Analysis Overview
SHA256
f91d32810260f25e95f93341f8ed47d6ca2d554ce9dbca78ab553a66117aedf6
Threat Level: No (potentially) malicious behavior was detected
The file sample was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 11:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 11:29
Reported
2024-06-11 11:32
Platform
win7-20240221-en
Max time kernel
142s
Max time network
121s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FAFDE501-27E5-11EF-9891-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40fe1ed1f2bbda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007270dab214d5bc4e8af05b13166bd11400000000020000000000106600000001000020000000927f103e681a87450adc8cd919a93eca476beb6d9cae0b53e256825e639097b5000000000e8000000002000020000000e5c278af2014092f7978f002490a3bea589c3b5424d4acd78d32b6fd4ccb2b68200000008b3f65fbbb75548da3285c0ad2f20976d89f03221e89be2043b82def929540fe40000000c8adc231a99aad2666b0628241de3b3295735e7bb9a5e40deba67078d6f76dd2ee3cce878e39138dd4dd6f2b7e83765a1549abd58ffff52c9854ef2c6356aabb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007270dab214d5bc4e8af05b13166bd114000000000200000000001066000000010000200000007627a15cb54f0e2e162e6c5bb762300b6fff3a9e29f187cca9f20c0172b00ef7000000000e8000000002000020000000641502130aece5f564269097be2ad2908733f1976d83f1948785c6bbeb0ce18790000000ff881d4002b655b3878ac758ed77adc95009bb4f2340b457370aa0bbae3ed53df6ea0f7857468ed9fed4b2e486f3337dc248f8885ddc36829103ed366551ac0da203d2a1ce2f0593555ae8ed4c4d518260ad8518092d656cdf26ec08abced8ac975ea129754ef08cd6424aae2168fa36dfe8bbb068bfc01d37307b3bcb07dcd14e0c225bdf99cbb97f59c4aee7a81edd40000000204a5a53414191773e5b1081e0d0df2e7faffbea003bde65f342248888c7d12be14862e8dc04aedfede8a36cbab880b4a9e08ed6c47d275a8ca6ee133e38871f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2028 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2028 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ef78c974c7e0608766c232f0ab6ed5f2 |
| SHA1 | 65ff7d45f1de5a50af2f33ceb0fb7b20d4e532c7 |
| SHA256 | cc1ad78c5d8f75b4691f0acb26517eed06a6dd5afd673a760099419bb80f8f5d |
| SHA512 | d84e6ce229dc9aa86c0ec36054cd6569dcf6cdde4b3911e50003e22ae0125ad5d71cc2e7ad1190499f01426c282055a319daff14211bd7d4c69f361867e0f7ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | bbe686650f49353a0919bc86f90733a3 |
| SHA1 | 9ef3325a640e025ab1c700c3ba8eddb1d0ae3b3f |
| SHA256 | b9da686343275ed39168c797af0735e62a34a273b42daf1b72532db6eeeda158 |
| SHA512 | 0ba5252b83b9a04996b63559e8e6a6da1c615c7455f59286c6bb607a1981a4214692fa3a7a7067ecc09a373da5a9b271c531adf9279cb5fc5e03107e16b0b144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0dd44f433bbf89fe843f3e477e1634ea |
| SHA1 | 2e2ca3bfd42b77c9662ae8656968472533f405f2 |
| SHA256 | 350e8fd5c9f9ea3b36ce1b8be990f897c48d5f363c4987db68f2098237dc9a92 |
| SHA512 | 28a7016d914d4d06abadb09fe8615c66e9e584651e268664964adffbff685448c9073739704880c2945682f3182cf26dc7c095a1cda6161b635e479eb19ee192 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 870b0073179bffa17874bc2cdbae9994 |
| SHA1 | 25fabde73a700cb7dec78219cddbb4a6f00130bd |
| SHA256 | 6d0c59247d95e48d6df102cd155e84cd68532367d2ef092e05b270eda9e66cf0 |
| SHA512 | 17d1d03e68a6c17bc4c6007abbeecde19dd83a78df525978b293de3aab682074b09da3704be1c09ff7cca937dd7c7ff85edddc6eac127088d9fb034cd4829801 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 5820b2bcf2251491a8f17f003a7dbfb7 |
| SHA1 | bdd84a582c0af8b3f24f034a3d38f72f2dbe9078 |
| SHA256 | ec1ab70f6f51c30255cc5ce1adca7d0ffb5ca10ff8091408f5c7783702d4d8d0 |
| SHA512 | cd775f6dffddaae313920f0eb66022a9069205efee27ae22fc868f94488f189e3690bbcafd81daead10255906bbed27d5248073835b27a5c0a3ddbaaeaf42af0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 63f919430d6d80532fc1f4c69921ca85 |
| SHA1 | ce7298b0f54e177293684d2f5504f6129ec48bb8 |
| SHA256 | 216e6253db4164f244ac5b1a2e41dc5560dc6d7f744294925aa2e79be6c395aa |
| SHA512 | d74d7e0a5bc736b0be07e0588b34d655d3dcfb9d39a1b69a87290c0b8607cf1efec1b67dd19e4ec15c8f1541e0eaed9cd56800ddb417e3f10e01d2fbe447a9c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8c88f6cf920a4a29d0b9519a5536fc5 |
| SHA1 | 5263e5ab920d5f9a857965b565c7cd5161969642 |
| SHA256 | 24277b92f4495a00bd93cc18a327adf8460de06bc8b49fc9952362d3e2840d05 |
| SHA512 | f41fab2a9b3c1359a5398b2d5162c2bf0957e5284511ed16b651ea5f824b67d2cdb63a1cc125f0e496b2803f2aa1f75793e10cb310e277cf31a70d49a22c9a3a |
C:\Users\Admin\AppData\Local\Temp\Cab46C2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar46C4.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar47A5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0391661f0656af9990d33ebca53a7cb9 |
| SHA1 | ccac1f310cba414b153e31b166fa1696313c2998 |
| SHA256 | 1731196ccb142984beb7a105f4685f0f9addd015817a90bd225505774e7abf8a |
| SHA512 | c752a2182b191512942f4a3bed7be2000b27fa61310822a0f4c9ab1daf4a7ef1719fea817c540ef8a8efafa64d1727d629176ab77730e7eb4571e8f7d76f9721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e31c9704143f45575c1337505c7b460 |
| SHA1 | f62523ce0ade7ddffab86b47e656b4286cb806a7 |
| SHA256 | d866907cde4f19a5be7ab8e145bb662cc12bbf36e5e3443a396f9972f7df69de |
| SHA512 | b48da0300e051e3ec36d7df71c5a5717d95350b5f2001ab755751d5cf9bf01562223f02e8d3ee5c8870ab2e5e71728942204010f15bbb230d1727977caeae141 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f2179384fdaa9e3a06f46fc04245690 |
| SHA1 | 7795430545f147f69d7335ee7ace4750a282186c |
| SHA256 | dbcfa2699e5596fade5c8742ca5188abc436213ac335db99b2427acca004be03 |
| SHA512 | f688d29bf356bc25c26107ddd9be8217d4c14b5e07a182aeb537d2c1ac7cfebf62ddf18d66f9176c420441a901c231f9d5325e3b60c2a8f098c57348926de253 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d5ebe0929dca9a7354cd3c1ec3db5aa |
| SHA1 | 2dec3009b0f41508a8f250a46875c56231ab5542 |
| SHA256 | affb93370f9835d284adca1ea635d4006a888123c146169acd449848bc91b695 |
| SHA512 | 7fe60401d61ffa20d8a92d071e496f3455b691a41e769522cd16131a74fbc2a2843335dd3aca9ef3eb8c09b979694cb290e8154e3368f8d3e21422f1c9b36422 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97ae4e13a8f10560a793d09e337f4578 |
| SHA1 | b563f4acdb381a02d5709c748129ff0b7fb6bc9e |
| SHA256 | 7cf62b27c24afe96f30caa284a7a84545439056feea6a7f982e2dc51565957ca |
| SHA512 | f07ed7851656259ca5c10d8c1cc3acfd7a72ed389997ed9dc536d11613c0daff30fd3bba8317c6cb0e119f74c049c76d96f1fc09ce756659b1665c9013df1513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6539edc0bb3c7856aeaf4e4ba28cdcff |
| SHA1 | c349587146f380355f749f730e29f911bf2913fe |
| SHA256 | 2e9a18de02945b8825cc55d3a1c6ba1a5de6f98cc82c1ed12a126df3772aeda8 |
| SHA512 | 4b4d034dfe04c7409ced67cfb2c9fa3432aa8bebaa760029ff99ac86a02184d610335722cb75ad4e7db61bcb2e21926daf68d07ccc76121e3c8224de5f8d51b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9608118a37a3d7c616f7e2d4f69fc6dd |
| SHA1 | 415fd7ce16c88825b683e0ae57ee83ac0209f65a |
| SHA256 | 998fd3a6cd874ee7b3539f5deb5509c14fc152262e89e74fc770d8496e501b8d |
| SHA512 | e2e1a1ae6babfeaafce09470dd61c6f0b473537433cf3367cd08e38c390af4ab1a164a5fe5358d3d4ca825267f9a7238e89856edd6caffed225d0dd99b680ab5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 465af6a381a15e32556dd9e71beb9bab |
| SHA1 | c273b9294533229874ff0df00d4f75d92d4fad8c |
| SHA256 | b95f4960bff71467798616ad836cdc5db6340c700045bbf47614d767dc6f77e2 |
| SHA512 | b9c9d6a2aa002205d2d054c6ff17746057a62a3d2cfdeb940d280593518f196ff8b0020e8f76cf0c24e73070cb85cda7ed9a29d271a99e46b0123f81a196c982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4419eee3168a926c52fd25c17a4b3a2c |
| SHA1 | 723384b6def07cf5f115ceae20d6a40daa4bd5f5 |
| SHA256 | d44497d1742a434b8987be25d8dba7ce8f69bb8872d5ecb5b834dd5ca9f97ff4 |
| SHA512 | a9810f41b3b7cedde30c2863f2a1a7d1fec3146d40504232679b21470716338560315eeed42b10a63a156d455976647bada08c5bf6cdc49422f2ada0af4bbaf3 |
C:\Users\Admin\AppData\Local\Temp\~DF4AE2E8BAFAA2BFB0.TMP
| MD5 | 5c5a1c19092da63c73536f6f84a1eff7 |
| SHA1 | de1b6c27b6ea883723cd1aa15d5297ce66985902 |
| SHA256 | f429c33bf68655bce1eca9bddf816098bafc48754e2af3c8c069849dcf65ce7c |
| SHA512 | 5ffceadc1f356e4956d866662a30a78d84b480738db4c48dfaac65482425d7507c21bc02c03430dd165e3bee98b1bb1bae7fc65fe5f96cc741bf249ba3c60129 |
C:\Users\Admin\Desktop\RevokeUninstall.tiff
| MD5 | 28d51d21d25346da3b895b16061a5a0b |
| SHA1 | 18bb5aa14d919b159f8136033303dd1f215d4293 |
| SHA256 | 922e3a1c9215ef62fd1b4258a0cbc52806111043f3a28e2859fff697ab17c662 |
| SHA512 | 101aaf66428ae3b53f7852b7601a3765d107ff0c53e94ab0bfc724257e501327f410d365ca1b613422933aea9f19ce40bda64f89772211e953c80504df4be493 |
C:\Users\Admin\Desktop\SearchSync.avi
| MD5 | d5e6321e687b4a78d4c2f93db5295b2c |
| SHA1 | cd6701aa4514712362e33af5be4fe38e498a6fe6 |
| SHA256 | 2435842674e046c55652613b4cc8a6e9c7f5a13f9e7d09f848ff8c0e15fdcd4c |
| SHA512 | 19a24af4f1bb06d2406dafcba634a7e6a2f2dec6fc4090a0a77b44696b6b15a2da0739b9ce23ed341dc9de0041a4d10fcfd83aa38013dcc676083d4329bb33e2 |
C:\Users\Public\Desktop\Adobe Reader 9.lnk
| MD5 | 3de8f7be42511037eb3d26e7c9e386ef |
| SHA1 | b6891458fb365c15de27624a7cec0fefaab13797 |
| SHA256 | c72e43f24380bf590881e693835b2033fbb61329cfe11f518f32405168ab0ce0 |
| SHA512 | 12f1933406094fc68350b799f40d5df8621caf93d910c64ef748d76ffa7eeb52e69a357f1b500ad8d9b4ab7cb295eea856cff0e74888c8f2ed7cde446ed67b3b |
C:\Users\Admin\Desktop\ConvertFromUnregister.cfg
| MD5 | 89a99870bdc9d235d9d68c7c2d3f54c1 |
| SHA1 | 21f372752ca49415d76c3ebc1e3584ce198d1995 |
| SHA256 | 7bbab8ac9d04b9882fa864bc3b107d954bf9d1edd0e366c967391fbbe8bfeeb1 |
| SHA512 | 3c3bfdf57011b93b2b051ae41a7fb1f25cff865ef18669a738301db717ddf01721c6ee30f64d12ed04cb0e25373793430196265ceea1b5ef6c034e551430a5c1 |
C:\Users\Admin\Desktop\BackupSkip.nfo
| MD5 | 4b13be8aeace6083855884b96a40d44f |
| SHA1 | b0e60747c656da62ccc7076cea68617e704b1766 |
| SHA256 | 1192a7d187834760d1e3cfdb755ef5d34a653e118819e32e808d8ad7897bd707 |
| SHA512 | 7f830265677f41770a1f2fc234ec29e48e2e8516e652569845621f238643ec9b581bc1a79e0b6364e6dc4267b5348657215a89b675fc17901fa0afaf4a6f0367 |
C:\Users\Admin\Desktop\DenyPublish.mpeg2
| MD5 | 7722fd905d5812ed426b831620622e80 |
| SHA1 | 62d862c6d85fefdb63e7b4f56310af769248142c |
| SHA256 | 5e880a82bdff312b2f437a90cde860cb3c88070c5d0a2516196ca226a3553755 |
| SHA512 | dd2f0f93dc4b2557ff722dfd6d05e6777f8dc4272996301a81c55b1529c46edda4c9dc19679bcc3dee12d95ce03e3dcbfafeb7f9fa0c4d4af8db574687f6b7c9 |
C:\Users\Admin\Desktop\ResolveUnlock.docx
| MD5 | a117bee456fdc421bbf89632b8eb1b81 |
| SHA1 | 5d2e8ba43bf5259b65fb138191bcba2785ebb359 |
| SHA256 | 57c07c2f35158f095189909e6bc2a6266b6dc546de6236323c43f43df3a5b730 |
| SHA512 | 9a69e13da4ef6a4eca08e5ea98a6ba7591919e73e069de3d3557d88868499c4f3a4b53a82c26ce445d5f09bee763dcb476ce41f6165433570e47f4d4c15f52df |
C:\Users\Admin\Desktop\RestartDismount.snd
| MD5 | dd6f6e9af4b0d4ec41913602368f3702 |
| SHA1 | 7833fc9fcf91098edaad9008276a73681924e56b |
| SHA256 | f344b8a6e460868532b1ddba94f9b2eb19d0c9600a00c88b134ed3dd5d9fb92e |
| SHA512 | 019952c6b1ab1cdd4a77354c08abde725e4010819cf8b0b8a732c8a5698de8b9ba06256b59101c69f2ca586f8cfc43bfcde60f27e95f4daef93d49ecdbe33421 |
C:\Users\Admin\Desktop\PushExport.wps
| MD5 | 30e3b007c861e2f4aa9494e20ab5ff40 |
| SHA1 | 66a5728364f77fdadb389db91a53d3ea5313b58d |
| SHA256 | 4fe205c5cba4c80a95ddb526200f76d2067ebe025c4b529c4653ff015928a959 |
| SHA512 | 0368c275ab8c33afb715edf462249347fb48d7eac87add4b815042bbe824e217a56fc39ece6f1b613c735fafc7aea19f4abe00d7e90219eda1c6bf4a5e56b26d |
C:\Users\Admin\Desktop\PublishEnter.wmv
| MD5 | 4afaff4efe4fd9978c6a0c16bc50336a |
| SHA1 | 4479f578abf818181a6131368eedb7feeeeff067 |
| SHA256 | 8db24f123162e032450a62a455ddf550c2fe42787c58141397f3e0216b863ed1 |
| SHA512 | 835f3b046861e7c002579543418dca75e46bc842eb463ce31fb5dd5cf9793ac28101dda21b32b5f7aff72211334f3ededd1f68ac7f5823c9a8d323587b592e2f |
C:\Users\Admin\Desktop\ExportUndo.mpeg3
| MD5 | 54254fb2e93aacec70f140d49216caa9 |
| SHA1 | 14c0705a8c324724d74c279a1a9fe1ce16da94d2 |
| SHA256 | f3fbf4b7fb7676ad63f604b48a0a5bcada4ad6583f2eff568ef2f14b3916b52d |
| SHA512 | a1fa43f1a2938d7acf7b7b4db791df89b029d26b3a512a78cfb288b576d30d5c042afb8fb03b9094dc9a29802f8d3d922d1a4c28ef30f3689f46378fb537355f |
C:\Users\Admin\Desktop\EnableFind.mpeg
| MD5 | 9883ac097ff70b69508c23f41046a72c |
| SHA1 | 3011f69b7115060f0ffaa2c64454346d1febf7c7 |
| SHA256 | f120308f6e72f9f4f62bb35e367ba21edb610b9a7bc54cc8213d21e974386f07 |
| SHA512 | 36a556a1a9d460cd032d8a5dcc3ab425382aef980ea4b20b81ba8c2da857b6eba0cd3b7f126d055b47875bba8dbb0a2a861180012bd84cc7b01ee75d8d431151 |
C:\Users\Admin\Desktop\EditSubmit.ram
| MD5 | 0c3271adec28e736dd89b5c2d1f1ef64 |
| SHA1 | 631f8402e3740d49d255d41daa2c25f3e1bb27f1 |
| SHA256 | 839dd5541570fa5ee4d4ec2e4b9e566e486254d13a34f1ffaa006675a366bcee |
| SHA512 | 961c63659a8d6738c762ab7cee652fcd0c2d03db2b3a15c181cabeb845e2007ed410ce3ae2e9aeb0d59999617c180f05ebd35f0de9816846ae610920dd51a492 |
C:\Users\Admin\Desktop\AddJoin.exe
| MD5 | 5798538ec15b6f389ed1fc107e7ac106 |
| SHA1 | d8033c7898f0c7cd5a91dd02223693657a2c94b6 |
| SHA256 | e2ff0d336b5b693d680db795628a8eca9cf9b9c3c1af03ba0b099a2d18947541 |
| SHA512 | 5070dd44a2049694e96c135977fb627a6d2462c7168df5e8a190a67f8127b3f63ccea267a93bd80811e8f84fe8259f57099c63ffc053fcb4646a660191ee14b1 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 47c6ff3caf41c74d20a309bec0182d3e |
| SHA1 | 0b1a518b06ce14b685f22c36fffbb8c0cbc929a4 |
| SHA256 | 86603f14795f952cdd503417515a32a682252e034b72ebb4d731d91b96cfb836 |
| SHA512 | 02b0bc643d90d73d911a1439441f3128686c3e6a5004df228b25b5b34f80761cdda47843e6cb59fc169ffb69f31bcf1da666431ee4357a1fe863d1edbb0cf668 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | d4de3e369ea17fc058e1c6b98a2d32da |
| SHA1 | 56504411a02834b62f1db453df98a0ab607db58b |
| SHA256 | 5e930d35afa5b7c478d33c993df589e1c541a042d4d0d13a41feefe43bbb0416 |
| SHA512 | 6fc265b69fc868a79894085894a641ab75331b0db94a02f3ef531413a65bd628d6dbeb50782cd67f95a1890b5c284951f38a1a4137f39dea1812eaeb7818120a |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 9239ddb4263b2b88007c60d30227dca6 |
| SHA1 | 65d6553f4c8a82c1ff9d83403a6e7e60d50f3826 |
| SHA256 | 6f12120ce5bb7d7bb465333e4e2f09da67483f07be2a2048dac7a6ae9b42e91f |
| SHA512 | f986fa15b285f732371fc32b0c17a4d38f327adb86d9fa3065b75ce9f5c04e9bfa0c947fa9f9749075a260d446751361c3c17123bfe34755e7c4f14a1ac52dce |
C:\Users\Admin\Desktop\UseCompress.vdw
| MD5 | c452ff00c30c7c2adfb9707dd44e772b |
| SHA1 | 4be102108695bbe47c90b563aed19d2390d31a69 |
| SHA256 | 27370bdf5b68bfc87bdada6ebc3ed21b813e69f2a70eccf68faeb3ea46cbc2b5 |
| SHA512 | 56dae537267580fbe51964342f504fbf2957c4aea6ab9771d118a5c4d5540192168790a600c6cc87fbd47889df06bc5c68590e4383546ff7796120b268c80bb3 |
C:\Users\Admin\Desktop\UpdateWatch.mht
| MD5 | 342760f6a6c3f397959b2f2492b6a6eb |
| SHA1 | 5e1544f4b9bda612fe14df2f97d8037d7646f21f |
| SHA256 | 860fe887915305cdc3621d63a7a9e70cca3f9a325b0c31dc7e3caa006531a8bf |
| SHA512 | 9068f693c07bb8bb0b1ddb4a149260e3c679f477263a9764e5d27fe19ca5a5bf37d2c800b78b3f0a441d5abccd5616a6dbf87cac0416f1b5597329ae2ae460c6 |
C:\Users\Admin\Desktop\UpdateRepair.mp2
| MD5 | d4810e2fbfbffd5744e02df01b3b148b |
| SHA1 | 0b552c5d542aaeba5a8b9406e55a2f9c0aef4b78 |
| SHA256 | de6079ee0a8ef8f3461ed023ee19aa2c0a1ca0f86d47da5eaea524cd422d21d2 |
| SHA512 | c9c2ab7e01cc0ad336651ed640e9f3b084d3d9b53576c06a0cbd47bffc0fda27920826709f6e94d5e55190c9999717b2be98a608cba7ea5203c57bcabead4acc |
C:\Users\Admin\Desktop\UnregisterUnlock.mht
| MD5 | 047bf854473c8a2d5be207094c0cdddc |
| SHA1 | 5f84697d32c67b806acea81e3313e66769200a9d |
| SHA256 | 798727691b751e45cd480d18b2dc22ab0478d80d2106e75de5a0e1e9c47a86f4 |
| SHA512 | 10c2720172821798ffeb9c21fb9eeefd17d57a75ce158b8360361efd146fd659f48581d3d28b41e118f4431028653709f9fbf51f59c604b5cf9d232b53fc20fe |
C:\Users\Admin\Desktop\StartConvert.txt
| MD5 | b20dab057c7dd91e57d3803efbb462a9 |
| SHA1 | d775b1c3bef7cb0744e635a617518ea0e0b2da2f |
| SHA256 | c358118db8925ead520d6c3293c7545c269e3eaa6f9f61fc479800eb2b9f23a8 |
| SHA512 | 6dd83cfa921fd16323d7f397bd3ce7f3615e8b16c54722716486f417e61a730d50a0d6e2374492e781c3e64e3f6ff3bdbed52a122fd08dce572624918a152840 |
C:\Users\Admin\Desktop\ShowUnprotect.exe
| MD5 | 068f34169220e74fedcbf6c0e92a13ad |
| SHA1 | 39c428360e9f4055da3eede370bead79379b61cf |
| SHA256 | 4fcc4448d7e1862a0281d903409a64f6121861cdb7fc80021ae7abf688be42de |
| SHA512 | fbc825dcf25f75637f22152fd42e4daddb99153f7cf2955594692cf71c609538f5713da5fcb81b1d4afb5a5ff6b7bc99b779c5f18fdfc327ce5d5bc04278538e |
C:\Users\Admin\Desktop\SearchUninstall.odt
| MD5 | 8eb2e492014ea1ccae0c18c21549421f |
| SHA1 | 345f8c9fd1f829b48fe5da9e34ddfa972a058506 |
| SHA256 | 8a3402abdc9b2340c6853266367d2c063d5dac80ca416da7e508354b4f001fce |
| SHA512 | 1ea8e7f54ce7dbefcb01680540ea4d37903ba72dfe915b435a3185a81c6200458275ffd006a76c9649210704cfddb058fee89a7f5b74e77a24ce8d03485120a6 |
C:\Users\Admin\Desktop\ApproveReset.cr2
| MD5 | 6a7ce7749877c86440d6f1a872061758 |
| SHA1 | d5099432226b66cc979ac969405a6fb6371f37a7 |
| SHA256 | 31fb863049736f890840a6bb299605136e41820683d36a438c2c117e8c86ea69 |
| SHA512 | 649eb516bef8de0781a1a26c9d2ebc6ba044659882cfeab607871fd2185261dea556a93cd45fd00fcaea9dc1091404c192f024715607e34c4813ed46a7875347 |
C:\Users\Admin\Desktop\ExpandUpdate.mp3
| MD5 | f34feb79465bda2ebd0c3256b84d4b63 |
| SHA1 | 88fea84a0e96c193b84ef17dc210c54c78f9dfbc |
| SHA256 | cb8d621c693cfd5f07adb0c41a8034936233bf0fe5ea2b74c37ec843683b92a3 |
| SHA512 | 0d75b98a00731ec3779846dc12961d39529509d29eec3713cd974d2c87452848585390f41f0df53b26a49a2a99ae82e06b0454fcbe456aa153d267a9d0d2523d |
C:\Users\Admin\Desktop\ResumeExport.3gp
| MD5 | a85a032882f2555ca6de8abc056c30e3 |
| SHA1 | 696114674426e7bbdd2cfacf9bc54cb9fe03d292 |
| SHA256 | 3ebc3f397430c19bd52772881cffffdbe30dc3eb7e75764af5a452c5402668a4 |
| SHA512 | bda3c0a7c1ea9b4c494ed22a769e21f40591dccaf6d37a13c2add62b0af47f501be3e3732834d94054df104977b8565c4d4ca03d3051f8689a7c6c50f71b314d |
C:\Users\Admin\Desktop\UnpublishEnable.dwfx
| MD5 | 0b972eca2eb07f2ce1c6d96f0e0188e1 |
| SHA1 | e1b659f239add0bcea8554547f26d6c51d08b486 |
| SHA256 | ec62a74e23c197b4948df14ddfc10a2203ce4abe51b7b3e7debe2736110dba6b |
| SHA512 | 5650037c5969537c47fbe21bd12a2f5c1c844c169bba4a0e7800d1d999b1694cd8f357175fa78e0582729e9f6df5fbf439add8a55b5d329acc23542580d9b3ea |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | f271df5e6c32909ab5173b3993a8a435 |
| SHA1 | 583b30d84f0cafda8e9386290498ce4686f851d5 |
| SHA256 | 6bede0459737df5a2ba349f0cf44c7688a0c52a53c99a8987ba5e44c95b4afac |
| SHA512 | 965d6d46e484052ebab3292b0376b8430ff03465960903f73e520bf3013233d496d55a08a865f1a35a8c6d57760707c25fa4ef04a5f7b96f0e0493bb37c7562c |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 9904f14412b344eb2f43ab4a29bfb914 |
| SHA1 | d5885a6d674f0b0cd437e505912e53f131f873d0 |
| SHA256 | 5560a0439143d149648445d1e4429daf22b4b8a7d7e9ac6e5f7b27ad4fdc2e3c |
| SHA512 | 3e352f8cccd2c652b80b47d8e267c3d7573f1c694aa973b142ec68dd0c6eccc028cfdae7ea25770a0553e164c652a71dd351c1208c191104dc5382b77f3477b7 |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 88ccfdbc30f42f914624a61d55c4420b |
| SHA1 | eac9092bb8462952c8fea0736e898b42cac2ac02 |
| SHA256 | 84a832cc5fdaa6b440538aac3b9dc1d3b67f7eb0e6879ef6930da0d3b9811460 |
| SHA512 | 6350beb99ce9979931dc535dc7077572c45749e1b7b5643505a0a6e34f27c35cc907dd0ab36ad6b8a4625c52573fa6cf44e92b9330097d3c69f07449e0d97620 |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | b2a5425f37d1e1e45bba6ca4f1700871 |
| SHA1 | 437f231098aea6925f878520d63fa02d27cb7031 |
| SHA256 | 2aed6333a8d59f94703a48c2214d47eef24b9b7aae696e8b257b53bfba2b6322 |
| SHA512 | 244a20b3d32e7b49df9a2e61f42c76e0928fc7d6c33a4bf484c92da1194aaeb9f9ba3d07cfee11338630ddc70f396eea9a3971651bfe91a82df88c6ced735e59 |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 7691bb2c02a624ec52dc97fe80e9fa24 |
| SHA1 | b57b8cfe74df67d9f394b694833238b701f7c63e |
| SHA256 | 4f78642fa11b0bb72be819dee3c3f688d51323e6a8dc2001bea2ee2689390a00 |
| SHA512 | 19afe960c65cbce5afdee3c9774a50c7807da5251cb15891f13942ab2ff90cda7ec67fc56853623c9233bf7f3a95ed6ac32bcda29630586c898232ed00ca4f98 |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 6671aa2ea098e5e2b2098d52cc20564b |
| SHA1 | 74a190a4a6e99e4c193c23802d8802f48ae03f68 |
| SHA256 | f62c713dc2e23de5343801b11f8a8bf5ed415843ab84e177f7b0dca13fb47975 |
| SHA512 | 5aaa0ff6b2e72376c6baf39a54dab8dd6d166215d73cdb475156a83b8c6443307d4a49033e0059c5d5de93ea0b0d610da97731adead047014aa48a39d1863eb3 |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 86cc8c7629a8b57983abaf51790ffde6 |
| SHA1 | 136c2046936ae997d1c844d51c40f4842d7c3adb |
| SHA256 | 903170f5daf3eb72bc2a788b6c4584b6e1b4301630882ccf8507522121f80149 |
| SHA512 | 5fe739fcba81b8bd23f49f382e4a2b08dd72141dfa0c9a7e9fc49f0686af2fe54c4ce5424e58a53f3ed4ed19231dc5e1c7f10025c270de0bb099b10b89e574ac |
C:\PerfLogs
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Desktop\vcredist2022_x86_001_vcRuntimeMinimum_x86.log
| MD5 | 85508b50d0daed2a011532e26a036771 |
| SHA1 | 324b5da9dc50f5a7fe8b80249d1af601557c003f |
| SHA256 | 7a6bfb27c873171afa9908559fcafa6015d806165cb8a36210c3981e3733e961 |
| SHA512 | a907f5a2b781e82b0d100126482fd57fc904a614658a62ed31f52c0538fc29712437fedf665f616def17b131b36d32ae02f73cb8c9f798f5acf10d990f884f23 |
C:\Users\Admin\Desktop\vcredist2022_x86_002_vcRuntimeAdditional_x86.log
| MD5 | dc66665f8cb86091bd514ac5a3f1a552 |
| SHA1 | f0f36de8c6d852bdc4d3287cf72f446765c2bfd9 |
| SHA256 | f8645173229006a3e8b661bbc9274f385aaaf8617b005af7e084385e958835cb |
| SHA512 | 4ef2dbc0399bf9ef9e1e6abe173d09f6cf84e9b5cced843d0d9115019e37c73a11cebe640cbe504b81c70b578bfd4649c0e113d67cc6de1ef6accb29ed04340e |
C:\Users\Admin\Desktop\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | 8cb0c4d6789ed409b51da4f3ea6de8a6 |
| SHA1 | 5d6d6dea6bf5e9e5cf5dcf19a545a3a7ab6d0f72 |
| SHA256 | eaf9189451aefcf968d9b5bc0b2106c8b3e3beabb7f7ae2312a96eed2b15b56f |
| SHA512 | 1c05f43a2d0a6c5ad44cff4cce50b389aab501d5cddb961f4e8fcd404d66f79a5ad304ed6daec9eb536a821d131e63e8366b10ca8182a07072c134a77345126c |
C:\Users\Admin\Desktop\vcredist2012_x86.log
| MD5 | 3c857fcdf7fae64150e2bba0c587ef56 |
| SHA1 | c6585df80bc761521228d3e72246244a8e9ebc30 |
| SHA256 | 8298510ab3dc90d8d55acf17dd717e6a4c6d4e7687f239839e14e075f733c433 |
| SHA512 | 610b1b15d4b2b03ce4e4cf493b662e392173d8a5d793bf0cc1e9e900d404577ee17dc73ca46fb11941844977e18bcfeca2af76abcd5c3789ed8d377a17d553c5 |
C:\Users\Admin\Desktop\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | a75bf1e7b43408483bf5f5ea42478bb1 |
| SHA1 | 0f597906392fb41139c38db24e9cc6c82ef8b94a |
| SHA256 | ae53285f73b23d93529584c9cd85dc6a7d8cb91564198b19f66d24719a3fd473 |
| SHA512 | 5a4d6f73242d55b497570b41772728c4b026c2405b64f665daf7b7e8e1656d552c2b778168ce9cbec7dd6441da4c7d1427b866639b4815aef71eb72aa70f63e5 |
C:\Users\Admin\Desktop\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | 0029282d98ffb069429618226e184f52 |
| SHA1 | e4ce3ba875690f47e1ba5d053b040c404f3b2a13 |
| SHA256 | 735ff741fc8a4d705e7e2dea60267826b37f092d75b1cf27e1397dfd617dd799 |
| SHA512 | ef6125ba7eba17a3fcb88af6c974909ff3e90850c997c3d0d6bde614c6ea9ab82ce85ac269083563b73a6e933f179725df9bcaf24060582650cee1cda7c94666 |
C:\Users\Admin\Desktop\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | 437be1a7568d19edbb1693cad46202c3 |
| SHA1 | df42a71a6be98841c981d7aef86a0e3fba4718e3 |
| SHA256 | 95005c54bb0d766dfc78d447d1da7aa48162468aba7b42d5ccf05312b3876054 |
| SHA512 | 20802055ca1c2c775d243bb48917438f3fe3a75ea696f2258a2adf6d4e686653451c1da053b624ad6fcc84cdae5d98feffae9ea0b4d66ee995fdae704cf56f1d |
C:\Users\Admin\Desktop\vcredist2010_x64.log.html
| MD5 | 9e63350907c31bd23a61f935c25960ca |
| SHA1 | edb51b76a269de76bb658500e30ff117a0466233 |
| SHA256 | d168e731756363ec91c68f01cb9b76aa88bb09c886b620d46b261b15c88b4d1d |
| SHA512 | 1de8785122f19aba6d83d975e168a3c077d3c147f44c0ab31293606bf944c33276b2b9a09bef2e41f445c764b04498656ecaf8b9e99b2b8f8144391004b4ad48 |
C:\Users\Admin\Desktop\vcredist2010_x64.log-MSI_vc_red.msi.txt
| MD5 | eb6b3a88c6bd5adf72be2957edb005d4 |
| SHA1 | ac75bd7b681e6c415b5152324d0bff2e54dd63ca |
| SHA256 | f9e66f12d10d1b1f4230b16439c11fdfc3e8c8e116f23270544c9744806d4807 |
| SHA512 | c06591edac1db8b35e62b4fd19f51abf2d861551457433c2b6154d218eb74ec6242a98cd533fc40fb142f70299ed8d525251c404320e568c7f1f893f540f808c |
C:\Users\Admin\Desktop\vcredist2010_x86.log.html
| MD5 | a3847f779adc582c06f7464666685ab4 |
| SHA1 | 188717650908bee35986fc6bc01686169b9c76b9 |
| SHA256 | 4fd37b7b9aa118b80b6ef85402ea98cd6d55c9ff57085123b359048a42951644 |
| SHA512 | 91d6bd7cdfe850353f18e68c5dca1f7a6ae8883d671c692db702ef406e8f07b592cb0b8e1cea89506f00820c8cae0269777fda21c584ea1d04e8e4e978dc1758 |
C:\Users\Admin\Music\TraceBlock.rtf
| MD5 | 4d545579f6c640dffd42f95f4c2f2fcf |
| SHA1 | 0949c3e632e98f64761077c53054d0299a9985ee |
| SHA256 | 8e2abcde532ee2bd5e440e3160aaab03cdc5061d53d086f639a47725501ef99b |
| SHA512 | 87c0c2b25223d3d0974058d7e8075fd4fbdcfb5baa64184809c7eee01a832cb512f10efddf3aebd5e46e68e5523b6d00c304f79e55b6cdddbb78c4c56f7bc915 |
C:\Users\Admin\Music\UndoResolve.mpeg3
| MD5 | 975d40749265af4bef535df09ca2f0e3 |
| SHA1 | d9ca3c9c858cfa555f0385b0c8823a82e608183e |
| SHA256 | 380fe0157564d2105fda945af86aeb8d3ab7848dfc15e92b42e8b8d592affe18 |
| SHA512 | b92b16dc7464bcf961f22ca7e0d0d8c494e91918e7674cf77703a6c358cda462964ba72fb6b65874b8f9f6263d24229332dea4621e8b953d88b661fec5f1c0bf |
C:\Users\Admin\Music\UndoUpdate.MTS
| MD5 | 62b0cdc0a7a7980f7540ffb6b9ae79fd |
| SHA1 | 586a7daf2bdf6d8885c3972c3d8dee5dd433dd4a |
| SHA256 | 1c7cdfeac807fe40e160d72df832daa3301db11628f9cf064a3dea66675666e5 |
| SHA512 | 85a4bed96f668d2faf3c81130c3ff50342c819a6e09ed63df79b7ed21f1f80012bd45c0ed10edd55f7275ce88e4b71b7e18af848728a34dafc1feb41b0e47cfa |
C:\Users\Admin\Music\UninstallMove.MOD
| MD5 | 87f391b1b49d02cbda9eb5d6fb8cae73 |
| SHA1 | b3452e422bac291da2700433f7b125d46e915e01 |
| SHA256 | 62d9755619dede2b47005c4489b7a2665d575573b6944a9bf0a9b680e601ab5b |
| SHA512 | 40843ae85d1e29ead112a8efa4d1e1d777bcffd4290c41a551a77f1165f13717fdebcefe10f639f24af6ba06e0ba05506feaee27199c4b4554335d9f2a8db128 |
C:\Users\Admin\Music\UnregisterLock.mpg
| MD5 | d9a1f00153baffe41175c4391b3ff413 |
| SHA1 | dfeb55b7cbaf295e06630db06dffcddeff83bc8f |
| SHA256 | 36075ced48b75f8c808d3491e4ca082419b44d670ce02dd9bc1d1233edcb1e16 |
| SHA512 | 7231b161e7f8689dceff8738db5f1c1ff75a86c6fc2e19758b3ae918a466090aa98c6f7d5e8bc3231809b9ee90e6f19acd37a0043d354d815273ade8fa691905 |
C:\Users\Admin\Music\UnregisterShow.raw
| MD5 | 25cc0b1a6eef8619e1129462b9d51541 |
| SHA1 | ab2f5b65f6b68bb5cb544ea5386c03982bbeeae3 |
| SHA256 | 9640f8597ec2b5d7525bcfe54de590760780c5f741d29b230c7ebad8d88e47d1 |
| SHA512 | 5e7d544bbb5d62af2ede5f15e03a4ffecb1413993f5fa8d7c15f03a9714688a47f0ff3445abd7fbd4a13077f44926354cc694dc23cca8420ee5a8455d739b0d1 |
C:\Users\Admin\Music\WaitRequest.mp4
| MD5 | 9187435e748996055c4865d01ed39f81 |
| SHA1 | b9f37a5d9d86c8198755c0e7a8e05d917354501b |
| SHA256 | 53b6e790ce54ff0d12ad15d236772f81524409fffcb3768bd64ac877deff6620 |
| SHA512 | ccc27834925b4d151392bd2f626053dae837079b20cf92ecd8675094bc547a1a4a80a73897c3992ef247254563bed04699231962a3f0f035b55751b66699e308 |
C:\Users\Admin\Music\AddInitialize.ps1xml
| MD5 | 10a145cc2c8e4b99b9ac276c70897d32 |
| SHA1 | ccbba1ab285f746523ef5940f675239660068354 |
| SHA256 | c887b946b0a07cd02e41ac9846a6216aaf6c8c048785fffe263d1a539693914d |
| SHA512 | b268df66845b47b5e76cc97f8cc2b3be673347ff77da2e9c72f3b334221ec95cf2202b46a91baabdd8150c10ce8865fda3e765106b8e97b979121c58ee8d30eb |
C:\Users\Admin\Music\AssertSplit.aif
| MD5 | 0f7cd5cfca071fd2d5d7266dc7c71778 |
| SHA1 | 5745394a11ba69fa059d6134fe59350390a3796a |
| SHA256 | b1bd236c53e75810c871a09af01b1561817cb89cd73e0b21171f30ca6a49aaab |
| SHA512 | cb9997e459f574848c34df56fe17e2d5c0fb77d991a08c986d3c4a6ac3cc5f82c8ae654c76c80652b6eaeead86f2b06382ba04cb20193968c6d4051afe085de5 |
C:\Users\Admin\Music\BlockSplit.ADTS
| MD5 | 7da2e1f76964e2a744b0106acc58c867 |
| SHA1 | fe170c7ba6e87df543c41f1a3b8958559a526509 |
| SHA256 | 057f5ce7f01099192fac5fb4ccb537a979817dd7d429e71d1da16b71f35cac61 |
| SHA512 | b9c1bcb14dcc0e45d103c32c8d20eee9f009548b5741d6c82cc531bdb2add8ea6ce6851e1c3b12ee44f6534afb71ff726133ed24992fd3acfa2168a7d4146c7a |
C:\Users\Admin\Music\ClearSkip.zip
| MD5 | 6acd126900377faa80c7dd9849bf2984 |
| SHA1 | e8822704596e6e9dd94e8b0c71f69081cc3116cc |
| SHA256 | 94a118d85916a0d7dab5d3161ba0967e821d01a911f5906f11aef07e72cf3b4d |
| SHA512 | 53877a625b288147e10a9d7d74a8fa8723897495f7f3ba91a82070a16ac96d78a02e22337224f525fa93361af6a6bb8a0eb3e823d01151e49843803b75f1cc2a |
C:\Users\Admin\Music\CompressEdit.html
| MD5 | 54d1f215a99e38128f3a79840f4c20c2 |
| SHA1 | d198037e3b0f9c70faf677515c13ad42f026ff66 |
| SHA256 | 61ca4c9c1dc39d8c7795c2ef37e97cd2972f88c3c737cc9e53ffbb443dedb7c3 |
| SHA512 | 51d44d3e4a2ccf76557f9fc1c93ba064881b9c1e691028ca8f28f55be192eef97fda21ec9a38cace4e66d6920383a6cd5791298108be26118c899343b137c789 |
C:\Users\Admin\Music\ConfirmExit.aifc
| MD5 | d77bf5618fa99243e857ca9aa0438f27 |
| SHA1 | 3fbc941ecd58cf754a9d347171cd626af70f9799 |
| SHA256 | 749c9719ef9cd62c4ca6ccf5ae0641c5d5daf4c5df430ff1621f3de4cc1c87d5 |
| SHA512 | acf633117c8c1b277b6fd67b16a8c418adecf47e3a4dffea5b2cc9b05260d6b1b17d3dfc0faf7e1e040b9a74a95ad46ab2d38cb3eef20a774f0610004c70fb1e |
C:\Users\Admin\Music\DebugStop.aif
| MD5 | e58dc772d6b8d6613461d8143c9b0770 |
| SHA1 | 494139f819722e8968aed2dfe748453c958e7fe2 |
| SHA256 | 7f3180d1ebc4033b46392e9e93ee6b425bf811e9c7dca2e7d387d2c44c85e6f8 |
| SHA512 | 1bf68f73e9d11484562919f2dd539b7632091a2c2c308c7b7bce7e6b07b3e6a206ca992014ba3a654afe3aaa746281ba4b6f14f8799f136fa602c8cef1b5fa7a |
C:\Users\Admin\Music\EnterDisable.png
| MD5 | 1501d2dfd0bb1a263157c47cf8b79e03 |
| SHA1 | 8d240aa7561f756f2cf18bbb4d8b02b2157afbe6 |
| SHA256 | eb120532c40581deae12d8f7d60b3e80136c6d511d9f28789f8f5c42f4cb40f8 |
| SHA512 | e0b3576ba192e3173d5f0f1d4327f21a0171dab92834f99e52ed7f0bcbbc6f479c093d2d7b43d45634f87f510fad5b69c5bfd6149cd8e11cc38e0d560dbb4c34 |
C:\Users\Admin\Music\DismountDisconnect.aif
| MD5 | 80365cf81c80802326f597a65d337ce0 |
| SHA1 | 70db518623ca151f55ca475b934583491f8a1d33 |
| SHA256 | 80d706d1e38fccc07fa7a9dcce241840091749241f55fe44780fd9b472c70bb1 |
| SHA512 | 5384292c0998011794c97fc0f071a2f712ba15733288a192bcc2243d57a0509c6823a477aa13d27f95b75a1062b0a09ea0a2e32adbf117e29bd23ebfd1e9798c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 11:29
Reported
2024-06-11 11:32
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4428 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2968_CXWTQFJWHFQNWWMO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abb5764e17e72c697d5b758d7509bce8 |
| SHA1 | cb26d0c4696fd8a93287244b19cb5b73c5c75c1d |
| SHA256 | eb80ca9fd7731b557fb2316d5661261876a989004e83cce927e10b4ece7c871e |
| SHA512 | b74a2dc12817f9b21db01494c83ad070bb4e7bbf9eb7fda4eb2c68cacb17786e3ff99209bb5e7e1d17f3ce8025d17cce3d93e4dc89e789d6364f5dc8f5ef5ddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bec8c79cbd3a59eacfc4af97c21cde9f |
| SHA1 | 264e27d279614a5c8ccb5d216cfa857da3b84b23 |
| SHA256 | 5ddee0bf2e10e268335b504d0489f66b2ba079850b6d92cbed87eeb80e8c4b10 |
| SHA512 | 99d0756331ab423e95f55c165e22cfe2eb67534004c3b1463f6e63c8070165b3e1480984d39f5e00f3679302750d2afc0ae3679c9777aac334aae42936432817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |