Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 17:30

General

  • Target

    .html

  • Size

    6KB

  • MD5

    1e123a0a0f7bb89fc514d60259f681d2

  • SHA1

    54f8c9724f591c11108834b9371ed23a1837cf99

  • SHA256

    ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2

  • SHA512

    d61e63512ac826c89dcb3ccf4b351fa787108da3246133c78e528f87b68e03a2fbe9c66112c10b7ce89767d2c6d006a1f8b6ababd58dd2eae0b4aec52996b5d2

  • SSDEEP

    96:C+9SKSlgcJcBar/FNQRGhz0vLmerLcaIN986e0wHmaAjlSWHFDyNKRydro0gkb8D:wlLIYUEYTgNCbxJ0

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
      2⤵
        PID:3120
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
        2⤵
          PID:3252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
          2⤵
            PID:5064
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:1808
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:620
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
                2⤵
                  PID:1008
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1544
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4932
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:3692
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                    1⤵
                      PID:380
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:1764

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        a8e767fd33edd97d306efb6905f93252

                        SHA1

                        a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                        SHA256

                        c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                        SHA512

                        07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        439b5e04ca18c7fb02cf406e6eb24167

                        SHA1

                        e0c5bb6216903934726e3570b7d63295b9d28987

                        SHA256

                        247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                        SHA512

                        d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        5KB

                        MD5

                        13de370f49d67e49a880fd92fb07c331

                        SHA1

                        b14ba5efc1c8a4e69d84b4509594fa0d838e9227

                        SHA256

                        c81fcdbdadf9bf0143a1a23d9def2c70c755fcdbd14e51030fd595a5be8e6a7a

                        SHA512

                        9dac934b3bc99b19e7c4d3ba2963a78802f0b55d6e34efa589a52d351f164a689cee10b26d41a892c726c275741bc1a022b09009aebb9e484e01130006c5b75c

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa2db07a-f4b7-409e-8f94-bb056ef700dc.tmp

                        Filesize

                        6KB

                        MD5

                        01e7b63331e78ae549416968fc5785bd

                        SHA1

                        c2e0d5f91014c0dcd9838db56542f1af5930ce78

                        SHA256

                        597e4316648b05342c957be5ae769a5507b2ee362987b383fd2c29c3115236ad

                        SHA512

                        1b6efcff96a8596765997b87b197ef01da8cc416896b479e99f7c3994397e30aa3c0e788562d710930501824d68918162d2f2f07f7d3cf463399bc8d8d2930d8

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                        Filesize

                        16B

                        MD5

                        6752a1d65b201c13b62ea44016eb221f

                        SHA1

                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                        SHA256

                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                        SHA512

                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                        Filesize

                        8KB

                        MD5

                        d80ab6cec7797772fc8f144d9e716f51

                        SHA1

                        c0f00e1a3412b60a926ee5eeb1412b1bf0429af4

                        SHA256

                        48244f69e93d41109ccf6a42b497e3a2a246b53675565577001b481d156b9414

                        SHA512

                        232680cd84d576f0d2713495fb7a5e7674ccebd19f9e460fba27bb41407bf9dddcc59d5fb00223483fc83dca39f34edc24ec3591526569214fd0ede2a5e622b4

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                        Filesize

                        264KB

                        MD5

                        f50f89a0a91564d0b8a211f8921aa7de

                        SHA1

                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                        SHA256

                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                        SHA512

                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                      • C:\Users\Admin\Desktop\ApproveResume.dot

                        Filesize

                        333KB

                        MD5

                        c05164eb02cc30b5b4ae8037fae5bb10

                        SHA1

                        647a3138b5067de48cfd4fbc52426e809feaaacd

                        SHA256

                        8db36474a6dce12b7dc993fb2d5e53f4d70adc91c8073696365e941c4c534a65

                        SHA512

                        2994a06bf281a6c45381e6251571798ad5af5b06699b42d3ce29b6dd2ee34b65ca2af23be4682ddf89194b6eaa766d66fe8279178e6662ff1da741b387c472ad

                      • C:\Users\Admin\Desktop\BlockConvert.vdx

                        Filesize

                        216KB

                        MD5

                        4f490c7e40b28fb90108992acb810a40

                        SHA1

                        713a4652797d4992c2967b2bde3dfa6d5456bc42

                        SHA256

                        4d133edf985eb3a465d6a9d2e4ccdb28280a3467ce20948d75bf4e413a441cef

                        SHA512

                        501c24066a1e7a06eba0dc62a4993413025ce0732f9840e5b2dc991d94916cb2b6f91f2edb459f3f984785d419b9a90817ced01cc4cc8757bd84eb0e9269fbb2

                      • C:\Users\Admin\Desktop\BlockEnter.TS

                        Filesize

                        466KB

                        MD5

                        7355244e0c444be353ae667f22dde1ce

                        SHA1

                        e730d53dd4e88acc80cf8f725e134fe06e69bb50

                        SHA256

                        615a92b86738a8efff56fc73e465bcd51a4a3fe499494264c41661ab3dfeb701

                        SHA512

                        a687871645bf0383dfbe6fc299170c736feda33ca7dc27a074fb76b64be8d93d8fd9236327bea4ed143de21d41cc21e20819ff3ad84dc131c6c85a91e9ef257e

                      • C:\Users\Admin\Desktop\BlockRestore.bat

                        Filesize

                        583KB

                        MD5

                        48916b8a8b8006197963d14f769ce585

                        SHA1

                        9170e0fb6efd8c18eda880dfc677ebe07b0e5c9c

                        SHA256

                        26e32718296e89ffd3586d6cbf5070a38fde57eb9dd93057797a38ba47ddc3f1

                        SHA512

                        540934e8004c7053cff1af8e591c5cddc792a53466d4398f5c4c795a92b9fbf41e6df32bc8d02a87d09a3858712ab7587d06634c372fd9bcf95df522014b2946

                      • C:\Users\Admin\Desktop\CloseMeasure.wmx

                        Filesize

                        266KB

                        MD5

                        ba909dc7800e20fd16e8c6476b126fac

                        SHA1

                        b017eba6867fca1b14a0c95b5fa7460f80261b06

                        SHA256

                        ba4c49d4ac974ff1e6c6fb41e32d01e448c0970801e6d9ecfcfe123a5a0c902e

                        SHA512

                        d5826b2690501079897314b5a8c933f438a1dce7560b089999bc8111b8dac07b40be160e4fb5586e3a936da2423295508508162a78f7ee855ebe427c3970a135

                      • C:\Users\Admin\Desktop\CloseProtect.ods

                        Filesize

                        349KB

                        MD5

                        c190b27b460ff4a2fcb336c2d86a0a8c

                        SHA1

                        c3a56c339eb9ad6151de4876d6df9d6b8a24e7e2

                        SHA256

                        f2b844d6b8f2202b73323c4cc98637f51dabbc8c7c9329dc1e004a86258d44c8

                        SHA512

                        5a6361220b069b4f6b7634bbff2201dd1a83d7cba61dd8da25ffa437848e042f314d7370b8bda8a8b2fc114a7f26f514719a9409488bb67176eb9ff70a5f7c73

                      • C:\Users\Admin\Desktop\ConfirmFormat.emz

                        Filesize

                        316KB

                        MD5

                        8ded5fe14be81f5289b5e77cbc5eb028

                        SHA1

                        53784d517a5e34a4e42e1dcc08660034f6d4fd78

                        SHA256

                        93b0a46336080db10d9591c2036045f89070cb5a8d4daa8cbec5e1232e728e75

                        SHA512

                        b2949823b364c7c89577c239f0935a831176e69783385f9024741c500ae00b323c0569250578af2b0970c1a1a6fc98c05c1430de0fef7cdb7a9e05f84c686880

                      • C:\Users\Admin\Desktop\EditFind.vstx

                        Filesize

                        449KB

                        MD5

                        2c40bf2c82c33beadaa2054ef0ffa802

                        SHA1

                        58c5b1b3b30d3897cea3551ccae7e25970f66428

                        SHA256

                        05e9b9d790311a93b38800f5bfa496427995d3be0f3695f0fe6471121419c619

                        SHA512

                        e83e92a4e632ab2de26cc1646e7bdc603172de09e0d19d13c805d12ac1e4d6ce4c3fe310e445e447c0161df68ffbdce5f8e36d45b8d884d75dc1ad48519b0369

                      • C:\Users\Admin\Desktop\EnterImport.MOD

                        Filesize

                        516KB

                        MD5

                        2c8042cf33556b3432a7e76098bbab66

                        SHA1

                        d6b52b0301386cee1d40c9878ba5d33bf69f1ea8

                        SHA256

                        0c6e0f4d494a3e26ee8b4b53ab1a2ce182c11c80970771aa733bed9651fbfd36

                        SHA512

                        6894cde5ea90ff7c40464eb185fe9747786bd7c561e7cee955d92ded565dbd490b271ec8970ea88bb3e79439e1801941c6eeaf022b2637f30d5a30d244ceb52c

                      • C:\Users\Admin\Desktop\ExitUse.mpeg

                        Filesize

                        599KB

                        MD5

                        2588a4a1ae545d6a6bb58358fd37a6b3

                        SHA1

                        7dadc4af9d2aac52bfb4e755baefff1959951df2

                        SHA256

                        f4b010f71545605b63b4524841048d1bbbea687009146c4ef75cb6f3aacd88ba

                        SHA512

                        e640e52c370a75f6f5f8ff4c65cf890d1f39ee9717afdc85833c67d590f4bd6baeffcdaa72f11900c4913a5d40ae74f5790e2fa0df2d4e590870e7fe867d7b5f

                      • C:\Users\Admin\Desktop\FindUse.xps

                        Filesize

                        616KB

                        MD5

                        72a5ae162fbb45fbbe8cf7159de6d958

                        SHA1

                        d9255594538d610d18481e82c930f284cf972ede

                        SHA256

                        deba70fb0d454eb1582a15446beb21700a48586f1856533272ac08a3cb67fa01

                        SHA512

                        de7269381fab151f6d10d2dd39330efcc5b11003f83f7956fb7fc10dce5799e26e2637480f07adf47cd766b4b88e885ed450d0fc01be91533c1a6c1f2fcc055e

                      • C:\Users\Admin\Desktop\GetCompare.sys

                        Filesize

                        283KB

                        MD5

                        76e36ed15495c496883e12ffe0514296

                        SHA1

                        f79ae26d080c03d1789c2131ec9b16fd33cb8dc7

                        SHA256

                        3f559244a28b84c2844e40e8b1577c23236bb2b9211aa86b76ea0e5f345c248f

                        SHA512

                        c94af132dc20cf27e033418e4c95c6a0c0d48b832b0d3614a0ca103f38079413b5be7e46154cea88a840b0af31ad86922ab9da9e884f8c93d2cc8e9b951a9e6c

                      • C:\Users\Admin\Desktop\MeasureTrace.vstm

                        Filesize

                        299KB

                        MD5

                        1b935145bed4e7f93a6fb4dd4c3a4576

                        SHA1

                        e880eef13da9d9bbf43d04b03e672e5af20899a3

                        SHA256

                        9db5d54c9a1c90250576b0904a3d61f0fd9365487a920a483e9d3f708ac36cc9

                        SHA512

                        bc4eb01e9c3ed08fdeb328b13ad0fd655a1327394dd8a2b5a8678240c301673993b2cfb5dc09e08f1391b32af7b347fd84d038a27107aa077498d15f1542a656

                      • C:\Users\Admin\Desktop\OptimizeRegister.xht

                        Filesize

                        849KB

                        MD5

                        b4dace1fbfe2ee7d9508df415274c66c

                        SHA1

                        39e163933003b3f98ab0b53143fcb3a7d21fa188

                        SHA256

                        4a8bb927697446dd474d52200ab95177049e52676522a5854dfc240e67612bf3

                        SHA512

                        849273536a01d53bd9c2e2f5fa0c925037d115a5ca605b107c7646e3682bc2a2ed9ba1e4fd5e2510ac5ab7b350c9e561c602e1d527bdb9473fedd6dcdd14e611

                      • C:\Users\Admin\Desktop\PopUpdate.tif

                        Filesize

                        549KB

                        MD5

                        9407dd132a34986f5cc9f67376138807

                        SHA1

                        2cbd59a76aaa9edc9348e5885743cb4e07113409

                        SHA256

                        2d9fe10d7ecc6d4857bac2f7d6e7664fab8ae14bed7e0b88c7648b6e5636ead5

                        SHA512

                        db08f60ccb571c339b988d56dad5e08b098091de8396ba1d4e6b3fb6e5dd65ee99f598bf1e6cef270813e44e9adc65a348b76a2dbcef70a7c489a1a9cdecc691

                      • C:\Users\Admin\Desktop\RenameConfirm.vbe

                        Filesize

                        499KB

                        MD5

                        abf6091160a02ddff781a3547225e22e

                        SHA1

                        0820e6dfbbe0d2aced18c09b67ad6f8760e341d5

                        SHA256

                        8a8273e7d64f509eb7eab806f0cdd3b12876ac9f143d49fa534804f3b4182320

                        SHA512

                        0f38947eb361e6244cf6f52904268aa5d5529342d2c4f8c0855c9b1e6bbef3efd6bb4307a45e8dacc8a901fefaacee481b3172b73d8d6a4e8261187ecd822e45

                      • C:\Users\Admin\Desktop\RepairResolve.vbe

                        Filesize

                        399KB

                        MD5

                        9a60f4fe21a65554807d9f2ff2226478

                        SHA1

                        3ef9a43f60b80ec9adf990af50d10ee7e019c63c

                        SHA256

                        e396ef4dbb38a83dc28b59cdbdbd507c97212c413d7f8ed914e1ccd201d41d98

                        SHA512

                        954eeaa76eaaf676f545acff75d848c8724c3116b95cf3fb643595bee87ca24d765c0b1d6827915e672608b5f8b8177f61108f61be1bbcda614d487131e72dfd

                      • C:\Users\Admin\Desktop\RequestRestore.mp2

                        Filesize

                        233KB

                        MD5

                        36572dcd2189dd54e444ff0ebadcad46

                        SHA1

                        4f44147a4e166df5cf268632dd90c76b430e4534

                        SHA256

                        b6f1a175936e441f047b155aa06ad9375b3b2cfa9b678bb69f338a89232f4867

                        SHA512

                        301ff5ebd28b2edbaeec5c540d858e871cf6f4b4ea3513c92041c04e89546c5e5ba262153afaabec4fc6121ea02da00b11d323eabc30ccf81bcdaa96217d8297

                      • C:\Users\Admin\Desktop\ResetBackup.potm

                        Filesize

                        366KB

                        MD5

                        4cf9a7959f24cdf1fcf045b77d1ca38c

                        SHA1

                        f9fe87d96696c456ba7a58b96188bbc5b1078ec0

                        SHA256

                        e1218c4d95cbf014b73927a57c08150c5ccdfd344be0ab66133036b953c9bea8

                        SHA512

                        0cb294419348930d966e4eaae7f5e4c98d0c2682e8f7670d2b3a3d8b2e66a02393216a32006fcd4eda1c6e43d2f57b2c7f8d01e62d0175e7dbfb88492d490ff9

                      • C:\Users\Admin\Desktop\SkipOptimize.xhtml

                        Filesize

                        433KB

                        MD5

                        2862fda66ed719b4a65e899dd0a4e728

                        SHA1

                        c56777247106b5183b87c860c2afdf7660fcc9c1

                        SHA256

                        93eeca642153ae0e96e793d66bf6b52fe037dd0edece76df34b7584f1c8d8a7a

                        SHA512

                        63cd957b953c3de5e331506e19fa5cee409ceba7515c56865246ec678da6fd2f10f72c845d3fcb9e53f48926602ddc4cfcc9d356e4af3416e3e95c7771533fc4

                      • C:\Users\Admin\Desktop\SuspendUnlock.css

                        Filesize

                        249KB

                        MD5

                        25d42fc7ca6ce017cc851614b1c6514d

                        SHA1

                        d8f25c6a5c6151f7273b0b6a85b536a92b01f410

                        SHA256

                        74c35713ce1e8d31722d197421ba6b6fdee909df0c93d8946567784250e37f34

                        SHA512

                        b92cb3a7279e0a994ca250007f38fe5f52ba2503c31801df4d2ae4ed818235ace3f932c9c456cdc9b4bda248c1b12084fd2d944c00df4418be303d8167d8000c

                      • C:\Users\Admin\Desktop\TestInstall.vsdx

                        Filesize

                        483KB

                        MD5

                        83324885e58d852fbb792b437bc6c385

                        SHA1

                        6da9fab63f1303cd40b5d02b8dfbceeaee8d5def

                        SHA256

                        fb3511a9ead194113a437d637b7d2f34c31cc9327ba2a9a51fe31aa6874655bf

                        SHA512

                        b0c08ee514105a9e9de85d504c05ebc3e03d600a950f53941f193a78d7e4f9dd802cb239cfb9d4e9d353ef339a67d4951f7d466027c28593e31225c418be0577

                      • C:\Users\Admin\Desktop\TraceGet.cr2

                        Filesize

                        416KB

                        MD5

                        4aa06a4d9ecac0b6abc5c57f9fe52e9f

                        SHA1

                        379d4ffb0f994cc2ba1bfc551a9b73dc7975d63d

                        SHA256

                        bb1767e56bb30d11d30261f1a30fbae7c1052ebefef5a59875bde2229bfd8b56

                        SHA512

                        4522e7e73dbb5ba1caf6b824cc71865a1d335d2458a130e015067f1950fffd4ed14800894b2cd17d5207d5feba48f85e06e4397a6fd6be8faa4ed8703b08579d

                      • C:\Users\Admin\Desktop\UninstallGrant.php

                        Filesize

                        533KB

                        MD5

                        3348ed3658eed644f3f81ea59986fc5d

                        SHA1

                        9d6a24067e37cbc1427ecd53985b5c4fa236f636

                        SHA256

                        4d512e8fbd2660020721bfd8a34a043666f11647573ab4eae1457ce2b8c25191

                        SHA512

                        f3dc0683cb56af6d39d2ec130671d9aa0307a1ad482c24defedaeeb6acad36d7969d814a91aaeadd4775b2f91cf540dfd3019c646699eae023141b875ff5a225

                      • C:\Users\Admin\Desktop\UnpublishConvertFrom.mp3

                        Filesize

                        566KB

                        MD5

                        c02f9c163fad794732e58f1c68d3a534

                        SHA1

                        be92f736aaa4e93b95c29804829ce05f72509b88

                        SHA256

                        9596905d48ceb4b760d99f88abc92e946b8d748ad6bc084488b16130f960f0c4

                        SHA512

                        f20e39497ca83141930588a680f2fbc5aad8105b8ed3428c0dada9e6272fccf17684cfa9b6e050dabeaae257df8bc6c3e9703256a3961e3181a190b7ab45f434

                      • C:\Users\Admin\Desktop\WriteExit.mpp

                        Filesize

                        383KB

                        MD5

                        354e9bbaa96e87421e94ad603a5b1c80

                        SHA1

                        92afc5da4e499039b6e46277ed3b8bc687f37119

                        SHA256

                        f79a1972d0e6fe5056dcab1a646119c9c5ef97fb0d671f57ce145fb38b982c68

                        SHA512

                        708923951bda46ab5ef66f8ac5ef9b5fc6a21c04d520aa3fa7647469caafe6da96415173ea4a96d65c7e046fdfca4150dd53a4236f9a88df5902b577ee66321f

                      • C:\Users\Public\Desktop\Acrobat Reader DC.lnk

                        Filesize

                        2KB

                        MD5

                        cd2e601ec2f44b0211fae65422446e0e

                        SHA1

                        b2ab43d71e0cfd537c1a4fb17d04b82f7201b6e8

                        SHA256

                        2b83847fdc0f0e3eb695aa504d2a332c5197a07eb25b37b0e184e0e5411caa14

                        SHA512

                        c0ef50cf3f82c3ed49d23c39b69513f84c0aa94059f618a4dcf7b628ee8e67d83998e59b6c1f23b11cbca4aba5b8d46ea741dd77967ff757d5b8fb10b1da0fae

                      • C:\Users\Public\Desktop\Firefox.lnk

                        Filesize

                        1000B

                        MD5

                        61ac1e815d81f4a2f93ba70bdb7f84a4

                        SHA1

                        0531d3d2953f72dd89a16cdafcad0a2a010b3a32

                        SHA256

                        844d651080ce9319d36dcfa225504b6e77a36f00fe17693f2d9df081bdef81bc

                        SHA512

                        ad015c9f9724b6fa71defde43ace702955ed0564a873d82716f97fef8f56d2a75879c7d1ae373ae879089ed1fab853d4f08dfbcedd2cf81fd8eec69c2a11b0b1

                      • C:\Users\Public\Desktop\Google Chrome.lnk

                        Filesize

                        2KB

                        MD5

                        b912c7424324879493c771def40a45e5

                        SHA1

                        914f55b098e0d79a5285bae6d00e8a6b3f2574c0

                        SHA256

                        2db04f2f0b7deace03e50618c8b1ee26be81fba29c3c8885b41dc6898cf6509c

                        SHA512

                        2822f6ca58037a55acd4d7d4ffd22afb88084bbc192c5f98b4d454e2693027fd07e163cf908d5924950dd5fb24a26994a3e82e2c755745be523c68d4a7557b11

                      • C:\Users\Public\Desktop\VLC media player.lnk

                        Filesize

                        923B

                        MD5

                        36867f540d444fb05ba7469f61198517

                        SHA1

                        26e3ec466b5392d8bc47c49937b11bdfe30e8bea

                        SHA256

                        b0e200ab7b8320378557a7a5d4f14d9d3f7b8fdaae9541fdecab0c16f63e9f95

                        SHA512

                        d6637fa169b65dfb8f36c24c8eee3b944ea09185ccb1ac1d7197028ef04a6d0ac613e0ec4728a8cf756623bb227b0e6c108194f741636f958488ff4c595c6f99

                      • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

                        Filesize

                        380KB

                        MD5

                        a1dc533e6a460f3c6429947736329e56

                        SHA1

                        951f8e41f32924cb4a368b1afcb2064f0bed3c53

                        SHA256

                        50711908283756eeb6a9ff72f26c06089e52a2b5fed6a3717698bdc6114c5351

                        SHA512

                        8da84385ae4a1ab230e4c6e216bcdd60b4b41833689b6848f6fc7df83c4b589dd77a2c7ea4e30cb9fef988f1448da75e516b6b7316c8363c0bb671e60da7e4bb

                      • C:\vcredist2010_x64.log.html

                        Filesize

                        86KB

                        MD5

                        2caba40477d788931176c9ba9559610f

                        SHA1

                        5f594d573a165e23b3730d3cd6b42d1d118652e5

                        SHA256

                        67d84790b58927e07137ed73805b93691657d636557bbbd6ae778182d312084c

                        SHA512

                        a654c5581add01632ed292b3a3be8a389c5e06aa1283000f7faf3ae710614c831a1af20cc6834f5089d2cc7792bf6e893667462c6f8033f46772960b7d833feb

                      • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

                        Filesize

                        395KB

                        MD5

                        558c47ac9464ac57005c471082ffecec

                        SHA1

                        1d2dd97d9db3e4bd3bce170bc6b537d0c72f40e5

                        SHA256

                        4f2f345f448cdcf857f59ce7a53204100f185800c27e990f6e676a92371c3f3c

                        SHA512

                        b938c3dca63539d033b36fd17b864ef5985856bc5a9ce1421895753d340507352236dc253b53ad4edf7c224f6712b5edb12ecb95c1393e5c6457bcce3004ee11

                      • C:\vcredist2010_x86.log.html

                        Filesize

                        81KB

                        MD5

                        0f2ca9c093463a9226cb2ddf34d06067

                        SHA1

                        46ba28eabcc53049c2c3d7edea4849de55362839

                        SHA256

                        ea6b1ba91f334dbf432376b72cd8446528d1023afa09c56e576161519ced9415

                        SHA512

                        4e01fddef736ae76ef95755c2cc021184ab1668002191897b59cd4810515a1408609a3cd2702b6434af60525b40631706f8b0deeef8de919a81b279cad8180dd

                      • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

                        Filesize

                        168KB

                        MD5

                        8fa5b971a416a17652b84f33972eba7a

                        SHA1

                        47fc619af3e9817bfba500f430e56c39b8a78de7

                        SHA256

                        312c244978a50ee21626eca0b925551ca59e04f1ee2001891e0dec4da829a3f0

                        SHA512

                        2c777b7c2e02e78c758004ec2d74b284593d42ea9af4e73f4cf2bfced781ac280ef0a1990131981f3e93ae38950e412f83c615d53aa7bd20e40810e65b228481

                      • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

                        Filesize

                        195KB

                        MD5

                        8248421fb1b19f6037dd59371478321c

                        SHA1

                        30456e3dc60a5aa3ef78a89357e0c2178df6e0b1

                        SHA256

                        1df1d80531c21b1a5159e2ba56f8a9afd696be27b4a1479fad60aa3aba671cd7

                        SHA512

                        99387f2376a9ec8413b7e09d5f52321e6e0fbed3b4a00ac7e8365c0fd8a90b05542313c2a8939892df9a27ef58a529e55d72d388dcedb76562ab48f15e23cfca

                      • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

                        Filesize

                        171KB

                        MD5

                        64834e3d149753d913244536a511e61e

                        SHA1

                        acf66ee86696b969772bd44e2d7a696993c7e76a

                        SHA256

                        874d942ec6ca7ad20ae826930c821601fa1a675f456ec91d19cf448a27da2648

                        SHA512

                        420d884a4f6684c474693df1bf600f15e3b0fdcbe9c1cd6625cfa38ae10c3ee008366fb84da4d82d36cfb060bea6f8952d7814787444cff7dde673ee7cabc511

                      • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

                        Filesize

                        208KB

                        MD5

                        40ab173fcf378f050c1c09374fb1e3f2

                        SHA1

                        4c2a8a97e7e1df45cd98a6849175ffff6403e93e

                        SHA256

                        e33561b147b9c682e8d70f8bbf0d5f704e43798dc2d57a095eddd263369006f2

                        SHA512

                        3bfbe3d53fc0eeb4015fb46bd2e7666575179ad92bcc3689cc3cd4acd544a69b6f57b76cb568749033d5d38f6a401dd33fa929d678cdd73195fa199720e616c6

                      • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

                        Filesize

                        170KB

                        MD5

                        ce3bdc392ecc0387503cb9a873e9e32c

                        SHA1

                        2444451e00f5f4dae1027f82393f2e0ef5a3d88b

                        SHA256

                        cc6e522fcad6956250d04dce1ffd61e90be81b142e5425d2dcd64911eb672ede

                        SHA512

                        f776454eb5beb073b784e56048dde0a9e5ebadee132cf05b0489d798f55401481dfb970f77c7e5a600fce7e44a07287908505a7d96ec895334ab252726260eb1

                      • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

                        Filesize

                        191KB

                        MD5

                        79ef5296cf1e6069020872750d62a7d2

                        SHA1

                        48224fb21d070b6ddcf22614739bf47167975e21

                        SHA256

                        53c82a18261311adb22ac0ce36ad7d9a552f38ac877367ccd71c9b5d761b89b6

                        SHA512

                        d5d99f03d50ff9ab65bd0c155fadbd1f8a8ae2a7899d33cd44d7d4f7a871971bd29a510cf26c7fbf21d64fac9604ac541327f1e79bcf8cf69e807896baf63f68

                      • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

                        Filesize

                        170KB

                        MD5

                        269b1f16d82b4cad110f23004052ef4e

                        SHA1

                        b515420cc2aef034da4b98d7dccf0824893e4f8f

                        SHA256

                        2197ed4795e05b595dda8550c998270f27bbe05a58580db6a2decb80fb61a86a

                        SHA512

                        cee55a5eeb1181a8c4aaa28555356505588928bb13300ee50ec173f0298cce138559b1a4b953b8adbcc796514527210fe4aac809de93af553a999be2cbf8aa20

                      • C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

                        Filesize

                        198KB

                        MD5

                        e56ad2c85a65f90bbd6622f09d551da0

                        SHA1

                        1d78b25c954ba018c11b641dbd31d5ea44aaec52

                        SHA256

                        b66f6bfe7c0961960fafe2bf58766465bafd37d748743bdcdfc4e5cbe33dee6d

                        SHA512

                        0845c04e0c1e0a7adb19a3c32eba5f4a187895a6b2768f9e2b154b42e43ec7df6d5f4cf04eb3a0125f7345d376ae762d1cdbf1aa6d22be0adf3414dbdabeb67b

                      • C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

                        Filesize

                        123KB

                        MD5

                        e63d80f7349f3bae889c21d6f473955c

                        SHA1

                        2dcdf1b8fe9c071e5bf30ae5e9f7e99a50312076

                        SHA256

                        89ac4e80e2f539319e38b750f430292d073efd561968c3fbaf551761bf735259

                        SHA512

                        bca7c63eb2819f1cce97edcf6dc1af320c0d7704aa9b7c3bf6f10512fdb53adf7573f27feee65b9aff1d40a5b8e2fd44c0d52898f24ec1fd2d303263fd9a3b82

                      • C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

                        Filesize

                        129KB

                        MD5

                        464b1d4e4a6ff90976c9f0ebadb1a26b

                        SHA1

                        79b9e0f65319fe3385f64e544baed87b124f2688

                        SHA256

                        bf1af4b1805abbd74e2cebf61d5991b161060c3fcfdcbd96f25203d543b31a56

                        SHA512

                        5f5679aef2e84f1cbcf2a8df6e3dd6392ed721bb5bda1689b721543a71036e0c55a5a9c13d265e44e39dbbd63a1110db30c602d2cedaf5145d0419eb7373bc68

                      • C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

                        Filesize

                        123KB

                        MD5

                        7a455167de3943bfb5e39920beff6a63

                        SHA1

                        2fc1a551350e9734afc22e245f73ca982f10d31a

                        SHA256

                        af054b16a0049433b50d5e4c32de8445ccc485d3c7e45b8329b61e6782d234df

                        SHA512

                        1beaca857190b46995b76e64a8d0cd364a83a556cc86ef4a0bc6c4888ad5219b03654eec9207796fc7168b814b20d862c9da5afb7f0394fcf8c908f4116adfd6

                      • C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

                        Filesize

                        135KB

                        MD5

                        68b8648fb8ffc5fccdca2eda6f887f0d

                        SHA1

                        be2434712be3ab155cd11dc64d610ccf33d62542

                        SHA256

                        26b24e997241dab9a796abd46fc9b7a613aa915cded4abbec3a40e0dfdbafb6e

                        SHA512

                        8cb435dfb5bb78c1ea2a78195fa61c2e72d99f57d39fe1d72d7e865570a72be5a37fab51f3d157b6b7feac76e97cca737ee7fb4f7b8ae526e0c439b882e71b72

                      • \??\pipe\LOCAL\crashpad_336_AAVBNIKWAYFKCTIV

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e