ce2daeaf4fcc6cf3499d6f1ab9d13e4c1db008fd50d48dcd9dfa496a561a135e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-04-2022 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

微软锁屏画报_支持win10win11.exe
Size

4.2MB
MD5

ee1da257caaeb67a5b72d2f959d564cf
SHA1

81827ee5093db823ba9c1a1625af479dfad36659
SHA256

ce2daeaf4fcc6cf3499d6f1ab9d13e4c1db008fd50d48dcd9dfa496a561a135e
SHA512

f376405944062c1d9456a43cb229bc654113ee10323febe69a89ac75175a34012a40ef198ffed0f17d8ffe0e57f910a25ab45d88b45b12f6fd6791345efe2d16

Score

10^/10

discovery evasion exploit trojan

Malware Config

Signatures

UAC bypass 3 TTPs
evasion trojan

Bypass User Account Control
T1088

Disabling Security Tools
T1089

Modify Registry
T1112

Executes dropped EXE 9 IoCs

Processes:

MSLockScreenWin.Config.exeMSLockScreenWin.Service.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exe

pid	process
5024	MSLockScreenWin.Config.exe
4936	MSLockScreenWin.Service.exe
2316	PlayerStandalone.exe
3720	PlayerStandalone.exe
4916	PlayerStandalone.exe
2456	PlayerStandalone.exe
1896	PlayerStandalone.exe
4048	PlayerStandalone.exe
4532	PlayerStandalone.exe

Possible privilege escalation attempt 10 IoCs

exploit

Processes:

icacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exeicacls.exe

pid	process
764	icacls.exe
3944	icacls.exe
3804	icacls.exe
4408	takeown.exe
3476	icacls.exe
4860	icacls.exe
4440	takeown.exe
2392	icacls.exe
1288	icacls.exe
2000	icacls.exe

Loads dropped DLL 34 IoCs

Processes:

MSLockScreenWin.Config.exeMSLockScreenWin.Service.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exe

pid	process
5024	MSLockScreenWin.Config.exe
5024	MSLockScreenWin.Config.exe
4936	MSLockScreenWin.Service.exe
4936	MSLockScreenWin.Service.exe
2316	PlayerStandalone.exe
2316	PlayerStandalone.exe
2316	PlayerStandalone.exe
2316	PlayerStandalone.exe
3720	PlayerStandalone.exe
3720	PlayerStandalone.exe
3720	PlayerStandalone.exe
3720	PlayerStandalone.exe
3720	PlayerStandalone.exe
4916	PlayerStandalone.exe
4916	PlayerStandalone.exe
4916	PlayerStandalone.exe
4916	PlayerStandalone.exe
2456	PlayerStandalone.exe
2456	PlayerStandalone.exe
2456	PlayerStandalone.exe
2456	PlayerStandalone.exe
1896	PlayerStandalone.exe
1896	PlayerStandalone.exe
1896	PlayerStandalone.exe
1896	PlayerStandalone.exe
4048	PlayerStandalone.exe
4048	PlayerStandalone.exe
4048	PlayerStandalone.exe
4048	PlayerStandalone.exe
4048	PlayerStandalone.exe
4532	PlayerStandalone.exe
4532	PlayerStandalone.exe
4532	PlayerStandalone.exe
4532	PlayerStandalone.exe

Modifies file permissions 1 TTPs 10 IoCs

discovery

File Permissions Modification

T1222

Processes:

icacls.exeicacls.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exetakeown.exeicacls.exeicacls.exe

pid	process
3944	icacls.exe
3804	icacls.exe
1288	icacls.exe
2000	icacls.exe
4440	takeown.exe
2392	icacls.exe
764	icacls.exe
4408	takeown.exe
3476	icacls.exe
4860	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

MSLockScreenWin.Config.exeMSLockScreenWin.Service.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MSLockScreenWin.Config.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	MSLockScreenWin.Config.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MSLockScreenWin.Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	MSLockScreenWin.Service.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Drops file in System32 directory 9 IoCs

Processes:

PlayerStandalone.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\GPUCache\data_1	PlayerStandalone.exe
File created	C:\Windows\SysWOW64\GPUCache\data_2	PlayerStandalone.exe
File created	C:\Windows\SysWOW64\GPUCache\data_3	PlayerStandalone.exe
File opened for modification	C:\Windows\SysWOW64\GPUCache\index	PlayerStandalone.exe
File created	C:\Windows\SysWOW64\GPUCache\data_0	PlayerStandalone.exe
File opened for modification	C:\Windows\SysWOW64\GPUCache\data_2	PlayerStandalone.exe
File opened for modification	C:\Windows\SysWOW64\GPUCache\data_3	PlayerStandalone.exe
File opened for modification	C:\Windows\SysWOW64\GPUCache\data_0	PlayerStandalone.exe
File created	C:\Windows\SysWOW64\GPUCache\data_1	PlayerStandalone.exe

Drops file in Program Files directory 26 IoCs

Processes:

msiexec.exeMSLockScreenWin.Service.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft LockScreen\resources\index.html	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\libEGL.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\cef_100_percent.pak	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\install.vbs	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\d3dcompiler_47.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Service.exe	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\resources\logo.ico	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\locales\en-US.pak	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\snapshot_blob.bin	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\libGLESv2.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\cef_200_percent.pak	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\cef_extensions.pak	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\resources\asset\bg.bmp	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\cfg.json	MSLockScreenWin.Service.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\cef.pak	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\icudtl.dat	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\v8_context_snapshot.bin	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\libcef.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Config.exe	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\locales\zh-CN.pak	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Update.exe	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\uninstall.vbs	msiexec.exe
File created	C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll	msiexec.exe

Drops file in Windows directory 14 IoCs

Processes:

msiexec.exeMSLockScreenWin.Config.exePlayerStandalone.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\{03CBFC02-CDF2-4398-8801-A054AE886297}\_853F67D554F05449430E7E.exe	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAEDD.tmp	msiexec.exe
File opened for modification	C:\Windows\Web\Screen\img105.jpg	MSLockScreenWin.Config.exe
File opened for modification	C:\Windows\Web\Screen\img105.jpg	PlayerStandalone.exe
File created	C:\Windows\Installer\{03CBFC02-CDF2-4398-8801-A054AE886297}\_853F67D554F05449430E7E.exe	msiexec.exe
File created	C:\Windows\Installer\{03CBFC02-CDF2-4398-8801-A054AE886297}\_06E1B413CF008B2ECF2B2B.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{03CBFC02-CDF2-4398-8801-A054AE886297}\_06E1B413CF008B2ECF2B2B.exe	msiexec.exe
File created	C:\Windows\Installer\SourceHash{03CBFC02-CDF2-4398-8801-A054AE886297}	msiexec.exe
File created	C:\Windows\Installer\e579fcd.msi	msiexec.exe
File created	C:\Windows\Installer\e579fca.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e579fca.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Modifies data under HKEY_USERS 24 IoCs

Processes:

MsiExec.exemsiexec.exePlayerStandalone.exePlayerStandalone.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness	PlayerStandalone.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Chromium	PlayerStandalone.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Chromium\BLBeacon	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script\Settings	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script\Settings\JITDebug = "0"	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	PlayerStandalone.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT	PlayerStandalone.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness	PlayerStandalone.exe

Modifies registry class 23 IoCs

Processes:

msiexec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20CFBC302FDC893488100A45EA882679\DefaultFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\ProductName = "微软锁屏画报"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList\PackageName = "MSLockScreenInstaller-1.2.0-win32.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList\Net\1 = "C:\\Microsoft\\MSLockScreen\\Updates\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20CFBC302FDC893488100A45EA882679	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\Version = "16908288"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\273CA55DF6120764ABA539DE2793F22E	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList\LastUsedSource = "n;1;C:\\Microsoft\\MSLockScreen\\Updates\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\PackageCode = "8493ACD5A4EAE5B4FB58CD9D482CB08E"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\Language = "2052"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\ProductIcon = "C:\\Windows\\Installer\\{03CBFC02-CDF2-4398-8801-A054AE886297}\\_853F67D554F05449430E7E.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\273CA55DF6120764ABA539DE2793F22E\20CFBC302FDC893488100A45EA882679	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20CFBC302FDC893488100A45EA882679\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msiexec.exeMSLockScreenWin.Config.exeMSLockScreenWin.Service.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exePlayerStandalone.exe

pid	process
2452	msiexec.exe
2452	msiexec.exe
5024	MSLockScreenWin.Config.exe
5024	MSLockScreenWin.Config.exe
4936	MSLockScreenWin.Service.exe
4936	MSLockScreenWin.Service.exe
3720	PlayerStandalone.exe
3720	PlayerStandalone.exe
4916	PlayerStandalone.exe
4916	PlayerStandalone.exe
2456	PlayerStandalone.exe
2456	PlayerStandalone.exe
1896	PlayerStandalone.exe
1896	PlayerStandalone.exe
4048	PlayerStandalone.exe
4048	PlayerStandalone.exe
4532	PlayerStandalone.exe
4532	PlayerStandalone.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

微软锁屏画报_支持win10win11.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeIncreaseQuotaPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeSecurityPrivilege	2452	msiexec.exe
Token: SeCreateTokenPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeAssignPrimaryTokenPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeLockMemoryPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeIncreaseQuotaPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeMachineAccountPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeTcbPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeSecurityPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeTakeOwnershipPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeLoadDriverPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeSystemProfilePrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeSystemtimePrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeProfSingleProcessPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeIncBasePriorityPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeCreatePagefilePrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeCreatePermanentPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeBackupPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeRestorePrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeShutdownPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeDebugPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeAuditPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeSystemEnvironmentPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeChangeNotifyPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeRemoteShutdownPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeUndockPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeSyncAgentPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeEnableDelegationPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeManageVolumePrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeImpersonatePrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeCreateGlobalPrivilege	2116	微软锁屏画报_支持win10win11.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe
Token: SeRestorePrivilege	2452	msiexec.exe
Token: SeTakeOwnershipPrivilege	2452	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

PlayerStandalone.exe

pid process

2316 PlayerStandalone.exe
2316 PlayerStandalone.exe

pid	process
2316	PlayerStandalone.exe
2316	PlayerStandalone.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

微软锁屏画报_支持win10win11.exePlayerStandalone.exe

pid	process
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2116	微软锁屏画报_支持win10win11.exe
2316	PlayerStandalone.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msiexec.exeMsiExec.exeMSLockScreenWin.Config.execmd.execmd.exeMSLockScreenWin.Service.exePlayerStandalone.execmd.execmd.exe

description	pid	process	target process
PID 2452 wrote to memory of 2772	2452	msiexec.exe	MsiExec.exe
PID 2452 wrote to memory of 2772	2452	msiexec.exe	MsiExec.exe
PID 2452 wrote to memory of 2772	2452	msiexec.exe	MsiExec.exe
PID 2772 wrote to memory of 5024	2772	MsiExec.exe	MSLockScreenWin.Config.exe
PID 2772 wrote to memory of 5024	2772	MsiExec.exe	MSLockScreenWin.Config.exe
PID 2772 wrote to memory of 5024	2772	MsiExec.exe	MSLockScreenWin.Config.exe
PID 5024 wrote to memory of 1300	5024	MSLockScreenWin.Config.exe	cmd.exe
PID 5024 wrote to memory of 1300	5024	MSLockScreenWin.Config.exe	cmd.exe
PID 5024 wrote to memory of 1300	5024	MSLockScreenWin.Config.exe	cmd.exe
PID 1300 wrote to memory of 4440	1300	cmd.exe	takeown.exe
PID 1300 wrote to memory of 4440	1300	cmd.exe	takeown.exe
PID 1300 wrote to memory of 4440	1300	cmd.exe	takeown.exe
PID 1300 wrote to memory of 2392	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 2392	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 2392	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 764	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 764	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 764	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 3944	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 3944	1300	cmd.exe	icacls.exe
PID 1300 wrote to memory of 3944	1300	cmd.exe	icacls.exe
PID 5024 wrote to memory of 3600	5024	MSLockScreenWin.Config.exe	cmd.exe
PID 5024 wrote to memory of 3600	5024	MSLockScreenWin.Config.exe	cmd.exe
PID 5024 wrote to memory of 3600	5024	MSLockScreenWin.Config.exe	cmd.exe
PID 3600 wrote to memory of 3804	3600	cmd.exe	icacls.exe
PID 3600 wrote to memory of 3804	3600	cmd.exe	icacls.exe
PID 3600 wrote to memory of 3804	3600	cmd.exe	icacls.exe
PID 4936 wrote to memory of 2316	4936	MSLockScreenWin.Service.exe	PlayerStandalone.exe
PID 4936 wrote to memory of 2316	4936	MSLockScreenWin.Service.exe	PlayerStandalone.exe
PID 4936 wrote to memory of 2316	4936	MSLockScreenWin.Service.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 3720	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 3720	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 3720	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 4916	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 4916	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 4916	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 2456	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 2456	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 2456	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 1896	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 1896	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 1896	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 4048	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 4048	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 4048	2316	PlayerStandalone.exe	PlayerStandalone.exe
PID 2316 wrote to memory of 1284	2316	PlayerStandalone.exe	cmd.exe
PID 2316 wrote to memory of 1284	2316	PlayerStandalone.exe	cmd.exe
PID 2316 wrote to memory of 1284	2316	PlayerStandalone.exe	cmd.exe
PID 1284 wrote to memory of 4408	1284	cmd.exe	takeown.exe
PID 1284 wrote to memory of 4408	1284	cmd.exe	takeown.exe
PID 1284 wrote to memory of 4408	1284	cmd.exe	takeown.exe
PID 1284 wrote to memory of 3476	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 3476	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 3476	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 1288	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 1288	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 1288	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 4860	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 4860	1284	cmd.exe	icacls.exe
PID 1284 wrote to memory of 4860	1284	cmd.exe	icacls.exe
PID 2316 wrote to memory of 784	2316	PlayerStandalone.exe	cmd.exe
PID 2316 wrote to memory of 784	2316	PlayerStandalone.exe	cmd.exe
PID 2316 wrote to memory of 784	2316	PlayerStandalone.exe	cmd.exe
PID 784 wrote to memory of 2000	784	cmd.exe	icacls.exe

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

Processes:

MSLockScreenWin.Config.exeMSLockScreenWin.Service.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "1"	MSLockScreenWin.Config.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	MSLockScreenWin.Config.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "1"	MSLockScreenWin.Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	MSLockScreenWin.Service.exe

C:\Users\Admin\AppData\Local\Temp\微软锁屏画报_支持win10win11.exe
"C:\Users\Admin\AppData\Local\Temp\微软锁屏画报_支持win10win11.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2452

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 416876838E5ECDA4C6C90551F3FC7232 E Global\MSI0000
2⤵
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2772

C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Config.exe
"C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Config.exe" install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
PID:5024

C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c takeown /f "C:\Windows\Web\Screen\img105.jpg" /a & icacls "C:\Windows\Web\Screen\img105.jpg" /grant Users:F & icacls "C:\Windows\Web\Screen\img105.jpg" /grant Administrators:F & icacls "C:\Windows\Web\Screen\img105.jpg" /grant System:F
4⤵
- Suspicious use of WriteProcessMemory
PID:1300

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Web\Screen\img105.jpg" /a
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4440

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /grant Users:F
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2392

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /grant Administrators:F
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:764

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /grant System:F
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3944

C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c icacls "C:\Windows\Web\Screen\img105.jpg" /setowner "NT SERVICE\TrustedInstaller"
4⤵
- Suspicious use of WriteProcessMemory
PID:3600

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /setowner "NT SERVICE\TrustedInstaller"
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3804

C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Service.exe
"C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Service.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
PID:4936

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe" --type=gpu-process --field-trial-handle=1660,11320531785848627288,13800256293230842389,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --log-severity=error --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --mojo-platform-channel-handle=1664 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3720

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe" --type=renderer --no-sandbox --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --field-trial-handle=1660,11320531785848627288,13800256293230842389,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --log-severity=error --uncaught-exception-stack-size=1 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4916

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe" --type=renderer --no-sandbox --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --field-trial-handle=1660,11320531785848627288,13800256293230842389,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --log-severity=error --uncaught-exception-stack-size=1 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2456

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe" --type=utility --field-trial-handle=1660,11320531785848627288,13800256293230842389,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --log-severity=error --lang=en-US --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --mojo-platform-channel-handle=2128 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1896

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe" --type=gpu-process --field-trial-handle=1660,11320531785848627288,13800256293230842389,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --log-severity=error --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --mojo-platform-channel-handle=1664 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4048

C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c takeown /f "C:\Windows\Web\Screen\img105.jpg" /a & icacls "C:\Windows\Web\Screen\img105.jpg" /grant Users:F & icacls "C:\Windows\Web\Screen\img105.jpg" /grant Administrators:F & icacls "C:\Windows\Web\Screen\img105.jpg" /grant System:F
3⤵
- Suspicious use of WriteProcessMemory
PID:1284

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Web\Screen\img105.jpg" /a
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4408

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /grant Users:F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3476

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /grant Administrators:F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1288

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /grant System:F
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4860

C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c icacls "C:\Windows\Web\Screen\img105.jpg" /setowner "NT SERVICE\TrustedInstaller"
3⤵
- Suspicious use of WriteProcessMemory
PID:784

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Web\Screen\img105.jpg" /setowner "NT SERVICE\TrustedInstaller"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2000

C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
"C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe" --type=renderer --no-sandbox --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --field-trial-handle=1660,11320531785848627288,13800256293230842389,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\ProgramData\MSLockscreen\logs\CEFlogger.log" --log-severity=error --uncaught-exception-stack-size=1 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4532

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

File Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Microsoft\MSLockScreen\Updates\MSLockScreenInstaller-1.2.0-win32.msi
Filesize
53.8MB

MD5
8adfcd4ddbd0260e95ab56d190fe1573

SHA1
11cbeddf08b35a157930db0811e56b3d0a3e9fc0

SHA256
8b12e30a2fd460b134fbf88ff144b12027a55261028af2295c0211bb329de6b4

SHA512
b04e7a9b0c0ec6b10b52943cefbca68e2188e4ca395e1c8a931f0d40428437d1c5b8029a5d2a0261e573b90b2200f04a1966887c6f8ac41b88e2954ab7431018

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\D3DCompiler_47.dll
Filesize
3.5MB

MD5
0af4e1dff391487c27466e120bc0124a

SHA1
29a9afd3c5ed4c31397b641ffb242cdc2c66f7b8

SHA256
c7c9a5466589f0b64dcd7f770ef0ea320d820f0d87e8df3c408ef4e61a25f1ee

SHA512
eef94fad4028bedf60d0eb0af596d0539a43f3334df62662d03145fdd6ad0a955e5fea47b0d4ce75e2bbddeabef9667322bd767867aaec61bdd1e589ac30cad2

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenShared.dll
Filesize
3.4MB

MD5
27b7b6bd83a9716b9da7c95ac8a761a7

SHA1
dbae6d8b5e9c1b7643f2fd957fe950598da1b788

SHA256
ba624bb6bdcefbb0d5d79485441f31d54ad83226066c6def4059aa5eb94f61f4

SHA512
43720279ce3f10e85b84f8e8b1c4e9fdff36ee29f96dbb97efd03423ee67371796f67c2d32ca38fe84ddef9933291ec151ebfb40d5813e8d4e580370a2d7fdcf

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Config.exe
Filesize
152KB

MD5
413153313f9e9f6966dd273184cb99e3

SHA1
63c46cc2b3edf8cda50406d7290b14608719e646

SHA256
73323986137c531051ea3f4753779cc38b89dea496daa0636b7b0d7e204f6b00

SHA512
76d48f60c02b814b39ba6d440b6d2d1c3aaf1414834be45c6ac6c33df0739a5e7daf30eeeadddf2ce4871f3a3143676581ec638316e17a4b31bea72e29f81719

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Config.exe
Filesize
152KB

MD5
413153313f9e9f6966dd273184cb99e3

SHA1
63c46cc2b3edf8cda50406d7290b14608719e646

SHA256
73323986137c531051ea3f4753779cc38b89dea496daa0636b7b0d7e204f6b00

SHA512
76d48f60c02b814b39ba6d440b6d2d1c3aaf1414834be45c6ac6c33df0739a5e7daf30eeeadddf2ce4871f3a3143676581ec638316e17a4b31bea72e29f81719

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Service.exe
Filesize
405KB

MD5
f503fac2b374aa79ea55def34036131f

SHA1
8cd9c15a7afdaf4625ee9fb4f53d9db575ec5ef9

SHA256
cfe7fe505fc1e054cf4aa8f29a1fb670098a024db1d632c9509aafa551164141

SHA512
5f9f47e4d1e766b24bf6eaa76c49cf37d3db7d6eac8819df176bb5565b94a862aecf8713c6767580a94f51a531ed18ea361894b13e876d01737068684b578809

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\MSLockScreenWin.Service.exe
Filesize
405KB

MD5
f503fac2b374aa79ea55def34036131f

SHA1
8cd9c15a7afdaf4625ee9fb4f53d9db575ec5ef9

SHA256
cfe7fe505fc1e054cf4aa8f29a1fb670098a024db1d632c9509aafa551164141

SHA512
5f9f47e4d1e766b24bf6eaa76c49cf37d3db7d6eac8819df176bb5565b94a862aecf8713c6767580a94f51a531ed18ea361894b13e876d01737068684b578809

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\PlayerStandalone.exe
Filesize
2.0MB

MD5
15684cb61562b528209d24e5cf3e1e47

SHA1
3d96c629efa272c83e6cb7b8c79626e2cba31f6b

SHA256
2849056eeeaf4ad994738342e1a7a4ff50c8c91829a394386982c6813a689ac0

SHA512
28499908f98ed711e19e3c53bf04e40c8c5efd5e8dc732d1c04da82bdb67bbc607f537ee489dbfebf92d229e060d454dc7167c5597e2b8fe653230eb861368e5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\cef.pak
Filesize
2.0MB

MD5
fc3a9b3b5860b4ee5166291f2cad54f2

SHA1
22262c4700b99502670af459f381ee47ab513221

SHA256
f7c12b789cd28ad0879b848cc31cf91afcf4fb6cc27d6f26cb0311a3782cfecc

SHA512
f72561cbc98e68038c08f975aefb7990a6eb497fc89572378acfcce49b458c1391cc033504782c9961d858527f053e2b436ca529c179cd92d33036ec208c902d

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\cef_100_percent.pak
Filesize
638KB

MD5
32c248d14d8acb62c6de0d471deab83e

SHA1
db6da48e3c415a95997493a58a29d244ea294b16

SHA256
2625e4c9319c4d1fbe08a32aa47f2a280485fb5bf932d5783b24b8e9c2e9837a

SHA512
2ade33230a8633d51230fab39883a1a4c24eaeeac0fe81ed35e7ee9b25d8d3f750460063a096c59fa766102b912994be7a5105a9585a474953a8f721a4c09e19

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\cef_200_percent.pak
Filesize
789KB

MD5
ca84d542e92abe33918382855169c9bc

SHA1
56fe961a688d9970bfb4011c6203bf7d299f2e0f

SHA256
d712aa641e2b72b9f02b05f473aeba45b288c6287b2f515e4be6eeb039eca568

SHA512
638e4e89fd5d62c9f4bd05eee4877e019f4c1f0d99ff2e93e5dff1118c9b9c1f1d1861c5f812693f1d69a802f4d82346667a8d6468b1acff64552362a6419218

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\cef_extensions.pak
Filesize
1.7MB

MD5
aedf0d732ffb8d15fad2dc44bf16d7f6

SHA1
9c8ee6d6f3af6210bf5e384e7aa72c48b14584f9

SHA256
9c6a3f971aa395bbccfd7e8f62291c5052ac01099f5e4c701743f7e48b649603

SHA512
108f2bef8a4545b8c27550449e6f2b20f5907985bd274b9f48ce37ebd465ac0fd4ae94a6e886345e3d1ea5e73e1bf507d26ec6bcffbf3c8f0116534a8ce830c5

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\chrome_elf.dll
Filesize
811KB

MD5
f824b6d7584a79647a233542a960b426

SHA1
bfb1e78c96b777f51fc44df5ffb05079a4c50ad4

SHA256
261b5b04dadaef31650289efaa9c8c0e2e0e13d3d18e273076ce337da875f4cb

SHA512
fde7a01e199aee58295b2b8a257b6c66caaaaeb39dce0d2168c33c4b93391dc7dc5b516bb4bc98767269552ab68d1fafda6e1042b68a3da0a2fcaf235e44fdea

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\d3dcompiler_47.dll
Filesize
3.5MB

MD5
0af4e1dff391487c27466e120bc0124a

SHA1
29a9afd3c5ed4c31397b641ffb242cdc2c66f7b8

SHA256
c7c9a5466589f0b64dcd7f770ef0ea320d820f0d87e8df3c408ef4e61a25f1ee

SHA512
eef94fad4028bedf60d0eb0af596d0539a43f3334df62662d03145fdd6ad0a955e5fea47b0d4ce75e2bbddeabef9667322bd767867aaec61bdd1e589ac30cad2

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\d3dcompiler_47.dll
Filesize
3.5MB

MD5
0af4e1dff391487c27466e120bc0124a

SHA1
29a9afd3c5ed4c31397b641ffb242cdc2c66f7b8

SHA256
c7c9a5466589f0b64dcd7f770ef0ea320d820f0d87e8df3c408ef4e61a25f1ee

SHA512
eef94fad4028bedf60d0eb0af596d0539a43f3334df62662d03145fdd6ad0a955e5fea47b0d4ce75e2bbddeabef9667322bd767867aaec61bdd1e589ac30cad2

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\icudtl.dat
Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
82.8MB

MD5
7cc7f0e83dddf42c82728d74d97f2f40

SHA1
fb270f48e33d61d5c40a31425e61ed2ce93d3fcb

SHA256
a143c5ed9d17df0b0691550934dab2231faa5fba0085b606e26505ee71071653

SHA512
463b1c9aca57341f9287def6d19dccc41d7d8ea74905f1c7e7fcd984947948fcfa47451ee754476b54bcdcf92aa4915f7f31880603023d8c8186ffe9dd358b80

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
79.7MB

MD5
fb6879ab00681943e7946d7dd41f18a9

SHA1
2e06ec597200b0b43a60e391520b3ff9d1911e99

SHA256
46c8e843a93d641de2691e7f748d16a8478f4cc65274761ce23a10df8ef2e14e

SHA512
9b9c1909eeb66294a17968f74fc3cbb9621e4cfab6cae312ea70af288534cd7e4b03474d7ef8675258fef02968e5e24df36e495b5fd40e98bb4d700bac43242e

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
73.9MB

MD5
5a279f2a23d415bd259800da1f5783f6

SHA1
782b8a3baae90037e489b51bd46051a8d6a12170

SHA256
33b2bcf178dd0408016d9ec3873a486ceb2cd542269eae15584e3ca422ef0875

SHA512
38d878cbfcc2401cdaa62b067490d2e0d3590a0dc1cd4ead998c6c74e3610221863b91055baa379cc82d49148c3a566eb8bc35f49f3a77f80022448f6ba58a79

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
71.5MB

MD5
439cadd4119a8611a1725776d0c4d6c1

SHA1
ff332fcb07b8c8b462067db3ad959f47a28d8ec8

SHA256
70d230be7717b9d522610a3ff102081fcb8c9ee0ae5bd42ea7ea42203ab6b0b1

SHA512
4bc6124477800a1154d988bd8a03afa97d25b30df002342af7f0ffa8048001e2536230d1cb9946e72d954d35e06c5fc0ac5a2dced00f6af78e0df74e7e28a121

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
68.0MB

MD5
afdfb267dcaba8e53d62af60b090d18e

SHA1
a4962e6c727c3106bb1b56a84c1a8518f44c13bc

SHA256
254727955dc80fde7b066bd3f685bfd68a0a9807178fd0c463ae1c7265dc5a6f

SHA512
8e75f5c904f51be22ff35a1319df13a35d11437dad4b85838c25ea721c63d43c907963f6244e1f2c7861fca8e8a57e01e98612748ee5a2de63f49830ab9564b8

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
70.4MB

MD5
5e3c4b8a3753157039c34ab39221ea3b

SHA1
bb675a48194931a195d35565a2a3781b5ffedba9

SHA256
73845c65a53537cf513095f302a33a4c99cf20cf03becaeefad8ca7c2281b4a8

SHA512
51504d13716e074425489c1e20f55b85fcbf300721d4af8b054b38f19ce2f21b6040694ba6d6d9a13c42ee7e614cbe9377d799bc60cb0d354880e69ae19b0924

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
65.6MB

MD5
e10820a1a8a9f88d7c5fce875ee6c266

SHA1
2923d56d06a283a8da2f886dc5f5c74bd6b5d5a6

SHA256
c19835e5680c85c708a576439188c02907a2f93a8b9d878f7b6799dc9effcef0

SHA512
6dc31f4bbf6ec1decf4b334e27bcb180ee2f7dda062f2c517d370d018a6196b530611a14fb486288d93db797558b7519729c0bb9da4786ef6ff716983a82e3b6

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\libcef.dll
Filesize
58.0MB

MD5
637e2898c9558c3c5a2162decc2af8d0

SHA1
0e2137884f39ed5cff531ef86113d654c85b383e

SHA256
ecfba1640750f21117c24a4f61336449c8274b6cee5a5a098b41262d8069f7d8

SHA512
8abf7123298a9338d828270c025123b8801be2787010889bd817f3c2f5d1e7bcc97d4dab74dfbb99f8ad57e979559262daf6feaaede49aad416bc8a1412225c6

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\locales\en-US.pak
Filesize
201KB

MD5
ca71b35dd44d9949f8d7f1f47f6e274b

SHA1
7614f231538628f56cbde317495d6ffe95f8900a

SHA256
a4a1b7c72a6cf829e9f023a8673ceff385931e22fc5c23c361d8f43448b95ebc

SHA512
000017ebc7fbb3cfbc5837107795130b1c2916e8fcb3f35ebd010352921d3d8eb45a8d3ecf9a395b3409881440497c453efab9edbee0cd886bb9be848698255e

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\resources\asset\bg.bmp
Filesize
2.6MB

MD5
c005073da9a3ce9a1ba752a43f538490

SHA1
2587313a67b8e989c79253f23a752b38f6109e8c

SHA256
8b046a64441479a0140935032ac10aa3abbe10f15ede08679a9409bfb9332ad4

SHA512
3b8901e163c56fcd5b1d6ce8233cc7fdd728e81b746b554b9c58f73fcad0e3203eb44bb3b0f4ec4412a96a120b64df71791a1028a5aeb63a47d590a90f609949

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\resources\index.html
Filesize
306KB

MD5
724919424f5f5f38199b0a18c22a8150

SHA1
d5053cfea4c7847dc5a928aef16fafb4d3198bba

SHA256
cf8ac28bac69b385eb9bd0d371f567888e1d5e33238e7d6ca748ba9d3f1bc749

SHA512
da8ebabacdefc462d5442403080015758bd5f2af1242feb98765e8217d93aeefe0a604b97a186e4e3b7555f44ad131d700efabe0e6d2b133acb21e29388ebf3b

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\v8_context_snapshot.bin
Filesize
541KB

MD5
c890269e7a2c2f2fa2f270ea42169738

SHA1
d3a7b2fd2a9cacdb7f1d60e41a7b24789527e779

SHA256
a286e620bdfb4487a0f38fec7fd4858ca8ade90dba28c3a67f4bc7fef6ca7d16

SHA512
692833e486be240fa2114c32f7344eece4d70137949f581bf78fc337745a0651e16893fdc8725dff4a28fa0cb777358dfd81142a84f2f8b045c4da5d5ff36ad8

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\Program Files (x86)\Microsoft LockScreen\zlib1.dll
Filesize
114KB

MD5
44f143e04bfc399e1577e935de5e33e0

SHA1
d9335a2ee03fb97845c49ff874176aeb3bdb436a

SHA256
e6298f6b70471aa08784d4391341293a4c5ebc1412690772ccc132a1dc0cc1f9

SHA512
b992e0847cc9e8b9fa3c4699f7c19d64c6cddbe4b2b210f5a11a40452e422e7d6d2f240cc69756dbf841ebb61d3bc0c51f0fde6684282c1c706611f63dc42458

Download Submit
C:\ProgramData\MSLockscreen\Cache\305273839229890614\asset\20220422092914-e5ecdb7c.jpg
Filesize
391KB

MD5
b95231450d9bb95b4b000531f496474b

SHA1
db10f8cdfa9f1907eb5b33c46776e0465ded7ef8

SHA256
06db3245b20fd6a86b9cd31312eda683e44674c8bc357955424924b55c92a0cb

SHA512
7a8d3905bca9c0b899abe4a46a9cc215b5e8429bc86cf94ffdad12803d87ef56e48ccd7c310747f859cf0ef444223790bc5d0d899c8342c593351574a7a01e55

Download Submit
C:\ProgramData\MSLockscreen\Cache\305273839229890614\index.html
Filesize
147KB

MD5
b9e12075df535788286cd015b2937888

SHA1
ab7fc70141e27e3277f3598ed6af12f77631953f

SHA256
ac69940c0ed81a876674f064beb1fc9ba4af266a17714d038deaf56a45683fc9

SHA512
209d474aec09f943bc695e0066eeabb0037f295da094472e8e42187d6b184c6c4938d585734b602df00a0fe46e83e9e10be30458f7ddc7a2a0b0ed2538e88478

Download Submit
C:\ProgramData\MSLockscreen\logs\CEFlogger.log
Filesize
102B

MD5
55eb811e20af8b453af06d3e5c07047c

SHA1
fe7d945da1d79b6d7c4e40cb22080de8761003a9

SHA256
68e78339e13008693323ab65515bee6f1bbcce2d92ee3535ce80e90667676267

SHA512
8a4bcd21d6cbb4900323a4bf4d326e72d6a38d7dec1e56ab6b21b58c5c1ee8215b2d917d93744925d388d46485fa0cc3788c75783d3b703fe70a65ef417c8649

Download Submit
C:\Windows\Web\Screen\img105.jpg
Filesize
2.6MB

MD5
c005073da9a3ce9a1ba752a43f538490

SHA1
2587313a67b8e989c79253f23a752b38f6109e8c

SHA256
8b046a64441479a0140935032ac10aa3abbe10f15ede08679a9409bfb9332ad4

SHA512
3b8901e163c56fcd5b1d6ce8233cc7fdd728e81b746b554b9c58f73fcad0e3203eb44bb3b0f4ec4412a96a120b64df71791a1028a5aeb63a47d590a90f609949

Download Submit
C:\Windows\Web\Screen\img105.jpg
Filesize
391KB

MD5
b95231450d9bb95b4b000531f496474b

SHA1
db10f8cdfa9f1907eb5b33c46776e0465ded7ef8

SHA256
06db3245b20fd6a86b9cd31312eda683e44674c8bc357955424924b55c92a0cb

SHA512
7a8d3905bca9c0b899abe4a46a9cc215b5e8429bc86cf94ffdad12803d87ef56e48ccd7c310747f859cf0ef444223790bc5d0d899c8342c593351574a7a01e55

Download Submit
memory/764-142-0x0000000000000000-mapping.dmp

Download
memory/784-209-0x0000000000000000-mapping.dmp

Download
memory/1284-203-0x0000000000000000-mapping.dmp

Download
memory/1288-206-0x0000000000000000-mapping.dmp

Download
memory/1300-139-0x0000000000000000-mapping.dmp

Download
memory/1896-182-0x0000000000000000-mapping.dmp

Download
memory/2000-210-0x0000000000000000-mapping.dmp

Download
memory/2316-152-0x0000000000000000-mapping.dmp

Download
memory/2392-141-0x0000000000000000-mapping.dmp

Download
memory/2456-177-0x0000000000000000-mapping.dmp

Download
memory/2772-131-0x0000000000000000-mapping.dmp

Download
memory/3476-205-0x0000000000000000-mapping.dmp

Download
memory/3600-145-0x0000000000000000-mapping.dmp

Download
memory/3720-168-0x0000000000000000-mapping.dmp

Download
memory/3804-146-0x0000000000000000-mapping.dmp

Download
memory/3944-143-0x0000000000000000-mapping.dmp

Download
memory/4048-191-0x0000000000000000-mapping.dmp

Download
memory/4408-204-0x0000000000000000-mapping.dmp

Download
memory/4440-140-0x0000000000000000-mapping.dmp

Download
memory/4532-213-0x0000000000000000-mapping.dmp

Download
memory/4860-207-0x0000000000000000-mapping.dmp

Download
memory/4916-176-0x0000000000000000-mapping.dmp

Download
memory/5024-133-0x0000000000000000-mapping.dmp

Download