364ce41db453fd264bc
-
Filesize
14KB
MD537448401493d55bf36cab8a2cb988561
SHA10b734bcda25744769c1349465a230e039ed9a34c
SHA256b4ec90ac64403b00799d8d4ec872c5e2c45ad74597ffc4587de2f6550df43fbf
SHA51268bee5298e26ae244f060a2c76a998ad5b62cb8526ddc979879cd396d29ade09f1a28580552b5cedb525aaeb4a92f72a4ce34b60b9a4574ed54b9666a6fa9bce
-
Filesize
72KB
MD5c2ec7658a58a6befbc5dbe99a7ec31cf
SHA115ff3e5c77f430f894c766c66f8663edc66902da
SHA256f46308e39efabb1df8216c12abd9fcd982372f741d609c19ab17070cf27d1746
SHA512b87dacdf8b1f928784d4eeda964a6907c88cba3d105e18785af52919455ef579e4ab525076993499200d12109d98f5a4f57d98d4ad6d3eb82a092c536ad67108
-
Filesize
4KB
MD5c5cd7f5300576ab4c88202b42f6ded62
SHA17a1aa43614396382bb15e5fde574d9cdcd21698f
SHA256e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
SHA512f0d7ada22a3eb3b2758198a71472fb240c74ce4ca09028076e23690c70b2339c6b2a40f9158dd71c52d953ef27bbcc0105b061bdc74fbb0ad0b304c7c6a04a38
-
Filesize
18KB
MD503fe002464016d9ef2bb8cacabe08ba7
SHA1315d7c6caa6b85be2b394436d171f66743cfc114
SHA2563f623c66ba79b46c29cd687e2176ba8c14654cb837373826d30c1ad74fe731c0
SHA5122e470b27cc28dc0ea1ed7dc9a609e2f113a63cb5690a8df7963fc853a7e5d8a03f9656671e96300d31188433fdbb630a1ce8e5d41e3664efe88a4c58a1eef81a
-
Filesize
8KB
MD52f301ae6176f39b0bfa7d295ab15a005
SHA1bac9a8324c7cb531100e8334447e6fdd2f542016
SHA256398c7d9731e7ca31bb2321d1a2d4b94dc756624a370e5077a98e62cfcdad9b14
SHA512994578788290215518488dff1b7989ddf75d723facd5655b926883c17598600ab1b81e52b7acf22be2f425f3d598c185d5f00823febd5edc61145d3484fb46b5
-
Filesize
1.3MB
MD56c1d0bb14fbebcc2c6ccc6c9dd21d97f
SHA13fdc7436086bb15718f0cfc99f8d16aa029bdcb6
SHA25600aaeeba5b3887173248f050beeb8bd7c05ec9063dd9d9f2452ffa2132cbc53c
SHA512f14e19f8f1d4e07ecd84182735400235e41b9942a86b6d0e4d09dc1e1d2b4f56c5abe52052821d0d1d6e22566d17b2f00d383dcc5321824e2d35b0c44db1722b
-
Filesize
115KB
MD51a662cff1d69a71a3aef1f55140d356b
SHA1399ccdd1f09da09c1172554e0b79753246692628
SHA2564b7158efb66fc15ad7453392073a9e8b06e15dd3c77b92513e79d98d86f68b1f
SHA51221fb57eb9df8caa3d71c048c39c7928951c5909eea42f474eff3628bb09f214779ba9604c93cc489c084c0211e5b98cb9a9df1c7a5a4ddd83f673198e4c0dda6
-
Filesize
167KB
MD53ea671d3314c837be2470038c5d1a95f
SHA1a45ec699e606b0b4f4850e9416151aea6a5ad58d
SHA2568210ecb596defb0467db7fe3dc4300ff48742e8fc81921f134ebe5ed52e531e9
SHA512ae2487b042a6a5b04d92f887050fc41083bff9362189dde5878b7814460813072757877624610afe2dfb4d5095855930178292fe9e1b6524d01dc007c99afa91
-
Filesize
94KB
MD581b1dbdc26501410a580168f457e6205
SHA1f35803940af60e1e731375b9d2815cacbff5b766
SHA256135bddf4cb6e42f0616875b1d519753edde1720adf9b13abe2910db9db917655
SHA5121ab9a4e5f739adc81ad4a0435431adb423ad15475c06ca96036de61a6e99a14ca4b74397dbfaae83f36e17b6a61a0818d6e42c7e37c4308d7b4ad2193a19f7a2
-
Filesize
978KB
MD5846d4ca3038fddf01b726a2f4d04f806
SHA106b09d8122d02178455f35925d6c3c6274111bc1
SHA256c365916c4287643bf3c88722adc88dc40ca8e59ea1dd34f4f58b23ac22e6aa63
SHA512a9b5e01b19d45d4227527f08a209f6c0f455e0b9d0f0b505a3ec0bdc6dd22accd0e90d1d90f0a5b18340dfff97c0e8c151f332a9f270a8b4b2d5cf7382210908
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg_complete_task.321f45c1.png.old
Filesize14KB
MD5321f45c1db908621755c98db87db9bc2
SHA133fcb9c82716a7181783ef5035f424a23630bdfc
SHA2564b1119d8b1934648fcecae567a79c0b90ecbc874512a046664d504f09443bdcc
SHA51291624217e967ae29c876160662c24cea04681faaa6edc40f6193c9324f1e150f3b907bda217c1aca881322194dd098e6ff0fd4aadf5b2f895979792d027f6f80
-
Filesize
10KB
MD52eddd6d278303fe831ede70a0450171a
SHA1dd4d6cd7cc3603d11c2c69684611ffa2126570fc
SHA2562b07e1d82a6134ce498bc15ced4b101d2cf141b8b3a55a9412867b2e2a8f5976
SHA51221510105f816e389b76bca0f28d6306e1854198097713783176e2fb76d04b578f25f6647af8384d3b21d9c68bc5c0da29a64c270f011fbf3ebf8b37150b902cc
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg_incomplete_task.48285349.png.old
Filesize12KB
MD548285349595126daed523546a64a3c22
SHA1a287e0358127f9d87981f5f807d97c81a1039cd0
SHA2568ed80645f298cd85f66bbfd2cccfcf1502cf15f05f9828cde6c63851f6b11996
SHA5122cf426688bf1972e0d1bff8e12981ba8642b1c65080b67977d96a829e403770d5f61bae242d5923efa66e1b45b81f6c851bf3f9d020340d3421e82b01f3fdd6b
-
Filesize
4KB
MD59fa025f054f4e904fd9958de830d03d6
SHA1462a39d9d9048279c841904168a862536511972c
SHA256e3779114edfee021b64f62be5640ae23482914c09b31b4e1af154cab88c9573c
SHA512f2849d79a7934958251936c6a89fbc35dca525a2b44409c7161ff139c7f02e97844cabe4a32ef981219b1b832243195d1c330bf20c14c4f2514f41fd8923f46b
-
Filesize
4KB
MD5ff9babc0fa823abc0c2c3a1345db0f5c
SHA18a33dc2e17f1060faa02ab4a6363a471ee8d8aab
SHA25626e15bf243bf369595c68af14f68d2072ee41ce99cf148ca72ff45aa493bc1f3
SHA5123bc5dc3e30261a5ca7d52f7a2e71851b79746032a90b80bba6ed8ce33eaf0bd2dfa5be3a974801d7d76126ce58f96f9c5d8ce5e27611d1590043da9d837f6196
-
Filesize
5KB
MD5055685219fddc93d79f4e4c1abf87721
SHA13b3dc06171ad57dfb80ee1de4c21f751d7973f53
SHA256f1de84602dd322f99138c47603bb6788289fb92b0c471a6c0ab2f34ef012e533
SHA512e3a25436c9ac81601abce2a40a1964770ff47a0187fa788644247045e4644c1ed23d93cee71ee165496a3cd972c00cf3045c9840433586311ffd69d5cfb01a39
-
Filesize
10KB
MD5d631fb1f9f72cf20e77193470f343c7c
SHA12e9690acdb2a5b52ee1c5266c161c220b266fa6b
SHA2560e8db8ae2e31b531d54acdef59279b3d3ca16230ebfb41dfbfa7d7d790cc6905
SHA512e00b5276811089c0f051243c2057bf03b4ff5087392bfeafa933a59b6e3fff4e553ffb36af2aab27bc953c29eee26fb1acc60be6fa811fb992b3325ee7620267
-
Filesize
17KB
MD5e78c301ecd617da8a85093937423258e
SHA12a0432e05fa7d526016a1077a51718fc80a4d061
SHA25636400e4a9d7f9fa7715ad4033c9d886e7febba1782077b8abd57cba6e3716427
SHA512f6d00fc24f4364e2936644bd9356be5cc4c614917e297620a82a3fec1041d26e659b367cffc2329024bc7b3b29bdfdfd850966e3b418ac21cf3070340ba1d81b
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\defaultIcon_oversea.a16bcae9.png.old
Filesize4KB
MD5a16bcae99f0a1079b8f0981faf8fc71e
SHA165230e816fd67a442bba3cfa4119dc2a2be3baf7
SHA2563d8f64b763a0793bcebc22cf79201e85bf4663794ede991d1c5ce0a7edced67c
SHA512f0776e1116af5119ee07509ad494cc09ee993558fa2722d3e3e688255c9e70b555cc71653df222f2d3d7e20124b19e42a3df8ca980efc68a61e287e903be7877
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\description-yyb-logo.c4a4b824.svg.old
Filesize9KB
MD5c4a4b8243dce83fc395e680dbb1f9e64
SHA1a0dab4ee176b6c2525c5c27f1647650447ae244c
SHA256e5b8aa8eb288ddad07d3de21cf779579677b7704d8f74a3f623f6aa2bdfeef1b
SHA51212969a9066b91ab6aeca838332a8832a455c3511d0f91a2b29ea6f510cd4b529b0ecff3f622e5b37eb1ca0fc8f4389e050f5248fb423f1272d87d4e2e7f85503
-
Filesize
6KB
MD57a96dfea8357864d3c63cda0a3875862
SHA1de89315c7b37223280e6c00383144cc58a74bcb7
SHA2567655a4a2b66c09e7fcec1ca3f544fa19d3e27c9ecfec98f28171504be0cfa77e
SHA512c6a01afd7776a1cb000a1f3d3bc4fc895215a8f4b73b290f4a2aef8f16c18316fd35561aaaa32d7d23313cb5d80a7de786944a49c282560ce6973588a2c48b72
-
Filesize
53KB
MD51edd25de5f4defe501f810e0f0eaf685
SHA1b8bfaccdcb3221304a680611222a0e11323e6909
SHA256f6f27e5cde105db9b33321a6de48aba13bc809a9285d963a02bdc37f86e1af4c
SHA51261b9473551b4fc2806885cee2dc8c21595b83677b245275916f4dedfa9de8c0201bfa92dcb14dc8c6c6904144b1e40ce9b27a60a6879505f5da9497ffa550e87
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\gift-loading.ae16e16f.webm.old
Filesize29KB
MD5ae16e16feac614bcf99706ed40d0e734
SHA10f99a0c744d56b6643ac5d774fde1175df85228f
SHA256cc7714c6ef444133d5ac345d54e09ad7eda0ff7ee59797037f75bf45d677c038
SHA512379733e0a71de74a0025ab6b1c3d82ee9a13bc1c914466bbdf0988738c54a323f7df2cc224a703fac1f5e42db3ea7d7c9a8b8ef55606b7d2c5c864208b4f771f
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\gift_bg_normal.13d51e4a.png.old
Filesize4KB
MD513d51e4a0b8277905e442b1d900df92f
SHA1c7a1decaf878126e719f622ca792976df26bc1bc
SHA25618c7c0ba6001ee43b464ecb3554d151fdbdb8eb2c4c9a1fa0772fb0d46ef7d57
SHA5127c3b875299865a399aee55475186c066eff7857e29c0254e68d3d59bd0fc39041c64571db1055fd21160e6feeb0d949ae32bf50aea3fa6e28c5d52bf410fd5f7
-
Filesize
7KB
MD50b211d759807a65a50e8f257a0f2420e
SHA10fac404b29629b85b20fcf4fb3fa7ebf658a8c6b
SHA2566d83712a89d88b53ebeae370ce10fc85a8fe08e98639b1bc45ea0251ade548aa
SHA51275c7af5ac59989e72285b8e0ddcc375422088ca7e89c4b2067173248bf9235729568003b45f87f3f112e81f81700d91d648e409ff8dbd8eafcd2eb0712abfeac
-
Filesize
52KB
MD5d1ba99a111e4dc36190e276f11895a14
SHA1e93c50fdef20e18d60d354dca92bcbe468154747
SHA256d62aa275af6642f9f3e544d80321cc97bf9dc92690566a4bd8c22d9e7e149df9
SHA512f58554847939749f8e4e20cbee623a16538672575088689800962f47becdb214d18b9bab663a2acd0f03cf3b835b50772cfe279ecf7dbef5765c749361dd02e1
-
Filesize
154KB
MD51c0529b0bd785b4cdba37dda169be707
SHA1d9b7fdc7c23a8d278222a1bc4481c4c0a955e7b6
SHA256473aa04a2f6d997093de710493a4487084b6caec0029f1859e8c81adb027198d
SHA512ff929aeab03f0a53afc28ae5bebfb93199d519447ff963ffce4a229954bf411592a57eedaff4b87ce4a18edf3cdd4cfaa4bb5252d3a8dab088ee648785931a30
-
Filesize
7KB
MD5c6e1e1e314c4f61a520bd0b50376977f
SHA1aa5fe9597f8cd0792b18490c45c00a2d026cf9b0
SHA256649f982820d9caf4540ffac713cdc8c4d3a31bb12ddc11b6cb075c1052c0de92
SHA512670f434c6b015d8c154c3e8a89ea756cfb02cfbc7b9f483caa9ac574cc89f700d7f0898bd0778f6feb11fc9c444520a49b4ef77e09599dbe5a65ba57a1bc95b4
-
Filesize
9KB
MD5c3df2d090aa216ba942fe0f20c958ee2
SHA16cc19ad7dffdecce1681b1f792f9dfe20ec96d3c
SHA256024e468cd79a2a77e8ab3b9324dac9d1374ce89c703d7c693c675f417e39821d
SHA51232f36584fc061d87b567b3bad33ff630887f2e14f4e42062936cb222e30addbddd04d01c32ccd4a67c59bd102821394ad91cd1975e479f2a9fe989c4119c6194
-
Filesize
4KB
MD59b9d79a585e51be94bcd58e42d655e89
SHA1235f1d5f8d8a5bd4f9f2c9f5e3654505d3cd340e
SHA256df1d1e1693f395313fb9e4eb5c46e67d8c6bfe45386eedcc2626f658992883d9
SHA512038977f338b521e644d641c1170987679af94977132db476eb986374cd145560c7a2c225c9de99c9d38d713252875fe66525f9e94bc065e77b2b5b69985b04c4
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\loading-oversea.54e4db97.png.old
Filesize18KB
MD554e4db97aa581c72ada118ea8e3116ef
SHA12e77533d7d9936ec05b22d42815bace937b71af8
SHA256064508290665a3110f129d0127e747ae80c59ba2ba995f33083b08160c76f527
SHA512d4756f629e74c45e6dc0aea84bbefee7c637a5b90ba66c98076aea7199b4e710ef6bf8437a79a98d9a954e37e18b7e30dd82928b01805629c921e2ac0e2b4bdf
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\loading-uptodown.b3670225.png.old
Filesize22KB
MD5b36702255ed6173a67d31166dd30e60b
SHA1ab832cb4c3a77172b91dd9340003804db3ff7ea0
SHA2566112fce1e01f1f31b841bc1496d1fbdfbc1c2b97be73d15f4c6a0d912e71b70c
SHA512d595e7387db012d27215b85f64e0f627d7b2f6d3f1c7480dd575d8d98fa3a75c6a4fd3249032abf8546dc6148f42d592ecb3e343df74449b04b0b9ab2704d715
-
Filesize
19KB
MD560bf42e6f8472eb824f7c215c816f155
SHA116eb6612822f18d720593edaffdb4883a0e62e02
SHA2563f5fa7afd7acc5e3d73de74bf0252d2edcd9864b65da7369263d0a0eeefa1bbd
SHA512755af12fc80c812973cc14d4cdc3cb79657f8f7c0cec365dc2a0715e0f25c012b07ba86ea783b6a3ef5ca649cc6925ed499bd6ec59a7ec7606026c0296035213
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo-about-edu.f4e07ec5.png.old
Filesize19KB
MD5f4e07ec53f000456714d80faafe4adf8
SHA152fb187eb1afa18333cc34688d0476e06bc12411
SHA256a61f72bf2c583974d5b8c76376dfc5cfb8f6d0b229565988a884f43a10583e6a
SHA512456a78835b2965ac33337789eca67a1eafdff61607f16513cc9945bfa7859a779db53948087232d48d02b67daeed2e12b2fc1c120cc461dfd796c51491dabf95
-
Filesize
6KB
MD55be3220076a14a19f5fde9d25907356e
SHA1bf0e942b43f981b624b12728883ed6d784fe4bd2
SHA256e80ffeed1a6779335ca28906da1072849b662223c0f776dae3bc9e4ce1de69f9
SHA512de49f581a7c3d88add885132bc03da96e51c2ef7ab65eb43919a7bf1350297f42eaebe9f438fc303bffcb3faa47cfcb73c2ad55e221679763122b65bb904e12f
-
Filesize
35KB
MD51aa2bd2627782333c51277d3827b5b22
SHA10e0fbefd4cc5d8a229dc7d029cea1fc0bbc4cfda
SHA2568bbb0cef40176b111c96ac0bd4a3cac0447a730166c8f6c23bdad60ddb1f9697
SHA512ad2af46ec78a6928b9eef4149362749a9a5b473d4cc1f8821f294cc4e264113c423bbb68faf17f9ce01c68c175bfe25deb1e55761994a1c3a386e54cfcd5aeca
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo-uptodown-simple.b218277c.png
Filesize10KB
MD5b218277c112ffe9b6f1f1fe57c064e25
SHA1d007a13ecfc40d5567706234b9b70206f065182e
SHA256b2ad11221f75608e311561fc6fd05993e328a3b86e839eba9a80cfa2b522dbf1
SHA5125650a31d28d8a22925d9e3eff289473258ccea5d18e57489d633a7ec46da3dfa8d6375eaf55e287749c1dae95d7c81e785c40ae1e368eadf2710de3efa61f980
-
Filesize
8KB
MD52d57816ed75556725280ac1daac08338
SHA11755de38f7533603437ba7fe34d78fcbca423208
SHA256e5eafc50188ec4bbefc1da8aaccded19820988cd466eebf5dcb2ea2786ea99ac
SHA512ce26da1df642d4fcb0bd5e1958fcfea5df74f5cafcd64a560a8bc099819a5051d06eb0168761e4b7cbfe5a0b464b2874d145fc50699461ebd15539d2bed6a30f
-
Filesize
6KB
MD5679094ed9828e0ccd83b45e21fb19e01
SHA1319fb461b200fdf75a63160a9edae60581ca6748
SHA256bb4fb444b33c46d797e4124060175b79ae704390359a4829feb847451536b621
SHA512c1d7140ab2da5eded8884991fa4fa1c46391795f553b8a0e77accb480fdb1a24264872231a7b74424c3750135c997d37b1252c3a26a8f684c6d7027197013e7a
-
Filesize
901B
MD5a0435d4b592b6bce4203d7a833047a7c
SHA13c71058e8995b04649988741d907d3150ba94daf
SHA2563b6f429e5209d988a297e288a74c096688c1c1e71daa6217ddbde80de110b29a
SHA5121d4bfe2207e3c56fb6b0a098c2394cb52e6fd851c71e950d1469c7bb489dc864a2dca93ef4868dcd80e33183acdb0e1607c23364a87a7386a33bdd18e5c47a86
-
Filesize
8KB
MD553b6f88bd4375ece1b5cc9ad14bb42b8
SHA1820381965071a44fd41327c965a8d8788dfe25ce
SHA2563bbd6f3853d5556de52e6300ab3cdb839e7f66d2e36a976f1eb7022e6e1e931e
SHA51209e9bc0af6a3c5aa8e01a7673adb7fd894e066cd0443091d7134d43dd5326a68e9b17a06bbf23b7866947ff5710eacbdc093c164eccc68c179fda86104288637
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo_uptodown.1d1ea0f2.png.old
Filesize4KB
MD51d1ea0f2536afe5ca163c6bdebd2901a
SHA1fce00df759304e57915c53accc9936ef38b06cc5
SHA2566cf731340cd9e8cb99fa1f6144cafb9b5d282ec0ffba5fd81b5b11bda1267c76
SHA512abbd3c155d6dc41c3deab2f5264c85486352bfb8c8ce2c4f2bc73bb2015691ab0c15aba4dfc3819930d688871be368117432f0ecb1262fa58be559e08094ccaa
-
Filesize
10KB
MD5f838f7c72f1731b4eb1ec991e0c671b1
SHA125b9e6052bb770eb1102c52e584581eea92d1aed
SHA2569bfdce32cf916a2b220564966ad75b72e52a3320bd73ce42dfcda8b91574bf71
SHA512f7c40190174426de9241c5d5484bed575fe3cb73af032b1d4630a09f05b2280d4056feb33bcb13694c1d7f13693e9c0aeeeb0a12f84b2b0f81c618e7b8af18b5
-
Filesize
37KB
MD572e6cb29365c8f5f83c18040095cd228
SHA18101b1e35664f70126f247934f25ec1cf2075739
SHA2562db41802f5d6dc78cf35f6c6f75b09cbc9a9f152f01ac9fbc4cb556278b04626
SHA512a9843525b570ef7b51d28fb5c9624d6d117dd9dc3e88c470d9c0b70b3549890d0151b5a6fc2caccffa188464831ca748ebe309de5da6afacca9b0df39d1b7bae
-
Filesize
100KB
MD544ace2d22c6ad86c0913e3d05c9c3f74
SHA108ae15f4c6d299ad765357f8f428ecbcaab0b659
SHA2567775e50a8fb564c3d17b8e3276d033d3852e52dfede0ab3fb8291a621ead40c9
SHA5120fe365cfb1f2338078496d77dc958f001003b8cd301574e74969ac5e859e75ba808bd84f7078c7bf59f4245aae20ca7ffcb01d8ccc73f959cead04fbccf4ac54
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\newback_video.9862b89c.webm.old
Filesize25KB
MD59862b89c97560057f2e4783159e5e82e
SHA1ea2c23d16ef3d6b0345e65e21b49b218d4bee260
SHA256f362dd87dde5fe132ea6d91b6a382dba788a8bb1667400b50bbb4bb34966fe8f
SHA5121d7fdfd8ba8565eb674367e5aeb8b25bfb4e2268d2cd99405d76f75261ce10ac74a56b70262f59a8dfea22ebd12f2bdf00ea27571ed32c709237123dc3c0bd17
-
Filesize
168KB
MD50220faa8381e473a302d60eea06babe1
SHA13958ab249d6759942a3dfa1d534055dd7edb5c9e
SHA256ee91fae5ef6c4d018d01b67a2845e4f2899390f27cb4ed1f38ff700e376beda4
SHA5125ad4cb4d15050e55da1105425748958cdbf215de8544bdd3d2babede79c780d1e8bbc3d32c1f88efcc2f158d254b62fa4b1c38881792ccd9a25e84957e2053f4
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\page-common-background.43681e74.svg.old
Filesize5KB
MD543681e74ebd51767600d2fc57637b4f1
SHA1ac9ea81eca17aa1499181e2482aefbd6a77f6ec8
SHA2564e8c66811f416c7a237d4ea590be4d6c4a6771754a673b06ca792f50871e59bd
SHA51229770cb3b47b70e359510a56cbf1f532a0bd8d07f4c1bf000b8087854d34a1c0ac0c33b543f5aec40a2cbce748f505ee690ac20218780e28197400066039039a
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\scrollTopSprites.abc41cc5.png.old
Filesize20KB
MD5abc41cc5ed9921bfdcd57b13013fe18f
SHA12e142b09621abb064be80e33a557c9a1384eb1a5
SHA256129fd569cc6a8116fcaa5f7512a62c3273d362fda3e9b4e9a78b3eea1337a821
SHA512bcf0a774ee32a2a344f94c5d49b75f080c93cd49f5aaa29f4f89c31bc4e5de4f3d550413063ad72b2a6ab20379b36d9e5398d241b96d7fcad8623a80aaae467e
-
Filesize
158KB
MD57f8f861c6c2d91f0f49cb26d0a6cfed7
SHA1b7f004cb202222bee586cc449f0c5a4be246bd6f
SHA25600a69a3b5ce25a7eedf88bce0619ed8da7607618de85cb7f8f2c132a4a0081bd
SHA512334d085a2ebb1b2288a75a50f35f0f2bf82cf80ff05d1a61d3a157599373a5dd822d984fde146bb1def856cba4bec55fe585b99d428364dcb85ac2ef55576ef0
-
Filesize
2KB
MD5ced611daf7709cc778da928fec876475
SHA12dff0768f4c0a53228761eab917e2c65556042d4
SHA25606d80cf01250132fd1068701108453feee68854b750d22c344ffc0de395e1dcb
SHA512715e81b2e85cd3de2c31001a08a84647e4b222c674aa60e3cbe80032043b2d5cec7b364e8cdc24b7fe29e373ad2ca66c2ee5d22b327adc349d576951104c8f51
-
Filesize
1KB
MD5d41f55a78e6f49a5512878df1737e58a
SHA13331eebdd4ba348ef25abe00c39ffbe867d46575
SHA25637bc99cfdbbc046193a26396787374d00e7b10d3a758a36045c07bd8886360d2
SHA51229b8e7b7b2f6a81c1e6ccee7c8b816485c6b7b0831a641ec7204b2cc9486b4258f2819a144b122e57f74c3ac13ae41c2cded4154044e5094048e4e74277a88eb
-
Filesize
1KB
MD5b7c9e1e479de3b53f1e4e30ebac2403a
SHA1af91c12f0f406a4f801aeb3b398768fe41d8f864
SHA25626726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
SHA512976f6e9d65859b1a5e3bbd426441e6885d1912f5694f40e2897b10f46b3bd0c7d940f7917a6050d6bb8cdeaaa5e5f0332391d3d398f6c21ce27299dfc7036911
-
Filesize
8KB
MD509b1666e426c82e32b94cb44947d9f6b
SHA11f16641097deeccd6b6b5b63dbf9ecdb3070edae
SHA256459dfea3665da172a442f5973f40f0fd10061e787634866117cb6d5971ef6d84
SHA512f039eaa233c30b84cbcaf2710ee794d9f7a1cc7e15a47c1be21031d3033db22a173334df7d29baa3a4f81002934ef598d24af13dda2e07b4d07a15ac08633638
-
Filesize
86KB
MD54f8ea11f15166ff6eca18aafe067355e
SHA127bd450402187a135aa417e7a76eec29a3aab65c
SHA256458bbd7488a244bf0b843c13a16791924f5e3e6fd88b2d470313dad515732d83
SHA5121d9b84209697e2a6c49125d24e4191264de569e3c9130432bc531e84a884bfecfa74d06899979487aedd751597fb34c4b299f4ff4bf7c560fab53cd22b00c5c1
-
C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\toast-loading.de809d29.gif.old
Filesize14KB
MD5de809d29d49e3c49ec37b45fd6512f21
SHA104b434b12b92f98905e09b33ba5ef53d8b580ffa
SHA256b2e70655375661b93b4b76928fdabd83c4bc18f13952419501e8e81e1d70beb4
SHA5122babaf81eb131456f1de28266d2fa07ae09f36a9aae336ea786ca2dad2b84d51affbff6d68531564328dc39dc57e67fd948d4dccd204a8299a77c8ffc99c8cea
-
Filesize
232KB
MD5e06059f9d6e1242728db97927b0cadda
SHA1989f3590e32673eb0d33f6bcf032317f798faafe
SHA256bf8349d7095eb91a6be53e12af5fa8527fe847f268eb1ac0a2183df9c44c9edd
SHA512ab6a936cecd473d2e8bafa61a48efd6123c6cbe16df58f9bd9b174aa159dee0bac15162e9c3dcb33b4a12d8cb96d4a1d73b8a819d233536193a5a1d0eb9c4eb1
-
Filesize
49KB
MD5cb1fbc2ff2ec4248ef2eaee3f2a93e4b
SHA192359d458b00f023d99d5663bedfd2a9d6e7d27a
SHA2562fb903a9b875102c10f8af54894a8d778e6c3907ef36df6343c29266dbdbd51a
SHA5120d520dd6d2ccb3d2d80642bf556f415a627081ceb0b6166f1b8d8dfe3dd17d01139a4c6cfeac84d6955d85100f4e8a824b4f83af5851f05e330e4fac78d285b2
-
Filesize
527KB
MD5b58c94617df43430d2342a66eaa0a554
SHA1f8eb3f773a9851652bd594cde56ec97c4e58c5db
SHA25674c2288b4ff073c5c947f96b0c79a01c587981a8b9440290a9ff33aa14f06e6d
SHA512b312043f96b739eb02c4352fbd4b773c52e04964bd04a9eb8e8cbad1fddb00c683c2001224e264a9220e75c41dc6de0163210a3e372220736eba24ef3524e6db
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AndrowsInstaller.exe
Filesize6.4MB
MD50238214ff5f8a40a66d535e1795fed50
SHA14bae3cc8981968d9ef13232ad731407de7af5f0a
SHA2568e91ebe57ad70a58866abdbaa5a406a3b036e519e9c4463e5abebe3986001792
SHA51207b2061b6955e74e3e77ed23707bb7f619deb1b96bef639ddd8fed5cff470d60e0bd55cbf5312790170ddfb590690651e02709ec9210c8043c3d418f464b8c96
-
Filesize
292KB
MD55fd0b9f7612369bca18996d8aaa9f62c
SHA1316f119b126302e20a9eee501614a7a9feeeb3a1
SHA2569937addc0f2eea66ef456a53b21f93e8ae2732cb83f3e0e08e94e763f0150537
SHA512b1020ce74032d033ecec93edecb987a0d9c266b8b022c397e73965c4b89b7d2f873a96aafe193b77774407a6738b0476ca5a5ed13342ab39d377f57ac3545e83
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\Res\webctrl\loading\10.png
Filesize8KB
MD574a1a84cf7dcd03933a27e414ea1e354
SHA1da891deea2b1b8dd1cd15f97dc41abd6cec7c901
SHA256101ecd4b2fe8076a437a4ce1ed4d5c6f92acd6db0f2bb79db64a40bc8cbabe55
SHA5125eed2d9c7b426b681703ca1a26671e5dc984de39e6c71b0fc7f8bf0aa27f2154a907a05ce25fae6da25e53220f8a46d31acb7cfccdce33b79acdf9e1a5e5be69
-
Filesize
7KB
MD5ba50063cd1a85f562d5c6a92f28fc062
SHA141d01f5bc2c800424277dc39ddfb4a70bdbaf00e
SHA2561d02987a9b23cb3c11ad6c8123446efcd8e43c0069a616ff09dfc80426a82861
SHA5122fe0aa3e2b6dd171f25d792991328737a15905d290a3d32c4fbe6bc452976c6cd88e157b98a032f1348e53d26e4eeae9928d430e700849baa95e9c73207079b3
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\TGVoiceBuddy\I18N\1033\GFStringBundle.xml
Filesize3KB
MD5fc8ce34f4a62b9303302c1bca236af54
SHA198e924ac192dcf6d76a5e9db51252ffeec16e183
SHA2561568009a2e2b87fd2c80bd1238773e11bb096f7db0165c9cb0124a913dc4bbc2
SHA5128be121cdf463dd207d436abb758a07f89f83ee73127428fc868eff927c9b14afacf6685bb1e27b681c50eff1eee6f417c403aa4513960c5268a471388f40bbd0
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\TGVoiceBuddy\I18N\1055\GFStringBundle.xml
Filesize4KB
MD557b3a79c8d67544148b4a3a931755da1
SHA17f4806fec0ca2cbc41f1344e1717ac4e627b5ab7
SHA256d6e1a0b5b8be7703ba735fa33d6f95b24d798e965809558dad356933a32f0838
SHA512b5dfca652097cc27d4539212ea526e2fbd6c3db2b8cd33d07822396f2a3d5358a57d462333e6ed4f668554475f8a478f1c8d438c61f1d6b5179fa6ad87d9831a
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\TGVoiceBuddy\I18N\config-zh_CN.xml
Filesize268B
MD5c620fd72f8c0dcdfe1ca656da4321d84
SHA184da1abb07d9225e32f1f1cc8dca5e5713f1e2ec
SHA256581f1f16ec516fcefe8b940bd38f936022616d7c0e0665918981f4769e1dec1d
SHA5125677644550cbbaf4c136ae04a3ccfb4f4330dc120b561bc0fbc36bc3d311feb58b5a99cc4dddf106720f8e9f0b9f605add92fac5fbfcb07c17ab5b9b40484f03
-
Filesize
655KB
MD53250be17f84e19a44c9a484f54c760e3
SHA14253ef01c20c63a692065ee9a74d4abe1eea3b74
SHA256e090e0cbf39243c8a4625b6f281530cc55609dbcfcfc249300765acfef1105c6
SHA512170a6702a1ad1c034973b76c60f3df3dc72646fbae1e8c1767d6803528c7b68041a76f27494b2347ca3f9bfbe0a92a622bcef0b6db4b3e1ef6f56a6d86172ce8
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\WXFace\WX_default_face.png
Filesize1KB
MD5254e845033d51419f8770acf35c931a2
SHA19e267cf86c136d738eb13ce9ccebca95234cce63
SHA2567ca81ae30b2b7e92a40b1fbd30dae53344cac06dfeb633915b6407c8731e4727
SHA5125dccaa119fc1d7c8cf17bde8201313c2cf00784bd85542ae8f02dd2a46cca748e38c9d94a8d56f4ba9d805bf3d16b2882314bea0f37c22b7be6a2443a5ac0af4
-
Filesize
103KB
MD5022fc5c29d8cf5ec7abe4eae57e5e311
SHA14a44c9a91d636bd6aadaf787f83e215a0c690311
SHA25688dccc3165b30052117c4fb9a17d8bd08ae014c8d6ec65366331fc078abb54ac
SHA512223a4d990462770a365bef618d287e84e097a1ea7cfb50043a063105326604296e63246c8f3ad89e1a611c178526e57d55d422caf8620ddb0ec9381cf031a0a7
-
Filesize
1KB
MD5c99bcca61c47433e0df19b4a7668eb56
SHA1009882353bad84d3cb5ef15a4bce629cbab731d5
SHA256010c86cac8101a693c2f35f798c40162fdc510cf809fa2604d42ef2b929a0062
SHA5129ea53f7f2aeb5ba9a65482694f8fa0becfed2b3abec1918453cc630122e7a9f089e625a736e5f109119aee2f4dd3a40defc2e8a24cce1619dc66a16f3d3136fb
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-console-l1-1-0.dll
Filesize18KB
MD511e55839fcb3a53bdfed2a27fb7d5e80
SHA1e585a1ed88696cd310c12f91ffa27f17f354b4f4
SHA256f6bdc8ffd172b44f4d169707d9a457aeef619872661229b8629ee4f15eefff0d
SHA512bec9419e35de03cc145b3c974833f73f1a5082d886de4739351b93bb4cc6c0234efd0e35ad845faba83fa600c4a7d5343eaae949a837d00d5528e6db79438ee4
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-datetime-l1-1-0.dll
Filesize18KB
MD59f3cf9f22836c32d988d7c7e0a977e1b
SHA11e7bbd6175bdb04826e60de07aa496493c9b3a3b
SHA2567d588a5a958e32875d7bd346d1371e6ebfd9d5d2ede47755942badfc9c74e207
SHA51216c98e6aec67ffe4558c6d3f881301490be5d8a714c1adc6735005613251adb8e1c2cb9b1c0d2504a9a99c61a06b0e30c944ca603fc00fbb18cd20ba1c9bd697
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-debug-l1-1-0.dll
Filesize18KB
MD564978e199a7239d2c911876447a7f05b
SHA10048ce6724db08c64441ce6e573676bc8ae94bf9
SHA25692b947f1d6236f86ed7e105cff19e23c13d1968861426511b775905e1d26b47a
SHA5129c64211895473ffc7162b56b0b8e732dec54cf03ea9b9b36fe3cc3339c35fc71fc7173d4e146989db399cb1bcb063079378bb6f778f7d2591cd545550038397c
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize18KB
MD59d74d89f2679c0c5ddb35a1ef30bd182
SHA122eaed07a6e477a4001f9467b5462cf4cc15cc16
SHA256e207ffc6fef144e5d393e79de75f8f20d223f1ac33a011eeb822d30fa2031046
SHA512725626e961d32398ea5aa120ac0339deeb493fc02ee7ef4d8e586173fdbf768b5cbb1f16f093ae4ecfee87e661170f8f832777640a353df5d651af4a62a2d819
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l1-1-0.dll
Filesize21KB
MD5d826d27c73d9f2420fb39fbe0745c7f0
SHA16e68e239f1a58185c7dad0fcfaac9ecfd2e5726c
SHA256c0e5d482bd93bf71a73c01d0c1ec0722ea3260eba1f4c87e797bae334b5e9870
SHA512c49843eb10e4e54c66e0e194dbd29ceab9094bdfe745b6a858cb03e34d73a6326f54804e5e5505deacc87146cbdfba17a0f02e62e76c685bce0cd1ff41962ff4
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l1-2-0.dll
Filesize18KB
MD5ec4f2cb68dcf7e96516eb284003be8bb
SHA1fb9237719b5e21b9db176e41bdf125e6e7c01b11
SHA2563816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088
SHA5126cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l1-2-1.dll
Filesize18KB
MD5a32230b9bfdb8813e94d095222aafa11
SHA104b9d7d2a3f92a0054af2547fb6176385cc9738b
SHA2567068d2b8aea252294e6b5c3bf3630475d0a91e11877f11a04e8ed1f91196410f
SHA5126484c7c7fe574d797c74c285353040dfa364b9a9425cbfa4a4c8bba698176656c78e228a33c9eeae39a97caf2ab192f1f02dba472824f8a5757db5f14c76e2b0
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l2-1-0.dll
Filesize18KB
MD5b9287eb7bcbfdcec2e8d4198fd266509
SHA11375b6ff6121ec140668881f4a0b02f0c517f6c7
SHA256096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895
SHA512b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-handle-l1-1-0.dll
Filesize18KB
MD56a35a52d536e34ba060a19d06b1dac80
SHA10494a9cbf898e5babb6e697fc2de04a128d2fc35
SHA256a369ef130749bf8cd9f67055179e6f537f200c060af47493d49473912a95021e
SHA512a8aeb58bcf4b314212c2ab5a8fd3c2edeb97e680f774171d4a79390aa23bb62a414aef0ecd5286ffb68b7ed8f6e713ff1892d6d4cc2cbb67de916c6062e762d9
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-heap-l1-1-0.dll
Filesize18KB
MD5ee5c2fb7bc23bfd06ff32556cc7c3b4d
SHA15d60ebf016219bbec340d353a4fa541fff596d3f
SHA256efc9f0e32bce971900ddf66a1a9e68daa3bfb2099a1ba9f24c6ee82da2cbd6e8
SHA5125d1b8a130c27d8eb63ca0c836bdf63e76afb311de26ed4f25b073bda843ebfa25e136849e3882822257e3783058f30af818a96764d60821a40329cff4e1badac
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-interlocked-l1-1-0.dll
Filesize18KB
MD548a5e206d92f3102256ec65e8d570ee0
SHA176024fad398dfa4734afce0cc2e5ac117f090ba6
SHA256a272ae4fc60e511f48950b08f106fcdd3bc86831df908ee78d630f1ae921880c
SHA51265407da566b571e050c25448be6042e84b0c1c7248422cba00b543af9de425a723b0c7c54c4eb6f534e42b1679a058562d500875ddc4f2b52e6b8e6107b1b575
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize18KB
MD5e33f52e89dfc376eaf7aa655f260ca76
SHA1b66e1f934f491544190714966031b6dfd2e349ec
SHA2560bd03e89a539aaa3100e2f7d9a058964730320e55aee1f85be8fd243eea7017a
SHA51295cb889599801ba7fa225b633d0fe25fdcc8b495dee5eba05b15a6e53a8a3643b5defe1a881236c40f4fa4365d6775ece067dbb526afdf2015f4d1355c9dfc57
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-localization-l1-2-0.dll
Filesize20KB
MD5dbb81fcc74c59490008ee59bffff5a6d
SHA1edbb465ab3bea3a4df3f05e5a4e816edbe195c3b
SHA256f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1
SHA5122847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-memory-l1-1-0.dll
Filesize18KB
MD50ee9e0c830a7534dcfc9be72146796f9
SHA1cecc860b494135482ae693f8e252301073a98578
SHA2568f3f0fd765a37f48162f0bd00c3047e79b4eda355223bfcbed4d35b51349cfcc
SHA51247161e02f4478464ab45c1e3bf9d244d34613e0e68ebe48511a9a0c4e7f8ddb0c1dfd59707c6968c5d76d5027cd19ef748d1235bf74b976410ea6672a6a4bcaf
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-namedpipe-l1-1-0.dll
Filesize18KB
MD51557093add722d1c5a97c359bfcd0d77
SHA1a8ce995f00a12a81a13d3ef47ce0834178ed69a4
SHA2563a20635a223e68418c22858413e8c603aac25723de1cb0f54dd675349ec3213d
SHA512b7acd6882b4d36b52f1e49e4b61ddd025de8503f765b72c94ec5a0d85b6ced513c348f7c4898675728c851a2632ad71c78937cdec9dff994b7b27ed2d85cdddd
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize19KB
MD52a61e4e21bf255107884b6520af5bbcc
SHA1884eb1a835bcde4e7fd98134f0be797229f4239a
SHA25664742ee0729cbe72555247b0165fae03bea7a6b0147869253dae3bb0072173e8
SHA512d0ca104904352586bbd3da654125b3df9355fe250938a465e8e900d135cec397f1118fdf54829b076df82b8e45fcd7656c2c7aa33ad3c0af5189f7a55e43f498
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-processthreads-l1-1-0.dll
Filesize20KB
MD5d5c4b8f7260563f72150a84fe884ee31
SHA1dae1185359ed25a4974504cd1ceaacde28d4318e
SHA25602839f3b2bdf6adfc89d2f800cc8acda59a40c3e7ce14ef3026f4c72e202297d
SHA51209ca23413eecf1df94aa36e53fc6fff0f402f21eda2ef79be6aa087818a5bb82ed98db790a2b5cf4ef91a8f70d8e27f56313bc2054a26872d2cad611c472f0b7
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-processthreads-l1-1-1.dll
Filesize18KB
MD5f61b9ecb79cd20fc2e8fce87286cfe43
SHA17a48accbe43e156f886f1f2836f74e1043feec59
SHA256bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386
SHA51242ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-profile-l1-1-0.dll
Filesize17KB
MD5a472bd416bdc12668523670360650910
SHA1831d930ef9917e0dccacd8e7f7fd6f3d90082441
SHA25648dceeea29558966c391cda34e5755386c2e7e252ea0a03d8d1f21e3cb370c5b
SHA512166134e6c3403f4437e10afb514a55677481d3b03f7cfdf17917a0bb6fa1f387feae58d7dd5dfbc375eae66d24f10c3163ba5958c22beb6978c0b778c2883b6f
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-rtlsupport-l1-1-0.dll
Filesize17KB
MD5525a156e0ff61306fd44bf7937cacfae
SHA16a9a88317a55c939c0cb9f77256f5c3f961d0562
SHA25641c69b545d931045a280f83b2f5fbe0ea18c35ac42dfca54b661b42fe8e4f982
SHA512c99147eba45e9561b7a2802b0c15a2df2ac886ce95a95f2980f8bf4d1dff92a69b94f11cd17383b577303f24295b1b7e52b8c80ad26c0bb08862c726b9cd8841
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-string-l1-1-0.dll
Filesize18KB
MD5e57ec98e69961e45cc7a4e0666d26b7d
SHA170462a1d68bf49908fcb7186743a47a1affc5d7d
SHA25652c9b061c4c74eeb70019edde2b690c7e9d9744979a3b718d6687b3a83f00def
SHA5124a450bcbce0eb3f98f78af07673227a55cdf8e7840fa892196cbb8d0f90551b32731f70f171644f8097fda97d57caa4b7430023671b19881764613231a20cdc9
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-synch-l1-1-0.dll
Filesize20KB
MD599572ae21d1c8afe3d02f1124979e911
SHA15b17addc80b1406a3eaa615f5e37d92e953a0bb7
SHA256e7d39dcb79d739ec030e9a4e2165b264a24c400566056e1fda267fdd1a8b36bd
SHA51227ca8149d1f0c625de90a3f4cd4a4930ab0c1362ee10a7131ebfd2a88065c2a34c8ad7fb6d95ce33072146b9309488cbfe122984606d631b99d925e3fc42fcff
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-synch-l1-2-0.dll
Filesize18KB
MD5e4110aa5c8a32b63de2c85e0bc297c54
SHA16039680f47750cf56d0c9a1768de815a44b83de7
SHA25601bb32d692b86ebb39a76893125e0f3aaf957c6e4bd682fb46eac32f6fb65be7
SHA5120631ea8224403ca113dff9b17852e92c1fcb2820e4f335b668b12689d2a8f058ba33905692f2fd0f4897f8f766db816747ec95478d854b75a0803d2c899e6d98
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-sysinfo-l1-1-0.dll
Filesize19KB
MD5a13048905fc64cd2103094c871c6d826
SHA1cebb1a74bd5196a3fe174a20543335074a1b7397
SHA256fb23439a5982e723e8e4ae1a5a35f9bbbfba1e76feb4596668f57093b231da6b
SHA512e23effc6c17177d07f43955cc8ffa17ed05cc2c0a6430078b37de8536170dc3cb4f8970eba1049b10a789ab5acb423745f9d842dac4d63d5714751186a3f071d
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-timezone-l1-1-0.dll
Filesize18KB
MD500b548bf3eab7a6debce296ee5e877de
SHA1ae18022eb78c192ac3baee32664b9eb011194772
SHA256d592b91a087c001f9ea38dc5912a90c78fad3a368879d04fd7e5650ed374c8dc
SHA5123ba15d9a0f1680c2b182cf04fbbfcb0d4f1b607519c161c590928930ad1b3eba8bd417575a51305b9552f0abf0064c74267336ec09cea709aed9228e4eac799e
-
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\uires\window\logo-oversea.png
Filesize2KB
MD51af13060d206bd8c2d07035be2c88ce7
SHA1def54fe95fb4109f41c307d809e27311362e93fa
SHA256b45cd60fb9b2659f6b177c63abd3a4eb663912fb9531c97f1942baa36bb2d298
SHA5120bddcc1edf3b87d50235af479297ab16d0f9d7d5bde4d5503c5b4607961f416ec4ca67d24f9f4f454c24152a70673045df66351b2590c11f4d93794c159cb3a7
-
Filesize
152B
MD5c0a1774f8079fe496e694f35dfdcf8bc
SHA1da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3
SHA256c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb
SHA51260d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b
-
Filesize
152B
MD5e11c77d0fa99af6b1b282a22dcb1cf4a
SHA12593a41a6a63143d837700d01aa27b1817d17a4d
SHA256d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0
SHA512c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36043620-5ed6-4b58-9f00-68077f90c1b6.tmp
Filesize9KB
MD562ef10200d91bb60bd892bd4f733e579
SHA1f71eb2d8b15e89b4c54bc409ec038d71c5e0c70f
SHA256ed38a87afe8de54b53908cff5ed2d4c42292b064f77bc5755ca69e154618c9d6
SHA512e0843d60a8a9fe06250bb913a4abec60d90493b083f44f82f1bc3892bed9f9fe2211351463e7d8a6600df6a425a4e8b20e4c378e84e28ecceb74343774d97351
-
Filesize
47KB
MD59f96d459817e54de2e5c9733a9bbb010
SHA1afbadc759b65670865c10b31b34ca3c3e000cd31
SHA25651b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609
SHA512aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
26KB
MD55dea626a3a08cc0f2676427e427eb467
SHA1ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f9ecf4c9c99f3c2c98636afc6b335327
SHA1d40fa478a000cd4152769559d1c77f78cef2d9c9
SHA256f6a7bf73b86c17ffaec50f2fe082d37378f8bd89610ed56740d37b2d1f30f779
SHA512c6bd81b1cbdbbc20d006769475e8dd11526b3cf5d908129b855f9a3b7201bb6041df7b77584c7160292b06b1683a478d381c0e4636d7a92c0cc761d150545413
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5ad877c370ec70a628d29ed19ad3f95a7
SHA1bfbe445fa4492bf8ae496e0c1a8c13d18534a4d6
SHA256c1196c383307b9efccca0648373b2c58d36253d81df27bfb459d809bd37269fb
SHA512b2129dd4df4cb37805310475438cce5a2517f12a877ab62ff1c28ff8fdd52edf90987f447082579158c4255d4e3ab8493f59e0a68d574010b6accae316c31446
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD56a42533b9950e506d7674c186d9c1739
SHA14582e863870cd869661b1836a7be95583547ace6
SHA256f2a09d48a964b7de59d40e987ee92a0b7d5d47ae04dcc265ab934f7fe34171d5
SHA51256b29501111ef59bd1392da2993b18c04c966f53badd35042afc6b87a567e44297636be9828cc09aa156fe2add63997f44de3b5c2998f88ed76e338b24786157
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD51d0e493e961d2a7bbaad2734bf4d4722
SHA1c71038fd1570fb5a32332addaa82b0355c4a37e5
SHA2562d0dfab032e8c6c7be16839ed0c5e6dd272dae9de2e5e43ddf8e6cf04c06041a
SHA512cb9e05dc1b56abfb6d1c56d5ecd91ed7cd50095e5f366fc2d415453fc94566bbe1ae0ddc71717cc5c5485aff3efa1ab4ca6df4610df587a5c7ac386341158145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
2KB
MD5911d008431dd4dffe9105f2e78c5dcbb
SHA14c728838014b93c70f4eeac579cffbf4ccd57f44
SHA256647c859e3295867cf253a0b79bb5487343a05f3148d5dcd3eb4604bd0ebe38dc
SHA5129b5f64c517950e94a887d8a625d28ec0c68b6dc10976f572a25edf0e0fc9947a07e83e2b358034fcc940850be4e6c41f6fbabb94e48c2e08cd16f2a97db57d1c
-
Filesize
6KB
MD52b92668db7a18bb252e2bb8d4fff7a2a
SHA155743135fa167f8db04c3c685e669e0aceb1c74d
SHA256988fb0d6db7a628832a9a5dd1bae1cb30548d027b37882accd3427ee332818db
SHA5120bb096990c66a94f555b3c0863543625e2628c9a5b10a0ffea104896d54f05732e47d8407832f4ba25c71c4b64b9bbacb90dc78636521f0cdb74335fa5d72fff
-
Filesize
2KB
MD5c4cf0a317d38f8fec8aac13b66e1d8ff
SHA104b4b25b9201de5c0a6f80f3404aef58513f2962
SHA2565e282feb7b282d1dc6dbb8e2c784ffd35027faa4057ad5f4e15c532b85265003
SHA5125c06aa1418964b6d87415c3f58de07e3485b41719c5a7b4cc29e5fc9aaef04261462317c76686c9d106fe82ad438e3f4aadcc1e4b536435daa71c10e15093f46
-
Filesize
7KB
MD5193899ea764a4a11b726ef5a14f6b998
SHA167d07e8aa3436a33c2bc3cd4923b55445f472671
SHA256863d91b6ddb5ef5a576e055a75a35940d3b415dc4641c9ce9a293f9f8ed5bc9c
SHA5125dcb679e6c4d5e6587cf91c6ad3ef31b76bc0afa203a0dd7077714e3adc59dde165386ca76b73cbccb6bd0f6656335b9523e3b8c8ed47cb6971fa059f8bec3e5
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD57ee20e546f66778cc2812c94d761f245
SHA1d5d81131cd87af6ab6d486b16fc82c987f858100
SHA25612b841522bca2fdf2eef76aef7b535272c86ba4bd671a6a0162770442679cac3
SHA5122a4461b620cd041109dcd904f1dfd1f2b9a5828d9442ad94c294f18d66e3fe0ac2da4e9eae5ac2367279c8f2116335e102f8c57af118678aa9881b31ba3b2d27
-
Filesize
7KB
MD5b23bc27c4b5aafc02b24623e9b714a8e
SHA1e8112faf21218db5084ea43aa527a041450b49ca
SHA25680e1563eaa571b158a54a641bc72c9eb94460f3372ef5c6bf24284775b5cc2de
SHA51210c8d58a134c0bc2d87b4a97691182ca91bde87ebf37be310d1eeb2fb17a8d248c3773656f88a7936f16e71ce80d9022dff6baed206c13d321101c9f335a6b3f
-
Filesize
9KB
MD5fea9426fc67a7b7c6fab5e5db14e1d87
SHA1eb5ea900bbac035c52b252ab99cf98f147056200
SHA2561082c09732627a681c1915356a894dcc51fff45e064a9f21ce4eede9fa029fe5
SHA5122e716540e636b34370d58cbe36e6674b0c1952c6fcec88bd250bfbed2da9331dd25d0f1185ddf1e3ce0f473209785205b27c4d3226015d3c585664903f90eda0
-
Filesize
8KB
MD52e72040052eca017779cc841b9535dac
SHA1be8803f72eb8602262511c9ec26f93e4c7527d16
SHA256352e57a4450274b43f25989a37a0e1640ef4e2cfae2678578aff7303408374e4
SHA5121f2e50f1e85ea6bb81c414667bed281ce59b557473e5140ae35689fada6de6b7f4b79f3d5c36c9fc47274ec36d23ef6293f8fbfb882412777c88934e760c1afa
-
Filesize
7KB
MD55356f9886be2f72f5b53631e037d57fd
SHA18cf1657f096a373f18e37840154029d92a751ada
SHA256f5b4c7dd4024c1d1d8fbbe376c6e1ae21f28a2b3e690058695f891e851fd8924
SHA5125ee3f1dfa099c38e484f7c19f94d9973350b8d324691d79cb188039fabf6d4f4e238c226b8eb49e85de649f82500f1f74ca60356ca153897b3e2fff69644cd3b
-
Filesize
8KB
MD5e423eb19a44a058acbe5ee677f5c3689
SHA1d8113e68d98bf36e829ab80c3da586ecbd22f8c9
SHA2563413fb89e335f0048c61f0018b1ad6233a877a85d70f237138db9ca316dffa31
SHA512885437c9f92eb5e20db3363589d691c5c98672795c0a28fe8d9a5f13afa41934115f69144373e32880705ab7ab4cac9daeb7290089bd185d54ec8b4db01127a0
-
Filesize
8KB
MD533816137432b611ecd70da932b13fcef
SHA198086fa267a86c54eb15790dea5eb21091a8cdd0
SHA2560e6488ecd14d0d7aedeac1fbfad893bffea9ba4745b1ef77226a48b4df45e6c0
SHA51277789ac3e8ac1afa6c4038831430a19c541399ff24a8cf9aff85345cbfa20c2184ae203a5aba78fab3e2dab040fcb6e4a4f8aee5b86c2ac6dbdfd5d2dd8c4ddb
-
Filesize
9KB
MD51f5f3faf6da42cc82207d5bcf5bdd731
SHA1946ecdec821c9c7bef92ead7037dfc8d7596e08a
SHA25642369105130f943f6251946d66205425942d9ab16c347a4f246063dd47df3d53
SHA51228073ca9f308286cf4e9d868d40156226f8b7d4c6de48c09b446f690856253c4fd7f56941984601ee6f0673e88f7584cb6e4590ed01647a07eb42a624ab0cbfe
-
Filesize
5KB
MD5ed56d45623f91741f45f9ee0d83b02f9
SHA12fa7278d4bd3634a7a641f3a980d8856084d472d
SHA256a9782771d2f420bf67a643a3bcd96d95ce12c15455fbe2115061863a7b55bd9e
SHA5120e420751fc0cbc9c127172ecdc09639b0cee60ca10208940e83bb170e562874ea444c3d27361fb0ac7a41705eedf75e03877c6fdcd94ee43d790c81eee745aac
-
Filesize
7KB
MD5d675c47cd4324e3e343e901b751731fa
SHA138827a30fbf6899eae19188cb11ee698285f92ea
SHA25678ad012f0977a0d913239780b706c619794b76f6b4cc23e62decb8629f3b7b09
SHA512d76d659d8a91f2731fa594cbe2004ed9b767f1d2c30674fbef23404e5445a5e9418a7fb6fd68ffce07e14e7987fe62b0f32b94e9ee1d10a01c6812496575e2d7
-
Filesize
7KB
MD504b511cb37120b74ccaa7148fbef32a8
SHA18a8ba6a78c01d97d938be2d9565e94b38a99d810
SHA25697f94c81fc2d0cb3f02d6234d3fdc3b5fcce1f362f4ea573af1f1c1bf0c3710d
SHA512ce3b5363abee74dc932f6fbdb22d1ffa8dcd3500218a581f42163bfda9a45e4ff544f3b771a2448446c9bd6736da429f9311ab1d5f81f1640e71c53538b072b9
-
Filesize
7KB
MD5e9346f11b4895d23bbce234713f91cf2
SHA11cdfa57099673e93e68b4d5f8274351ebb91bed4
SHA2569911e5991fc3f9ee7a020654057d50fe87a3f9dc92d82908a0517f3f39bc3d20
SHA512479c985b00ebfb97025ec48163579625b9d8d651eb2b0a8f40a21d92e8f1dc9169ca2b1914aad858198e20b1714f2362fedc5e91bf1a9e42aa10ed3a677a8d01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5d3192.TMP
Filesize99B
MD56d73e93b29a190b2286be221209c96e8
SHA18064bb94dd00b04214a3c05814faf7481ef89423
SHA2565581cbedd0c595ea9cae750fd1bf149c7fbf52fb7e9a7229cf9db9fd84d90072
SHA512062a8b1b5c418cefb010930cf980c3ea2d2337bff1243b35e72aa44724a06babc607992326c1ebf43a51604dc9fa792c988c5e4893f12aca774ba0bcb54032c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\34cb3e63b107e254e8d4b3457fe14a457b21be66\17d2fe60-f895-4a53-be08-f1af67ddba5e\index-dir\the-real-index
Filesize72B
MD53a8232f67a8232597c31e492f9525529
SHA17ca848225f00accb5dc68f0d04cda2d470901492
SHA256437bfef2e9e3d571f279ff2eb7f038367c9669371d6dbd04920387b275b87f62
SHA512b9ea144ac0202a5a868fa36970df79e3071e60897c1732197997500b65662a2f681a677e813a02bacfec0ff9586d3eb9c7644b4e302c018b7651046a6e14dd9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\34cb3e63b107e254e8d4b3457fe14a457b21be66\17d2fe60-f895-4a53-be08-f1af67ddba5e\index-dir\the-real-index~RFe5d7fe1.TMP
Filesize48B
MD540f4c963133b4831b7ff9bb9a184eb08
SHA11a0a1997911a50ff500de0c290770d4f7c79c9da
SHA256345e09cb386635840fa6c54ab163b899738bb214c0d66c7b3cc6be66ffde7054
SHA512d696535178d057f1dc507a381ed82c8b3871de807b3d9b2f49258829d003f9100bbfa0bc6144a7f13797aba5629e7822f4eadd566a58ede8cb644b03b029739b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\34cb3e63b107e254e8d4b3457fe14a457b21be66\index.txt
Filesize113B
MD5e7d0c93902f05ac3c2ec57e719c8033f
SHA1ac121c97e1565e3f0c8df2d92e43ac83b63c6d97
SHA25688aee80a7d1c0eeb40db417f2c0c1b2deb8e66f5666ebcf30bcb00365b171721
SHA512df3af11f37eeb08c8694ea99c6b6f4c76495a987b6e56000906c4eec8e2fd382b3d0ce0564338b040666a50f16615c27dacf82a296ad0a9e25d6ca4ab87c41de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\34cb3e63b107e254e8d4b3457fe14a457b21be66\index.txt
Filesize107B
MD5db6319110ca237676d97b69f81cece85
SHA165282640c2c94acb559aa25f4d7aa0cf60c35569
SHA256727db8f653930ee53aa542225772a94c6f2c3107a9edc30e463e347884e317db
SHA512002409a03fc0a5dd1527303dc0e018ba80769bf16daf059cc069d2693f7eb63d48be3486349e9924118b44f99e694927f131a42e6020d6a8e3b972564a6e2530
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5c09a12a84da96d13ba874c7cf5603642
SHA1d604f6b28bb790d0841bc7456c703c53901aff67
SHA256ffccf132235e18df68e53baf3541de6b46e70537f3a72aa680b6c83a9b4ca757
SHA512b891839158c0857783b2f6bc8fdb38531a1e57e1bb881094fd63d8e51aff9174b4ff6789c1d951f9a19ed8c83e78fab26bda188114f21f61559809f58e7fed0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d7f74.TMP
Filesize48B
MD5e6c451ddb854e72faca8a7900fcbc0d6
SHA1101d297c0eaf627608592e6d2916809ec3b7719d
SHA2560d19a9d0b086f514945ab260cca5a746b77ba9327f43584ac52107e89dfbb6b6
SHA5128cc9f332fab6d6727f036d24b59cbf6671da8984f78644a1955c3da25b539b63a3469a4a0ad2df0384adcf7dad42e245280bcb352dff808020dc4cecd97bbb33
-
Filesize
3KB
MD5e9975b2139e096c2fcd341ba9fa69c80
SHA11cc9f01548f37f5dc0b4e7ea9ef7ae054dd5fd74
SHA2560ce63e375f4a439ad428086f8bb9af9211ff17ae91df2e31c2c03a94bad278b3
SHA5120862c04eb4382dc817763e8dff050729c92cba11edad740482822f492f7beadb1ed274b0ba8bd44ed1ce3b8dc40c30236ef57ba75e71349b25f82b2c35d82a43
-
Filesize
1KB
MD51dbe03d2f4a7f017dc46e5d87a612dea
SHA13de757bc7282e6bb10a35bbdab7eec2b13ce1f9c
SHA256102d7d7c72526b89bd6b4a30b45fa31f644b104f7b426ad88b0ad96d35d3eda0
SHA51267209fb3bc0527e54becc0afd96e27cebd93ba64d5f1f654de2984d3b0a04e78570ece5d494ee3e135a33ce48123105d2a9f68a6ff41c1131dad340495822cb5
-
Filesize
1KB
MD57e80a9c9f72deffec0c1454f96ec971e
SHA15df75d59df50a702b8a6365a4d2ea88068924300
SHA2566bbc37a47237117b66fd438018341d4f15fc0def8e6475a3aad84ff28c1cd6a4
SHA512baeb71b21db7d77f898dc884c32160fad419c4b13b75451388e8398aa4aa81a6138b33282c80eb5d9d54d1e6e65f382bed47e4b66589f8e0b4b6973f70aaa75e
-
Filesize
2KB
MD5799595390c9886b9e56f7f4f49a3e370
SHA1ba76c984f0453cc82281e9783d9a8589b1a581a6
SHA256b9c000613d63fd857268fa6a002beea96ef29e8d4e25e263e0a906ec61d79b2f
SHA5126d4a6b882d0868de379ab99d382d32c94f1d4533b66b5913f8614b65664b10ab45e6467d19821f30117ba16578481d487633eccf166cab8ddda1ee7ea8ecf63c
-
Filesize
3KB
MD5b2fbe5adcd424f058a67bdcc60c893cf
SHA1809777e0ab27ce4b8b6bd4abc35b01a065b7bc50
SHA256529d094962963fbe757bb8f38ceacf20a128bc611e6e1b95a82b829778deeb1e
SHA512633ab32ca02872f2e9098b880ab2d50077c207baba9ace3a48e4c99c2bb85c620b81b169455a6911c646231adbb9e193fbd66a8a8a57ef2c36a85194c1445b7a
-
Filesize
2KB
MD5c2fdbebec7eecc8c09acebaced6c8c4e
SHA1e534363a46d4108d6c9a6f8a89848d0f06fdfcea
SHA2562414eef049dcd7be978f005ebc7dd2054b4e68211428f74d8def39d8213ebd1b
SHA512bb92e83acbf5390b146e0022ebbe4998840cebf7aa1694a602165c314bd97e8369c804aa41834338b670e09c1a87b59c6aebf16f523677b85118de70d983096c
-
Filesize
3KB
MD5b8acafdf6cc8c14f810967fb60aa1fe5
SHA16b2f8c0e072289893402a51ed3198e4ec4e3ccd1
SHA256d5e004054db0f16fe2cf054e7e65e1e07e070716ac107e70e21b0382de5f6284
SHA512c0fc727016700490022245a48c4f8012d10a1f4b934bc14f619fc3771ced2487df6e2d018a9cc2b28effa9834823ae28cd58d8849438c1dadd0aa9b8e1fc58e9
-
Filesize
3KB
MD565066243a4116aa8b2a87445a11fc1bc
SHA1e761d5b9cb8ca1bcc5ffb8225f6d536318b2088b
SHA2561706964e9eaad4a80165513dd5b394e95c93470904b7ac99b87f4a5d1018c2da
SHA512d69f6c26a3e23f4c5e776973046ce863a9f223677a76eb54665c9da36f3bbd3ed9f5b29def201d9ed6c1ae46b60c9077fe24215e84ae3367b103007e994a236d
-
Filesize
2KB
MD5f1fa390b493c632cb18fe9eefceaa853
SHA102061da5e0ab6de342b85b55ba93a9cd0e6e01ab
SHA256b312e670e1f4ec6f25bf91b957889c07b5b1a5bade177856e888107db231e7c6
SHA5126a07c9cbcb246719ab85d8a5340cf6187b67f11b22dd67fee5dea5b9c9fae63dedf9dd080530c71f174facd094849b249f9a85195fced659f45f043715a3b032
-
Filesize
1KB
MD553fc36a91363571516e0eac8703e5b94
SHA100fe6100c45a8a718444f97d5f4f782e6ed317ed
SHA256b05c4f21253f1a7d4a5ba5435d43412bc9a937e86ad2b28d4fd340cde5b718a3
SHA51298d14e2984e4b6bc53de1311f9d7f019faebaa9139ea8a2d65144f62979a541d1437fb3a9f37a449269d44c2a6412fdbdf9db9106756d75de8985ac6f76e2ddf
-
Filesize
538B
MD54f2631c3e981efda1e03fe176c962db3
SHA168ab0ee19762d419278e15faa2c148f6d44f9df5
SHA25627488265a9eae19bccc87c15b62b0a67fd611b696c64f15c04cda995e211bc4d
SHA5123b00985bcacd0905ef4e9a8a33956e515ce13d0a611fe5fee484d6849aa7b36bc0b64edf8e19a05bd6e96370087ed0568a7cff689cd3b8dfbcff2da22c4d17ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bab11aa5-2dd3-44d0-acb6-1015f7f29867.tmp
Filesize6KB
MD5394b6214f7e5328629d9c8e0e13c55db
SHA15ff74855b671e896b2cc1e4645dc210ea0242776
SHA256cf27ed9c397820686a2c05611515e3a1226a8e5b87f96439134bbd3566080a55
SHA512bd6325dc359aaadb29cd9154e5b70dfe62b49c69d897e628ee86a07c3235337af23327c4991d57315a2623c11fa3ed94e65c4acd952e1c4391bada9f275e7668
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0271b4a-c794-4d99-8f27-7208648cfcb1.tmp
Filesize1KB
MD5abc5fcf4e1c699f7737b3374efe4f763
SHA15aa5285f2140a23a3d31be5b50df2ec7c25890a1
SHA2567ecbd9569ad7b3611e697981559c7a3a680039367d8413e26e26d003b3d7426c
SHA512c32843cac92ecdb582a571163b2db0d6b3a66cf6227cb8b9dffbd01f8f638d66219fe2bdc6470e478f7ce4692333c2048504b50d58509fc786ad7bb85568a101
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa58b7e7-4bc1-41e9-94be-26985e67e363.tmp
Filesize8KB
MD51cd2e8596cbf360da922f87fcae007c6
SHA1900f210e59862a60106bd911ecddb9b318d32af3
SHA256164e5cc13e0627e155d74cb18623a904190ed2e1db1a1a26b1fef52cb4544b5a
SHA512dd58718f9666df6cad2b09fb8890365b8c5aee4da27783823d042d38449705e7980fd45ee7d436db48fc4ed2c359c5d524861487fab2f91f4ae39e8a36bbde9c
-
Filesize
11KB
MD56931238b84faf4d58a8b6d630004270b
SHA12baaa30c6294d53a23d5de7fee3ee2f8562c8cd3
SHA2562de3ff05fc94c3e8def59b4d45dca05d650e8efbe02080e49db11aa5b7a9e923
SHA51217344c06b8497d3b7c5311f60b6607d554be57f4a9abef9a6a00de4facc893389fa6406d15d86a47b0acf17c12df27d4e9a3609e021a0b19bb942b7acdd9cdd0
-
Filesize
10KB
MD5d7b6ba880eb3e37993136374a4f3098e
SHA133628f54b90342967534a75c2826b3f21889285b
SHA256318ec0890924d19c8d6f36bd8e1f3733e178d7110cffe5aa39a7b03907298b55
SHA512666336743551bb6a154f266e0fc81d614cf109575a80f7e8d51114a419b5eaa78d9342c95a64b3280456c6a5b517f69c5960175714252bacd07a28e858bcf189
-
Filesize
10KB
MD5e4ee12169152c10040e018bf59180b85
SHA13b13de831d5fce724fdb1036bfdf22be00189b1c
SHA256bc2b0816649ef30a06fc6911eb3220c9d4b014a71f287eae8c02d9d2a9ef458d
SHA512ebc80e8810aa7dacd1dfcc38474c28fe44998537945dd62aa5af988ae520d56bb3b988324457ee11eed35e1c7bf75983f08b940fe703e61712966c5afc16a5c3
-
Filesize
10KB
MD5f33d2f52571f296927806c7d77ad82fc
SHA1efc9916cefd8e34ccf98b4173e0bb588aa73217b
SHA2566a1f455a700c76283734194d11f1959cf8f10f69244283bc8b612bb1f17c4326
SHA512c3705ece11a192dedbc77f9cebd5ae1ca9ad5c3bf0b50dec9b49b8845c455628284323b1a13d11a0f6ea7adc17f542c08f08d5923ce03e200acda6c5cb85d818
-
C:\Users\Admin\AppData\Local\Temp\market_page_17346255920x4914\module\lib-halo-downloader.9596aa10.js.LICENSE.txt
Filesize832B
MD5b23d7a495722fec387cea56b861b816c
SHA121d9593760be18f0097dadde05824aa52851a086
SHA25686701d478c8b5cd2981db0c9715b0c27b1d76e1b0bd10dd7447a35b90cb14728
SHA51208f2397203a34ceeabdb9581b07dd65e28e3775b4ae13010bee3d4ca8963a996da93018e92d8713e7a4d8f83d573600678677da916f68d1cf9819284c04d99cb
-
C:\Users\Admin\AppData\Local\Temp\market_page_17346255920x4914\module\lib-halo-utils.2982bd29.js.LICENSE.txt
Filesize449B
MD5bd995e27eac3745ca6d4ad4022fcb917
SHA1469bf7519e238d7987af6a804a6857f91b9e026f
SHA25690fdd6754a69086abae5c1d02782ddc4c82d179682b2b66c51a21e4c1edce6a7
SHA512ef9e1848ed9b58fa6f9bfa711254488dd8c04d76eaf00b6e49c89869a4cce2fabbe9057a72326d166d9fb73946e8b28a6aeebd12395c154aeaabc376a0cd8320
-
C:\Users\Admin\AppData\Local\Temp\market_page_17346255920x4914\module\reactVendors.0be66206.js.LICENSE.txt
Filesize1KB
MD5008037d1673d08e24a5e325889d17d3c
SHA1a53f9798365405ff49a4ec7200ada0fda816a874
SHA25665c975feb9646a852151f33fca761891752ebfd24a2268b8eb63120e04191a7e
SHA512a34a2787dbb6c8e4dcf132c28fe989d11b77b5364ffbb45439ea1d4ed60c02be863a85d1583a74ce7dbedaed48e21582bdfa641c7d6be9f94f9a0d3de43e9e4f
-
Filesize
74KB
MD52814acbd607ba47bdbcdf6ac3076ee95
SHA150ab892071bed2bb2365ca1d4bf5594e71c6b13b
SHA2565904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67
SHA51234c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5e4c0adf1a4d2b835e2cbf54b03ae8fe9
SHA1e38c42f426b0c06ca48987ea4bacbab5c2225871
SHA256ec6f4e948fe5c89a3d5bc9766e0ff2c9c187a4cf82acd4ab98701d17a10b2228
SHA512c8a9468ec1421aba279b864873604fc2f3e43f89c95894fac134df60f549231de511f76b919c28b1f96ee07b21d1d2035d28ef24990be59c9d08f2baa53d46bb
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD56014c869113a449068bdbac391ad097a
SHA12932eb0a54c63c2c026cde59b5f2e0224eb4cca7
SHA256c46fbdea3103d1959bfa2241e2328fe4999e3ea344e6ae720a46119fcec0e898
SHA512aee4944a3538bb693800229063e8a7d21d40fd32f113067b274132685e6848d68b4cc2c3e16ed3585da83bddb0498992eb59a806dc5a48d89b885c23ba0ef7d2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD57c5ba093cd1379beb2cbdb8c53e789e5
SHA16c1575a1a381f8b8c0e3d64f4ac8cf12f33bfd44
SHA25650871f23ac1a7f42c5d20ac6f19c1c273f64e1efaeadf13049343c94b3c9006b
SHA5127b611f438755f2359d81324ff4107a852a847b2412f99e0056b1b63d0770e2fa4f862217f2b63d63a92c2d392d3ee470a10bd3e045f45e097be75f74e8b06e47
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD58e69af16498dd1ab3b8b9ab46f1e0de9
SHA11dd12464453afa8ae4005da132166c5002f5fcac
SHA256502be4597a6e984373d81cf53edcc90e51c23e2cb85b2e08c8b53f917fc447e5
SHA512b41786a0aaac77c197838f7f7d73d3c257ffb285edcbae26802bf300de987976dab92e377ad66efe4cbd9af8508e659f9fa79bd379d6a2fe719854d47e9e1eb0
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD57461e279ed78d5bb080babe28cf10ae0
SHA1d1a86cfcd8502d8fba810f4c6c608363c08d2e48
SHA25615b05d48edec1a571f25d367858793d3bbeae51df8354edf5794384dea6a10a7
SHA512bc9fa3f31b68f08fc3eceb6ec11a11508f57a3bae9ada0df27e2879fe017eff9138a00a3b2a102ac3ee7e8be77520cce1895cc4408d0c55537b3427cd6cfb8f9
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\8ca9efcd-62be-4cfa-8601-4e4105c137c9.tmp
Filesize496B
MD5be658d092d4ddee72a97766413abb37b
SHA1fc54dd1f6d534e30e9632f946316945e587d1fb0
SHA25653e00ea55491cf0e2f5407adcbbba267408c8083e9227a1e6d3adfde7ff76c6d
SHA512750369b2ba892ce0b4377f1b7e5cb7a3f403f0991adb54e76853ff8fdbec9745581e56ba7fb75acf8f2903e03a61d423483c2cb4f136cc916f241711a8b820ba
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Code Cache\js\index-dir\temp-index
Filesize216B
MD59a636b68b81f1dc4f5293dce5c97e149
SHA189403d0adf4b6ffd836942b12651a2238936adda
SHA25603f31442569a04b65a3c8d4f808f21daaeda85fcf91e819508f2f5621cb7346d
SHA51222344363979045eeb3c1794c0386546dcb278baaa949d26b5832402fc5c314dea9f67e0625b66bc27be89cf1111c30128797ee7049552c5ec274f7a2dfcf6e59
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Code Cache\js\index-dir\temp-index
Filesize240B
MD5d3a24c688982cb8a1940f734015b8246
SHA18112f973c1cf2484e7f22fa63e6252f1fca6e34d
SHA256b912f0be9c553486d9f73dc64443df4432e39cb74e102bb30ec6c5676da8a114
SHA512bbc32f1e244426aac71af8714ea7a81fe45258bacc31eac096ecee99e133e8f6cb14be4dd1add1ecb27697abaa03b8c622e5fa5f7354224216524014b3a8aec7
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Code Cache\js\index-dir\temp-index
Filesize264B
MD51ae1e8e1368fa103064febe8ebdcdbd8
SHA1682568bd9fc0d3b64d12082fafe152ee4dea476f
SHA256e62c6a878bd15555201196199f94838e063976c51ab555327a5f80204599535b
SHA512ed57385675b9e1213f10850e085866d8aa621c2ccf7ce7a519e95ea8d0079f175d25835592cce99e01776537ef79069eaf44537df2383cd17589df931a109eb2
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Code Cache\js\index-dir\the-real-index~RFe59b9c1.TMP
Filesize48B
MD55a2ac411ca7546fd344e1087d9f4c68f
SHA1515584f41ecc2b8cc5950f1acf1c1a528ba58076
SHA256be75cacfda0430e5d47c31466ff326c0c4a67455311594e4d949a1b21cbdb3a8
SHA5129d576dcf6844aed6418ebbae7efdb0a92a1f9bda588cfbebe4c8ee3b727d4395ee0949990db42cfa6b56af02a231e75cb3be47adf44ea7d95a25bcbf13409c4a
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Local Storage\leveldb\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Network Persistent State~RFe5a5d44.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
3.6MB
MD50ac1fd602f5ec2d2231fe311777791e8
SHA152ca6ccd121faf4f3aad9e7760ee1a519b323d83
SHA256bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc
SHA51210fb445ccf904c20b1b3736d02f53bc43a3b9161465c6915c89a06e978be9e988342f40d4c895acbfdabf236fbdbaa87c8470577626cbc2ba1838dba48e57623
-
Filesize
9.5MB
MD5d496c2b17fbfce68471a14c626dbbc0c
SHA14e01c64013acc1434d06676f11828a60b66575ad
SHA256c969cc8f72a4ecfa8d8d37acf636b710977f5d9d8e2cf43719188e3c2ac282e0
SHA5121a7dbf1dadf1825a89f3fb09c62dc1a200ced51a085b0b74929944e40fe5055a825b778ff843a0d47037357b7e1222cad2e51822693f4ee216f178a6226ead82