Malware Analysis Report

2024-10-10 07:26

Sample ID 240611-nl3b4awarm
Target sample
SHA256 f91d32810260f25e95f93341f8ed47d6ca2d554ce9dbca78ab553a66117aedf6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f91d32810260f25e95f93341f8ed47d6ca2d554ce9dbca78ab553a66117aedf6

Threat Level: No (potentially) malicious behavior was detected

The file sample was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 11:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 11:29

Reported

2024-06-11 11:32

Platform

win7-20240221-en

Max time kernel

142s

Max time network

121s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FAFDE501-27E5-11EF-9891-EEF45767FDFF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40fe1ed1f2bbda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007270dab214d5bc4e8af05b13166bd11400000000020000000000106600000001000020000000927f103e681a87450adc8cd919a93eca476beb6d9cae0b53e256825e639097b5000000000e8000000002000020000000e5c278af2014092f7978f002490a3bea589c3b5424d4acd78d32b6fd4ccb2b68200000008b3f65fbbb75548da3285c0ad2f20976d89f03221e89be2043b82def929540fe40000000c8adc231a99aad2666b0628241de3b3295735e7bb9a5e40deba67078d6f76dd2ee3cce878e39138dd4dd6f2b7e83765a1549abd58ffff52c9854ef2c6356aabb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007270dab214d5bc4e8af05b13166bd114000000000200000000001066000000010000200000007627a15cb54f0e2e162e6c5bb762300b6fff3a9e29f187cca9f20c0172b00ef7000000000e8000000002000020000000641502130aece5f564269097be2ad2908733f1976d83f1948785c6bbeb0ce18790000000ff881d4002b655b3878ac758ed77adc95009bb4f2340b457370aa0bbae3ed53df6ea0f7857468ed9fed4b2e486f3337dc248f8885ddc36829103ed366551ac0da203d2a1ce2f0593555ae8ed4c4d518260ad8518092d656cdf26ec08abced8ac975ea129754ef08cd6424aae2168fa36dfe8bbb068bfc01d37307b3bcb07dcd14e0c225bdf99cbb97f59c4aee7a81edd40000000204a5a53414191773e5b1081e0d0df2e7faffbea003bde65f342248888c7d12be14862e8dc04aedfede8a36cbab880b4a9e08ed6c47d275a8ca6ee133e38871f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ef78c974c7e0608766c232f0ab6ed5f2
SHA1 65ff7d45f1de5a50af2f33ceb0fb7b20d4e532c7
SHA256 cc1ad78c5d8f75b4691f0acb26517eed06a6dd5afd673a760099419bb80f8f5d
SHA512 d84e6ce229dc9aa86c0ec36054cd6569dcf6cdde4b3911e50003e22ae0125ad5d71cc2e7ad1190499f01426c282055a319daff14211bd7d4c69f361867e0f7ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bbe686650f49353a0919bc86f90733a3
SHA1 9ef3325a640e025ab1c700c3ba8eddb1d0ae3b3f
SHA256 b9da686343275ed39168c797af0735e62a34a273b42daf1b72532db6eeeda158
SHA512 0ba5252b83b9a04996b63559e8e6a6da1c615c7455f59286c6bb607a1981a4214692fa3a7a7067ecc09a373da5a9b271c531adf9279cb5fc5e03107e16b0b144

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0dd44f433bbf89fe843f3e477e1634ea
SHA1 2e2ca3bfd42b77c9662ae8656968472533f405f2
SHA256 350e8fd5c9f9ea3b36ce1b8be990f897c48d5f363c4987db68f2098237dc9a92
SHA512 28a7016d914d4d06abadb09fe8615c66e9e584651e268664964adffbff685448c9073739704880c2945682f3182cf26dc7c095a1cda6161b635e479eb19ee192

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 870b0073179bffa17874bc2cdbae9994
SHA1 25fabde73a700cb7dec78219cddbb4a6f00130bd
SHA256 6d0c59247d95e48d6df102cd155e84cd68532367d2ef092e05b270eda9e66cf0
SHA512 17d1d03e68a6c17bc4c6007abbeecde19dd83a78df525978b293de3aab682074b09da3704be1c09ff7cca937dd7c7ff85edddc6eac127088d9fb034cd4829801

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 5820b2bcf2251491a8f17f003a7dbfb7
SHA1 bdd84a582c0af8b3f24f034a3d38f72f2dbe9078
SHA256 ec1ab70f6f51c30255cc5ce1adca7d0ffb5ca10ff8091408f5c7783702d4d8d0
SHA512 cd775f6dffddaae313920f0eb66022a9069205efee27ae22fc868f94488f189e3690bbcafd81daead10255906bbed27d5248073835b27a5c0a3ddbaaeaf42af0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 63f919430d6d80532fc1f4c69921ca85
SHA1 ce7298b0f54e177293684d2f5504f6129ec48bb8
SHA256 216e6253db4164f244ac5b1a2e41dc5560dc6d7f744294925aa2e79be6c395aa
SHA512 d74d7e0a5bc736b0be07e0588b34d655d3dcfb9d39a1b69a87290c0b8607cf1efec1b67dd19e4ec15c8f1541e0eaed9cd56800ddb417e3f10e01d2fbe447a9c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8c88f6cf920a4a29d0b9519a5536fc5
SHA1 5263e5ab920d5f9a857965b565c7cd5161969642
SHA256 24277b92f4495a00bd93cc18a327adf8460de06bc8b49fc9952362d3e2840d05
SHA512 f41fab2a9b3c1359a5398b2d5162c2bf0957e5284511ed16b651ea5f824b67d2cdb63a1cc125f0e496b2803f2aa1f75793e10cb310e277cf31a70d49a22c9a3a

C:\Users\Admin\AppData\Local\Temp\Cab46C2.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar46C4.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar47A5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0391661f0656af9990d33ebca53a7cb9
SHA1 ccac1f310cba414b153e31b166fa1696313c2998
SHA256 1731196ccb142984beb7a105f4685f0f9addd015817a90bd225505774e7abf8a
SHA512 c752a2182b191512942f4a3bed7be2000b27fa61310822a0f4c9ab1daf4a7ef1719fea817c540ef8a8efafa64d1727d629176ab77730e7eb4571e8f7d76f9721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e31c9704143f45575c1337505c7b460
SHA1 f62523ce0ade7ddffab86b47e656b4286cb806a7
SHA256 d866907cde4f19a5be7ab8e145bb662cc12bbf36e5e3443a396f9972f7df69de
SHA512 b48da0300e051e3ec36d7df71c5a5717d95350b5f2001ab755751d5cf9bf01562223f02e8d3ee5c8870ab2e5e71728942204010f15bbb230d1727977caeae141

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f2179384fdaa9e3a06f46fc04245690
SHA1 7795430545f147f69d7335ee7ace4750a282186c
SHA256 dbcfa2699e5596fade5c8742ca5188abc436213ac335db99b2427acca004be03
SHA512 f688d29bf356bc25c26107ddd9be8217d4c14b5e07a182aeb537d2c1ac7cfebf62ddf18d66f9176c420441a901c231f9d5325e3b60c2a8f098c57348926de253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d5ebe0929dca9a7354cd3c1ec3db5aa
SHA1 2dec3009b0f41508a8f250a46875c56231ab5542
SHA256 affb93370f9835d284adca1ea635d4006a888123c146169acd449848bc91b695
SHA512 7fe60401d61ffa20d8a92d071e496f3455b691a41e769522cd16131a74fbc2a2843335dd3aca9ef3eb8c09b979694cb290e8154e3368f8d3e21422f1c9b36422

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97ae4e13a8f10560a793d09e337f4578
SHA1 b563f4acdb381a02d5709c748129ff0b7fb6bc9e
SHA256 7cf62b27c24afe96f30caa284a7a84545439056feea6a7f982e2dc51565957ca
SHA512 f07ed7851656259ca5c10d8c1cc3acfd7a72ed389997ed9dc536d11613c0daff30fd3bba8317c6cb0e119f74c049c76d96f1fc09ce756659b1665c9013df1513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6539edc0bb3c7856aeaf4e4ba28cdcff
SHA1 c349587146f380355f749f730e29f911bf2913fe
SHA256 2e9a18de02945b8825cc55d3a1c6ba1a5de6f98cc82c1ed12a126df3772aeda8
SHA512 4b4d034dfe04c7409ced67cfb2c9fa3432aa8bebaa760029ff99ac86a02184d610335722cb75ad4e7db61bcb2e21926daf68d07ccc76121e3c8224de5f8d51b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9608118a37a3d7c616f7e2d4f69fc6dd
SHA1 415fd7ce16c88825b683e0ae57ee83ac0209f65a
SHA256 998fd3a6cd874ee7b3539f5deb5509c14fc152262e89e74fc770d8496e501b8d
SHA512 e2e1a1ae6babfeaafce09470dd61c6f0b473537433cf3367cd08e38c390af4ab1a164a5fe5358d3d4ca825267f9a7238e89856edd6caffed225d0dd99b680ab5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 465af6a381a15e32556dd9e71beb9bab
SHA1 c273b9294533229874ff0df00d4f75d92d4fad8c
SHA256 b95f4960bff71467798616ad836cdc5db6340c700045bbf47614d767dc6f77e2
SHA512 b9c9d6a2aa002205d2d054c6ff17746057a62a3d2cfdeb940d280593518f196ff8b0020e8f76cf0c24e73070cb85cda7ed9a29d271a99e46b0123f81a196c982

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4419eee3168a926c52fd25c17a4b3a2c
SHA1 723384b6def07cf5f115ceae20d6a40daa4bd5f5
SHA256 d44497d1742a434b8987be25d8dba7ce8f69bb8872d5ecb5b834dd5ca9f97ff4
SHA512 a9810f41b3b7cedde30c2863f2a1a7d1fec3146d40504232679b21470716338560315eeed42b10a63a156d455976647bada08c5bf6cdc49422f2ada0af4bbaf3

C:\Users\Admin\AppData\Local\Temp\~DF4AE2E8BAFAA2BFB0.TMP

MD5 5c5a1c19092da63c73536f6f84a1eff7
SHA1 de1b6c27b6ea883723cd1aa15d5297ce66985902
SHA256 f429c33bf68655bce1eca9bddf816098bafc48754e2af3c8c069849dcf65ce7c
SHA512 5ffceadc1f356e4956d866662a30a78d84b480738db4c48dfaac65482425d7507c21bc02c03430dd165e3bee98b1bb1bae7fc65fe5f96cc741bf249ba3c60129

C:\Users\Admin\Desktop\RevokeUninstall.tiff

MD5 28d51d21d25346da3b895b16061a5a0b
SHA1 18bb5aa14d919b159f8136033303dd1f215d4293
SHA256 922e3a1c9215ef62fd1b4258a0cbc52806111043f3a28e2859fff697ab17c662
SHA512 101aaf66428ae3b53f7852b7601a3765d107ff0c53e94ab0bfc724257e501327f410d365ca1b613422933aea9f19ce40bda64f89772211e953c80504df4be493

C:\Users\Admin\Desktop\SearchSync.avi

MD5 d5e6321e687b4a78d4c2f93db5295b2c
SHA1 cd6701aa4514712362e33af5be4fe38e498a6fe6
SHA256 2435842674e046c55652613b4cc8a6e9c7f5a13f9e7d09f848ff8c0e15fdcd4c
SHA512 19a24af4f1bb06d2406dafcba634a7e6a2f2dec6fc4090a0a77b44696b6b15a2da0739b9ce23ed341dc9de0041a4d10fcfd83aa38013dcc676083d4329bb33e2

C:\Users\Public\Desktop\Adobe Reader 9.lnk

MD5 3de8f7be42511037eb3d26e7c9e386ef
SHA1 b6891458fb365c15de27624a7cec0fefaab13797
SHA256 c72e43f24380bf590881e693835b2033fbb61329cfe11f518f32405168ab0ce0
SHA512 12f1933406094fc68350b799f40d5df8621caf93d910c64ef748d76ffa7eeb52e69a357f1b500ad8d9b4ab7cb295eea856cff0e74888c8f2ed7cde446ed67b3b

C:\Users\Admin\Desktop\ConvertFromUnregister.cfg

MD5 89a99870bdc9d235d9d68c7c2d3f54c1
SHA1 21f372752ca49415d76c3ebc1e3584ce198d1995
SHA256 7bbab8ac9d04b9882fa864bc3b107d954bf9d1edd0e366c967391fbbe8bfeeb1
SHA512 3c3bfdf57011b93b2b051ae41a7fb1f25cff865ef18669a738301db717ddf01721c6ee30f64d12ed04cb0e25373793430196265ceea1b5ef6c034e551430a5c1

C:\Users\Admin\Desktop\BackupSkip.nfo

MD5 4b13be8aeace6083855884b96a40d44f
SHA1 b0e60747c656da62ccc7076cea68617e704b1766
SHA256 1192a7d187834760d1e3cfdb755ef5d34a653e118819e32e808d8ad7897bd707
SHA512 7f830265677f41770a1f2fc234ec29e48e2e8516e652569845621f238643ec9b581bc1a79e0b6364e6dc4267b5348657215a89b675fc17901fa0afaf4a6f0367

C:\Users\Admin\Desktop\DenyPublish.mpeg2

MD5 7722fd905d5812ed426b831620622e80
SHA1 62d862c6d85fefdb63e7b4f56310af769248142c
SHA256 5e880a82bdff312b2f437a90cde860cb3c88070c5d0a2516196ca226a3553755
SHA512 dd2f0f93dc4b2557ff722dfd6d05e6777f8dc4272996301a81c55b1529c46edda4c9dc19679bcc3dee12d95ce03e3dcbfafeb7f9fa0c4d4af8db574687f6b7c9

C:\Users\Admin\Desktop\ResolveUnlock.docx

MD5 a117bee456fdc421bbf89632b8eb1b81
SHA1 5d2e8ba43bf5259b65fb138191bcba2785ebb359
SHA256 57c07c2f35158f095189909e6bc2a6266b6dc546de6236323c43f43df3a5b730
SHA512 9a69e13da4ef6a4eca08e5ea98a6ba7591919e73e069de3d3557d88868499c4f3a4b53a82c26ce445d5f09bee763dcb476ce41f6165433570e47f4d4c15f52df

C:\Users\Admin\Desktop\RestartDismount.snd

MD5 dd6f6e9af4b0d4ec41913602368f3702
SHA1 7833fc9fcf91098edaad9008276a73681924e56b
SHA256 f344b8a6e460868532b1ddba94f9b2eb19d0c9600a00c88b134ed3dd5d9fb92e
SHA512 019952c6b1ab1cdd4a77354c08abde725e4010819cf8b0b8a732c8a5698de8b9ba06256b59101c69f2ca586f8cfc43bfcde60f27e95f4daef93d49ecdbe33421

C:\Users\Admin\Desktop\PushExport.wps

MD5 30e3b007c861e2f4aa9494e20ab5ff40
SHA1 66a5728364f77fdadb389db91a53d3ea5313b58d
SHA256 4fe205c5cba4c80a95ddb526200f76d2067ebe025c4b529c4653ff015928a959
SHA512 0368c275ab8c33afb715edf462249347fb48d7eac87add4b815042bbe824e217a56fc39ece6f1b613c735fafc7aea19f4abe00d7e90219eda1c6bf4a5e56b26d

C:\Users\Admin\Desktop\PublishEnter.wmv

MD5 4afaff4efe4fd9978c6a0c16bc50336a
SHA1 4479f578abf818181a6131368eedb7feeeeff067
SHA256 8db24f123162e032450a62a455ddf550c2fe42787c58141397f3e0216b863ed1
SHA512 835f3b046861e7c002579543418dca75e46bc842eb463ce31fb5dd5cf9793ac28101dda21b32b5f7aff72211334f3ededd1f68ac7f5823c9a8d323587b592e2f

C:\Users\Admin\Desktop\ExportUndo.mpeg3

MD5 54254fb2e93aacec70f140d49216caa9
SHA1 14c0705a8c324724d74c279a1a9fe1ce16da94d2
SHA256 f3fbf4b7fb7676ad63f604b48a0a5bcada4ad6583f2eff568ef2f14b3916b52d
SHA512 a1fa43f1a2938d7acf7b7b4db791df89b029d26b3a512a78cfb288b576d30d5c042afb8fb03b9094dc9a29802f8d3d922d1a4c28ef30f3689f46378fb537355f

C:\Users\Admin\Desktop\EnableFind.mpeg

MD5 9883ac097ff70b69508c23f41046a72c
SHA1 3011f69b7115060f0ffaa2c64454346d1febf7c7
SHA256 f120308f6e72f9f4f62bb35e367ba21edb610b9a7bc54cc8213d21e974386f07
SHA512 36a556a1a9d460cd032d8a5dcc3ab425382aef980ea4b20b81ba8c2da857b6eba0cd3b7f126d055b47875bba8dbb0a2a861180012bd84cc7b01ee75d8d431151

C:\Users\Admin\Desktop\EditSubmit.ram

MD5 0c3271adec28e736dd89b5c2d1f1ef64
SHA1 631f8402e3740d49d255d41daa2c25f3e1bb27f1
SHA256 839dd5541570fa5ee4d4ec2e4b9e566e486254d13a34f1ffaa006675a366bcee
SHA512 961c63659a8d6738c762ab7cee652fcd0c2d03db2b3a15c181cabeb845e2007ed410ce3ae2e9aeb0d59999617c180f05ebd35f0de9816846ae610920dd51a492

C:\Users\Admin\Desktop\AddJoin.exe

MD5 5798538ec15b6f389ed1fc107e7ac106
SHA1 d8033c7898f0c7cd5a91dd02223693657a2c94b6
SHA256 e2ff0d336b5b693d680db795628a8eca9cf9b9c3c1af03ba0b099a2d18947541
SHA512 5070dd44a2049694e96c135977fb627a6d2462c7168df5e8a190a67f8127b3f63ccea267a93bd80811e8f84fe8259f57099c63ffc053fcb4646a660191ee14b1

C:\Users\Public\Desktop\VLC media player.lnk

MD5 47c6ff3caf41c74d20a309bec0182d3e
SHA1 0b1a518b06ce14b685f22c36fffbb8c0cbc929a4
SHA256 86603f14795f952cdd503417515a32a682252e034b72ebb4d731d91b96cfb836
SHA512 02b0bc643d90d73d911a1439441f3128686c3e6a5004df228b25b5b34f80761cdda47843e6cb59fc169ffb69f31bcf1da666431ee4357a1fe863d1edbb0cf668

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 d4de3e369ea17fc058e1c6b98a2d32da
SHA1 56504411a02834b62f1db453df98a0ab607db58b
SHA256 5e930d35afa5b7c478d33c993df589e1c541a042d4d0d13a41feefe43bbb0416
SHA512 6fc265b69fc868a79894085894a641ab75331b0db94a02f3ef531413a65bd628d6dbeb50782cd67f95a1890b5c284951f38a1a4137f39dea1812eaeb7818120a

C:\Users\Public\Desktop\Firefox.lnk

MD5 9239ddb4263b2b88007c60d30227dca6
SHA1 65d6553f4c8a82c1ff9d83403a6e7e60d50f3826
SHA256 6f12120ce5bb7d7bb465333e4e2f09da67483f07be2a2048dac7a6ae9b42e91f
SHA512 f986fa15b285f732371fc32b0c17a4d38f327adb86d9fa3065b75ce9f5c04e9bfa0c947fa9f9749075a260d446751361c3c17123bfe34755e7c4f14a1ac52dce

C:\Users\Admin\Desktop\UseCompress.vdw

MD5 c452ff00c30c7c2adfb9707dd44e772b
SHA1 4be102108695bbe47c90b563aed19d2390d31a69
SHA256 27370bdf5b68bfc87bdada6ebc3ed21b813e69f2a70eccf68faeb3ea46cbc2b5
SHA512 56dae537267580fbe51964342f504fbf2957c4aea6ab9771d118a5c4d5540192168790a600c6cc87fbd47889df06bc5c68590e4383546ff7796120b268c80bb3

C:\Users\Admin\Desktop\UpdateWatch.mht

MD5 342760f6a6c3f397959b2f2492b6a6eb
SHA1 5e1544f4b9bda612fe14df2f97d8037d7646f21f
SHA256 860fe887915305cdc3621d63a7a9e70cca3f9a325b0c31dc7e3caa006531a8bf
SHA512 9068f693c07bb8bb0b1ddb4a149260e3c679f477263a9764e5d27fe19ca5a5bf37d2c800b78b3f0a441d5abccd5616a6dbf87cac0416f1b5597329ae2ae460c6

C:\Users\Admin\Desktop\UpdateRepair.mp2

MD5 d4810e2fbfbffd5744e02df01b3b148b
SHA1 0b552c5d542aaeba5a8b9406e55a2f9c0aef4b78
SHA256 de6079ee0a8ef8f3461ed023ee19aa2c0a1ca0f86d47da5eaea524cd422d21d2
SHA512 c9c2ab7e01cc0ad336651ed640e9f3b084d3d9b53576c06a0cbd47bffc0fda27920826709f6e94d5e55190c9999717b2be98a608cba7ea5203c57bcabead4acc

C:\Users\Admin\Desktop\UnregisterUnlock.mht

MD5 047bf854473c8a2d5be207094c0cdddc
SHA1 5f84697d32c67b806acea81e3313e66769200a9d
SHA256 798727691b751e45cd480d18b2dc22ab0478d80d2106e75de5a0e1e9c47a86f4
SHA512 10c2720172821798ffeb9c21fb9eeefd17d57a75ce158b8360361efd146fd659f48581d3d28b41e118f4431028653709f9fbf51f59c604b5cf9d232b53fc20fe

C:\Users\Admin\Desktop\StartConvert.txt

MD5 b20dab057c7dd91e57d3803efbb462a9
SHA1 d775b1c3bef7cb0744e635a617518ea0e0b2da2f
SHA256 c358118db8925ead520d6c3293c7545c269e3eaa6f9f61fc479800eb2b9f23a8
SHA512 6dd83cfa921fd16323d7f397bd3ce7f3615e8b16c54722716486f417e61a730d50a0d6e2374492e781c3e64e3f6ff3bdbed52a122fd08dce572624918a152840

C:\Users\Admin\Desktop\ShowUnprotect.exe

MD5 068f34169220e74fedcbf6c0e92a13ad
SHA1 39c428360e9f4055da3eede370bead79379b61cf
SHA256 4fcc4448d7e1862a0281d903409a64f6121861cdb7fc80021ae7abf688be42de
SHA512 fbc825dcf25f75637f22152fd42e4daddb99153f7cf2955594692cf71c609538f5713da5fcb81b1d4afb5a5ff6b7bc99b779c5f18fdfc327ce5d5bc04278538e

C:\Users\Admin\Desktop\SearchUninstall.odt

MD5 8eb2e492014ea1ccae0c18c21549421f
SHA1 345f8c9fd1f829b48fe5da9e34ddfa972a058506
SHA256 8a3402abdc9b2340c6853266367d2c063d5dac80ca416da7e508354b4f001fce
SHA512 1ea8e7f54ce7dbefcb01680540ea4d37903ba72dfe915b435a3185a81c6200458275ffd006a76c9649210704cfddb058fee89a7f5b74e77a24ce8d03485120a6

C:\Users\Admin\Desktop\ApproveReset.cr2

MD5 6a7ce7749877c86440d6f1a872061758
SHA1 d5099432226b66cc979ac969405a6fb6371f37a7
SHA256 31fb863049736f890840a6bb299605136e41820683d36a438c2c117e8c86ea69
SHA512 649eb516bef8de0781a1a26c9d2ebc6ba044659882cfeab607871fd2185261dea556a93cd45fd00fcaea9dc1091404c192f024715607e34c4813ed46a7875347

C:\Users\Admin\Desktop\ExpandUpdate.mp3

MD5 f34feb79465bda2ebd0c3256b84d4b63
SHA1 88fea84a0e96c193b84ef17dc210c54c78f9dfbc
SHA256 cb8d621c693cfd5f07adb0c41a8034936233bf0fe5ea2b74c37ec843683b92a3
SHA512 0d75b98a00731ec3779846dc12961d39529509d29eec3713cd974d2c87452848585390f41f0df53b26a49a2a99ae82e06b0454fcbe456aa153d267a9d0d2523d

C:\Users\Admin\Desktop\ResumeExport.3gp

MD5 a85a032882f2555ca6de8abc056c30e3
SHA1 696114674426e7bbdd2cfacf9bc54cb9fe03d292
SHA256 3ebc3f397430c19bd52772881cffffdbe30dc3eb7e75764af5a452c5402668a4
SHA512 bda3c0a7c1ea9b4c494ed22a769e21f40591dccaf6d37a13c2add62b0af47f501be3e3732834d94054df104977b8565c4d4ca03d3051f8689a7c6c50f71b314d

C:\Users\Admin\Desktop\UnpublishEnable.dwfx

MD5 0b972eca2eb07f2ce1c6d96f0e0188e1
SHA1 e1b659f239add0bcea8554547f26d6c51d08b486
SHA256 ec62a74e23c197b4948df14ddfc10a2203ce4abe51b7b3e7debe2736110dba6b
SHA512 5650037c5969537c47fbe21bd12a2f5c1c844c169bba4a0e7800d1d999b1694cd8f357175fa78e0582729e9f6df5fbf439add8a55b5d329acc23542580d9b3ea

C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

MD5 f271df5e6c32909ab5173b3993a8a435
SHA1 583b30d84f0cafda8e9386290498ce4686f851d5
SHA256 6bede0459737df5a2ba349f0cf44c7688a0c52a53c99a8987ba5e44c95b4afac
SHA512 965d6d46e484052ebab3292b0376b8430ff03465960903f73e520bf3013233d496d55a08a865f1a35a8c6d57760707c25fa4ef04a5f7b96f0e0493bb37c7562c

C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

MD5 9904f14412b344eb2f43ab4a29bfb914
SHA1 d5885a6d674f0b0cd437e505912e53f131f873d0
SHA256 5560a0439143d149648445d1e4429daf22b4b8a7d7e9ac6e5f7b27ad4fdc2e3c
SHA512 3e352f8cccd2c652b80b47d8e267c3d7573f1c694aa973b142ec68dd0c6eccc028cfdae7ea25770a0553e164c652a71dd351c1208c191104dc5382b77f3477b7

C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

MD5 88ccfdbc30f42f914624a61d55c4420b
SHA1 eac9092bb8462952c8fea0736e898b42cac2ac02
SHA256 84a832cc5fdaa6b440538aac3b9dc1d3b67f7eb0e6879ef6930da0d3b9811460
SHA512 6350beb99ce9979931dc535dc7077572c45749e1b7b5643505a0a6e34f27c35cc907dd0ab36ad6b8a4625c52573fa6cf44e92b9330097d3c69f07449e0d97620

C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

MD5 b2a5425f37d1e1e45bba6ca4f1700871
SHA1 437f231098aea6925f878520d63fa02d27cb7031
SHA256 2aed6333a8d59f94703a48c2214d47eef24b9b7aae696e8b257b53bfba2b6322
SHA512 244a20b3d32e7b49df9a2e61f42c76e0928fc7d6c33a4bf484c92da1194aaeb9f9ba3d07cfee11338630ddc70f396eea9a3971651bfe91a82df88c6ced735e59

C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

MD5 7691bb2c02a624ec52dc97fe80e9fa24
SHA1 b57b8cfe74df67d9f394b694833238b701f7c63e
SHA256 4f78642fa11b0bb72be819dee3c3f688d51323e6a8dc2001bea2ee2689390a00
SHA512 19afe960c65cbce5afdee3c9774a50c7807da5251cb15891f13942ab2ff90cda7ec67fc56853623c9233bf7f3a95ed6ac32bcda29630586c898232ed00ca4f98

C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

MD5 6671aa2ea098e5e2b2098d52cc20564b
SHA1 74a190a4a6e99e4c193c23802d8802f48ae03f68
SHA256 f62c713dc2e23de5343801b11f8a8bf5ed415843ab84e177f7b0dca13fb47975
SHA512 5aaa0ff6b2e72376c6baf39a54dab8dd6d166215d73cdb475156a83b8c6443307d4a49033e0059c5d5de93ea0b0d610da97731adead047014aa48a39d1863eb3

C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

MD5 86cc8c7629a8b57983abaf51790ffde6
SHA1 136c2046936ae997d1c844d51c40f4842d7c3adb
SHA256 903170f5daf3eb72bc2a788b6c4584b6e1b4301630882ccf8507522121f80149
SHA512 5fe739fcba81b8bd23f49f382e4a2b08dd72141dfa0c9a7e9fc49f0686af2fe54c4ce5424e58a53f3ed4ed19231dc5e1c7f10025c270de0bb099b10b89e574ac

C:\PerfLogs

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Desktop\vcredist2022_x86_001_vcRuntimeMinimum_x86.log

MD5 85508b50d0daed2a011532e26a036771
SHA1 324b5da9dc50f5a7fe8b80249d1af601557c003f
SHA256 7a6bfb27c873171afa9908559fcafa6015d806165cb8a36210c3981e3733e961
SHA512 a907f5a2b781e82b0d100126482fd57fc904a614658a62ed31f52c0538fc29712437fedf665f616def17b131b36d32ae02f73cb8c9f798f5acf10d990f884f23

C:\Users\Admin\Desktop\vcredist2022_x86_002_vcRuntimeAdditional_x86.log

MD5 dc66665f8cb86091bd514ac5a3f1a552
SHA1 f0f36de8c6d852bdc4d3287cf72f446765c2bfd9
SHA256 f8645173229006a3e8b661bbc9274f385aaaf8617b005af7e084385e958835cb
SHA512 4ef2dbc0399bf9ef9e1e6abe173d09f6cf84e9b5cced843d0d9115019e37c73a11cebe640cbe504b81c70b578bfd4649c0e113d67cc6de1ef6accb29ed04340e

C:\Users\Admin\Desktop\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

MD5 8cb0c4d6789ed409b51da4f3ea6de8a6
SHA1 5d6d6dea6bf5e9e5cf5dcf19a545a3a7ab6d0f72
SHA256 eaf9189451aefcf968d9b5bc0b2106c8b3e3beabb7f7ae2312a96eed2b15b56f
SHA512 1c05f43a2d0a6c5ad44cff4cce50b389aab501d5cddb961f4e8fcd404d66f79a5ad304ed6daec9eb536a821d131e63e8366b10ca8182a07072c134a77345126c

C:\Users\Admin\Desktop\vcredist2012_x86.log

MD5 3c857fcdf7fae64150e2bba0c587ef56
SHA1 c6585df80bc761521228d3e72246244a8e9ebc30
SHA256 8298510ab3dc90d8d55acf17dd717e6a4c6d4e7687f239839e14e075f733c433
SHA512 610b1b15d4b2b03ce4e4cf493b662e392173d8a5d793bf0cc1e9e900d404577ee17dc73ca46fb11941844977e18bcfeca2af76abcd5c3789ed8d377a17d553c5

C:\Users\Admin\Desktop\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

MD5 a75bf1e7b43408483bf5f5ea42478bb1
SHA1 0f597906392fb41139c38db24e9cc6c82ef8b94a
SHA256 ae53285f73b23d93529584c9cd85dc6a7d8cb91564198b19f66d24719a3fd473
SHA512 5a4d6f73242d55b497570b41772728c4b026c2405b64f665daf7b7e8e1656d552c2b778168ce9cbec7dd6441da4c7d1427b866639b4815aef71eb72aa70f63e5

C:\Users\Admin\Desktop\vcredist2010_x86.log-MSI_vc_red.msi.txt

MD5 0029282d98ffb069429618226e184f52
SHA1 e4ce3ba875690f47e1ba5d053b040c404f3b2a13
SHA256 735ff741fc8a4d705e7e2dea60267826b37f092d75b1cf27e1397dfd617dd799
SHA512 ef6125ba7eba17a3fcb88af6c974909ff3e90850c997c3d0d6bde614c6ea9ab82ce85ac269083563b73a6e933f179725df9bcaf24060582650cee1cda7c94666

C:\Users\Admin\Desktop\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

MD5 437be1a7568d19edbb1693cad46202c3
SHA1 df42a71a6be98841c981d7aef86a0e3fba4718e3
SHA256 95005c54bb0d766dfc78d447d1da7aa48162468aba7b42d5ccf05312b3876054
SHA512 20802055ca1c2c775d243bb48917438f3fe3a75ea696f2258a2adf6d4e686653451c1da053b624ad6fcc84cdae5d98feffae9ea0b4d66ee995fdae704cf56f1d

C:\Users\Admin\Desktop\vcredist2010_x64.log.html

MD5 9e63350907c31bd23a61f935c25960ca
SHA1 edb51b76a269de76bb658500e30ff117a0466233
SHA256 d168e731756363ec91c68f01cb9b76aa88bb09c886b620d46b261b15c88b4d1d
SHA512 1de8785122f19aba6d83d975e168a3c077d3c147f44c0ab31293606bf944c33276b2b9a09bef2e41f445c764b04498656ecaf8b9e99b2b8f8144391004b4ad48

C:\Users\Admin\Desktop\vcredist2010_x64.log-MSI_vc_red.msi.txt

MD5 eb6b3a88c6bd5adf72be2957edb005d4
SHA1 ac75bd7b681e6c415b5152324d0bff2e54dd63ca
SHA256 f9e66f12d10d1b1f4230b16439c11fdfc3e8c8e116f23270544c9744806d4807
SHA512 c06591edac1db8b35e62b4fd19f51abf2d861551457433c2b6154d218eb74ec6242a98cd533fc40fb142f70299ed8d525251c404320e568c7f1f893f540f808c

C:\Users\Admin\Desktop\vcredist2010_x86.log.html

MD5 a3847f779adc582c06f7464666685ab4
SHA1 188717650908bee35986fc6bc01686169b9c76b9
SHA256 4fd37b7b9aa118b80b6ef85402ea98cd6d55c9ff57085123b359048a42951644
SHA512 91d6bd7cdfe850353f18e68c5dca1f7a6ae8883d671c692db702ef406e8f07b592cb0b8e1cea89506f00820c8cae0269777fda21c584ea1d04e8e4e978dc1758

C:\Users\Admin\Music\TraceBlock.rtf

MD5 4d545579f6c640dffd42f95f4c2f2fcf
SHA1 0949c3e632e98f64761077c53054d0299a9985ee
SHA256 8e2abcde532ee2bd5e440e3160aaab03cdc5061d53d086f639a47725501ef99b
SHA512 87c0c2b25223d3d0974058d7e8075fd4fbdcfb5baa64184809c7eee01a832cb512f10efddf3aebd5e46e68e5523b6d00c304f79e55b6cdddbb78c4c56f7bc915

C:\Users\Admin\Music\UndoResolve.mpeg3

MD5 975d40749265af4bef535df09ca2f0e3
SHA1 d9ca3c9c858cfa555f0385b0c8823a82e608183e
SHA256 380fe0157564d2105fda945af86aeb8d3ab7848dfc15e92b42e8b8d592affe18
SHA512 b92b16dc7464bcf961f22ca7e0d0d8c494e91918e7674cf77703a6c358cda462964ba72fb6b65874b8f9f6263d24229332dea4621e8b953d88b661fec5f1c0bf

C:\Users\Admin\Music\UndoUpdate.MTS

MD5 62b0cdc0a7a7980f7540ffb6b9ae79fd
SHA1 586a7daf2bdf6d8885c3972c3d8dee5dd433dd4a
SHA256 1c7cdfeac807fe40e160d72df832daa3301db11628f9cf064a3dea66675666e5
SHA512 85a4bed96f668d2faf3c81130c3ff50342c819a6e09ed63df79b7ed21f1f80012bd45c0ed10edd55f7275ce88e4b71b7e18af848728a34dafc1feb41b0e47cfa

C:\Users\Admin\Music\UninstallMove.MOD

MD5 87f391b1b49d02cbda9eb5d6fb8cae73
SHA1 b3452e422bac291da2700433f7b125d46e915e01
SHA256 62d9755619dede2b47005c4489b7a2665d575573b6944a9bf0a9b680e601ab5b
SHA512 40843ae85d1e29ead112a8efa4d1e1d777bcffd4290c41a551a77f1165f13717fdebcefe10f639f24af6ba06e0ba05506feaee27199c4b4554335d9f2a8db128

C:\Users\Admin\Music\UnregisterLock.mpg

MD5 d9a1f00153baffe41175c4391b3ff413
SHA1 dfeb55b7cbaf295e06630db06dffcddeff83bc8f
SHA256 36075ced48b75f8c808d3491e4ca082419b44d670ce02dd9bc1d1233edcb1e16
SHA512 7231b161e7f8689dceff8738db5f1c1ff75a86c6fc2e19758b3ae918a466090aa98c6f7d5e8bc3231809b9ee90e6f19acd37a0043d354d815273ade8fa691905

C:\Users\Admin\Music\UnregisterShow.raw

MD5 25cc0b1a6eef8619e1129462b9d51541
SHA1 ab2f5b65f6b68bb5cb544ea5386c03982bbeeae3
SHA256 9640f8597ec2b5d7525bcfe54de590760780c5f741d29b230c7ebad8d88e47d1
SHA512 5e7d544bbb5d62af2ede5f15e03a4ffecb1413993f5fa8d7c15f03a9714688a47f0ff3445abd7fbd4a13077f44926354cc694dc23cca8420ee5a8455d739b0d1

C:\Users\Admin\Music\WaitRequest.mp4

MD5 9187435e748996055c4865d01ed39f81
SHA1 b9f37a5d9d86c8198755c0e7a8e05d917354501b
SHA256 53b6e790ce54ff0d12ad15d236772f81524409fffcb3768bd64ac877deff6620
SHA512 ccc27834925b4d151392bd2f626053dae837079b20cf92ecd8675094bc547a1a4a80a73897c3992ef247254563bed04699231962a3f0f035b55751b66699e308

C:\Users\Admin\Music\AddInitialize.ps1xml

MD5 10a145cc2c8e4b99b9ac276c70897d32
SHA1 ccbba1ab285f746523ef5940f675239660068354
SHA256 c887b946b0a07cd02e41ac9846a6216aaf6c8c048785fffe263d1a539693914d
SHA512 b268df66845b47b5e76cc97f8cc2b3be673347ff77da2e9c72f3b334221ec95cf2202b46a91baabdd8150c10ce8865fda3e765106b8e97b979121c58ee8d30eb

C:\Users\Admin\Music\AssertSplit.aif

MD5 0f7cd5cfca071fd2d5d7266dc7c71778
SHA1 5745394a11ba69fa059d6134fe59350390a3796a
SHA256 b1bd236c53e75810c871a09af01b1561817cb89cd73e0b21171f30ca6a49aaab
SHA512 cb9997e459f574848c34df56fe17e2d5c0fb77d991a08c986d3c4a6ac3cc5f82c8ae654c76c80652b6eaeead86f2b06382ba04cb20193968c6d4051afe085de5

C:\Users\Admin\Music\BlockSplit.ADTS

MD5 7da2e1f76964e2a744b0106acc58c867
SHA1 fe170c7ba6e87df543c41f1a3b8958559a526509
SHA256 057f5ce7f01099192fac5fb4ccb537a979817dd7d429e71d1da16b71f35cac61
SHA512 b9c1bcb14dcc0e45d103c32c8d20eee9f009548b5741d6c82cc531bdb2add8ea6ce6851e1c3b12ee44f6534afb71ff726133ed24992fd3acfa2168a7d4146c7a

C:\Users\Admin\Music\ClearSkip.zip

MD5 6acd126900377faa80c7dd9849bf2984
SHA1 e8822704596e6e9dd94e8b0c71f69081cc3116cc
SHA256 94a118d85916a0d7dab5d3161ba0967e821d01a911f5906f11aef07e72cf3b4d
SHA512 53877a625b288147e10a9d7d74a8fa8723897495f7f3ba91a82070a16ac96d78a02e22337224f525fa93361af6a6bb8a0eb3e823d01151e49843803b75f1cc2a

C:\Users\Admin\Music\CompressEdit.html

MD5 54d1f215a99e38128f3a79840f4c20c2
SHA1 d198037e3b0f9c70faf677515c13ad42f026ff66
SHA256 61ca4c9c1dc39d8c7795c2ef37e97cd2972f88c3c737cc9e53ffbb443dedb7c3
SHA512 51d44d3e4a2ccf76557f9fc1c93ba064881b9c1e691028ca8f28f55be192eef97fda21ec9a38cace4e66d6920383a6cd5791298108be26118c899343b137c789

C:\Users\Admin\Music\ConfirmExit.aifc

MD5 d77bf5618fa99243e857ca9aa0438f27
SHA1 3fbc941ecd58cf754a9d347171cd626af70f9799
SHA256 749c9719ef9cd62c4ca6ccf5ae0641c5d5daf4c5df430ff1621f3de4cc1c87d5
SHA512 acf633117c8c1b277b6fd67b16a8c418adecf47e3a4dffea5b2cc9b05260d6b1b17d3dfc0faf7e1e040b9a74a95ad46ab2d38cb3eef20a774f0610004c70fb1e

C:\Users\Admin\Music\DebugStop.aif

MD5 e58dc772d6b8d6613461d8143c9b0770
SHA1 494139f819722e8968aed2dfe748453c958e7fe2
SHA256 7f3180d1ebc4033b46392e9e93ee6b425bf811e9c7dca2e7d387d2c44c85e6f8
SHA512 1bf68f73e9d11484562919f2dd539b7632091a2c2c308c7b7bce7e6b07b3e6a206ca992014ba3a654afe3aaa746281ba4b6f14f8799f136fa602c8cef1b5fa7a

C:\Users\Admin\Music\EnterDisable.png

MD5 1501d2dfd0bb1a263157c47cf8b79e03
SHA1 8d240aa7561f756f2cf18bbb4d8b02b2157afbe6
SHA256 eb120532c40581deae12d8f7d60b3e80136c6d511d9f28789f8f5c42f4cb40f8
SHA512 e0b3576ba192e3173d5f0f1d4327f21a0171dab92834f99e52ed7f0bcbbc6f479c093d2d7b43d45634f87f510fad5b69c5bfd6149cd8e11cc38e0d560dbb4c34

C:\Users\Admin\Music\DismountDisconnect.aif

MD5 80365cf81c80802326f597a65d337ce0
SHA1 70db518623ca151f55ca475b934583491f8a1d33
SHA256 80d706d1e38fccc07fa7a9dcce241840091749241f55fe44780fd9b472c70bb1
SHA512 5384292c0998011794c97fc0f071a2f712ba15733288a192bcc2243d57a0509c6823a477aa13d27f95b75a1062b0a09ea0a2e32adbf117e29bd23ebfd1e9798c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 11:29

Reported

2024-06-11 11:32

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2968 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16331094621321509042,18379827983363856975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4428 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2968_CXWTQFJWHFQNWWMO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abb5764e17e72c697d5b758d7509bce8
SHA1 cb26d0c4696fd8a93287244b19cb5b73c5c75c1d
SHA256 eb80ca9fd7731b557fb2316d5661261876a989004e83cce927e10b4ece7c871e
SHA512 b74a2dc12817f9b21db01494c83ad070bb4e7bbf9eb7fda4eb2c68cacb17786e3ff99209bb5e7e1d17f3ce8025d17cce3d93e4dc89e789d6364f5dc8f5ef5ddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bec8c79cbd3a59eacfc4af97c21cde9f
SHA1 264e27d279614a5c8ccb5d216cfa857da3b84b23
SHA256 5ddee0bf2e10e268335b504d0489f66b2ba079850b6d92cbed87eeb80e8c4b10
SHA512 99d0756331ab423e95f55c165e22cfe2eb67534004c3b1463f6e63c8070165b3e1480984d39f5e00f3679302750d2afc0ae3679c9777aac334aae42936432817

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389