Analysis Overview
SHA256
ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2
Threat Level: No (potentially) malicious behavior was detected
The file . was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:30
Reported
2024-06-13 17:33
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8081642112083260500,7247206476102014472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_336_AAVBNIKWAYFKCTIV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13de370f49d67e49a880fd92fb07c331 |
| SHA1 | b14ba5efc1c8a4e69d84b4509594fa0d838e9227 |
| SHA256 | c81fcdbdadf9bf0143a1a23d9def2c70c755fcdbd14e51030fd595a5be8e6a7a |
| SHA512 | 9dac934b3bc99b19e7c4d3ba2963a78802f0b55d6e34efa589a52d351f164a689cee10b26d41a892c726c275741bc1a022b09009aebb9e484e01130006c5b75c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d80ab6cec7797772fc8f144d9e716f51 |
| SHA1 | c0f00e1a3412b60a926ee5eeb1412b1bf0429af4 |
| SHA256 | 48244f69e93d41109ccf6a42b497e3a2a246b53675565577001b481d156b9414 |
| SHA512 | 232680cd84d576f0d2713495fb7a5e7674ccebd19f9e460fba27bb41407bf9dddcc59d5fb00223483fc83dca39f34edc24ec3591526569214fd0ede2a5e622b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa2db07a-f4b7-409e-8f94-bb056ef700dc.tmp
| MD5 | 01e7b63331e78ae549416968fc5785bd |
| SHA1 | c2e0d5f91014c0dcd9838db56542f1af5930ce78 |
| SHA256 | 597e4316648b05342c957be5ae769a5507b2ee362987b383fd2c29c3115236ad |
| SHA512 | 1b6efcff96a8596765997b87b197ef01da8cc416896b479e99f7c3994397e30aa3c0e788562d710930501824d68918162d2f2f07f7d3cf463399bc8d8d2930d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Desktop\ApproveResume.dot
| MD5 | c05164eb02cc30b5b4ae8037fae5bb10 |
| SHA1 | 647a3138b5067de48cfd4fbc52426e809feaaacd |
| SHA256 | 8db36474a6dce12b7dc993fb2d5e53f4d70adc91c8073696365e941c4c534a65 |
| SHA512 | 2994a06bf281a6c45381e6251571798ad5af5b06699b42d3ce29b6dd2ee34b65ca2af23be4682ddf89194b6eaa766d66fe8279178e6662ff1da741b387c472ad |
C:\Users\Admin\Desktop\TraceGet.cr2
| MD5 | 4aa06a4d9ecac0b6abc5c57f9fe52e9f |
| SHA1 | 379d4ffb0f994cc2ba1bfc551a9b73dc7975d63d |
| SHA256 | bb1767e56bb30d11d30261f1a30fbae7c1052ebefef5a59875bde2229bfd8b56 |
| SHA512 | 4522e7e73dbb5ba1caf6b824cc71865a1d335d2458a130e015067f1950fffd4ed14800894b2cd17d5207d5feba48f85e06e4397a6fd6be8faa4ed8703b08579d |
C:\Users\Admin\Desktop\UninstallGrant.php
| MD5 | 3348ed3658eed644f3f81ea59986fc5d |
| SHA1 | 9d6a24067e37cbc1427ecd53985b5c4fa236f636 |
| SHA256 | 4d512e8fbd2660020721bfd8a34a043666f11647573ab4eae1457ce2b8c25191 |
| SHA512 | f3dc0683cb56af6d39d2ec130671d9aa0307a1ad482c24defedaeeb6acad36d7969d814a91aaeadd4775b2f91cf540dfd3019c646699eae023141b875ff5a225 |
C:\Users\Admin\Desktop\WriteExit.mpp
| MD5 | 354e9bbaa96e87421e94ad603a5b1c80 |
| SHA1 | 92afc5da4e499039b6e46277ed3b8bc687f37119 |
| SHA256 | f79a1972d0e6fe5056dcab1a646119c9c5ef97fb0d671f57ce145fb38b982c68 |
| SHA512 | 708923951bda46ab5ef66f8ac5ef9b5fc6a21c04d520aa3fa7647469caafe6da96415173ea4a96d65c7e046fdfca4150dd53a4236f9a88df5902b577ee66321f |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | cd2e601ec2f44b0211fae65422446e0e |
| SHA1 | b2ab43d71e0cfd537c1a4fb17d04b82f7201b6e8 |
| SHA256 | 2b83847fdc0f0e3eb695aa504d2a332c5197a07eb25b37b0e184e0e5411caa14 |
| SHA512 | c0ef50cf3f82c3ed49d23c39b69513f84c0aa94059f618a4dcf7b628ee8e67d83998e59b6c1f23b11cbca4aba5b8d46ea741dd77967ff757d5b8fb10b1da0fae |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 36867f540d444fb05ba7469f61198517 |
| SHA1 | 26e3ec466b5392d8bc47c49937b11bdfe30e8bea |
| SHA256 | b0e200ab7b8320378557a7a5d4f14d9d3f7b8fdaae9541fdecab0c16f63e9f95 |
| SHA512 | d6637fa169b65dfb8f36c24c8eee3b944ea09185ccb1ac1d7197028ef04a6d0ac613e0ec4728a8cf756623bb227b0e6c108194f741636f958488ff4c595c6f99 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | b912c7424324879493c771def40a45e5 |
| SHA1 | 914f55b098e0d79a5285bae6d00e8a6b3f2574c0 |
| SHA256 | 2db04f2f0b7deace03e50618c8b1ee26be81fba29c3c8885b41dc6898cf6509c |
| SHA512 | 2822f6ca58037a55acd4d7d4ffd22afb88084bbc192c5f98b4d454e2693027fd07e163cf908d5924950dd5fb24a26994a3e82e2c755745be523c68d4a7557b11 |
C:\Users\Admin\Desktop\OptimizeRegister.xht
| MD5 | b4dace1fbfe2ee7d9508df415274c66c |
| SHA1 | 39e163933003b3f98ab0b53143fcb3a7d21fa188 |
| SHA256 | 4a8bb927697446dd474d52200ab95177049e52676522a5854dfc240e67612bf3 |
| SHA512 | 849273536a01d53bd9c2e2f5fa0c925037d115a5ca605b107c7646e3682bc2a2ed9ba1e4fd5e2510ac5ab7b350c9e561c602e1d527bdb9473fedd6dcdd14e611 |
C:\Users\Admin\Desktop\FindUse.xps
| MD5 | 72a5ae162fbb45fbbe8cf7159de6d958 |
| SHA1 | d9255594538d610d18481e82c930f284cf972ede |
| SHA256 | deba70fb0d454eb1582a15446beb21700a48586f1856533272ac08a3cb67fa01 |
| SHA512 | de7269381fab151f6d10d2dd39330efcc5b11003f83f7956fb7fc10dce5799e26e2637480f07adf47cd766b4b88e885ed450d0fc01be91533c1a6c1f2fcc055e |
C:\Users\Admin\Desktop\UnpublishConvertFrom.mp3
| MD5 | c02f9c163fad794732e58f1c68d3a534 |
| SHA1 | be92f736aaa4e93b95c29804829ce05f72509b88 |
| SHA256 | 9596905d48ceb4b760d99f88abc92e946b8d748ad6bc084488b16130f960f0c4 |
| SHA512 | f20e39497ca83141930588a680f2fbc5aad8105b8ed3428c0dada9e6272fccf17684cfa9b6e050dabeaae257df8bc6c3e9703256a3961e3181a190b7ab45f434 |
C:\Users\Admin\Desktop\TestInstall.vsdx
| MD5 | 83324885e58d852fbb792b437bc6c385 |
| SHA1 | 6da9fab63f1303cd40b5d02b8dfbceeaee8d5def |
| SHA256 | fb3511a9ead194113a437d637b7d2f34c31cc9327ba2a9a51fe31aa6874655bf |
| SHA512 | b0c08ee514105a9e9de85d504c05ebc3e03d600a950f53941f193a78d7e4f9dd802cb239cfb9d4e9d353ef339a67d4951f7d466027c28593e31225c418be0577 |
C:\Users\Admin\Desktop\SuspendUnlock.css
| MD5 | 25d42fc7ca6ce017cc851614b1c6514d |
| SHA1 | d8f25c6a5c6151f7273b0b6a85b536a92b01f410 |
| SHA256 | 74c35713ce1e8d31722d197421ba6b6fdee909df0c93d8946567784250e37f34 |
| SHA512 | b92cb3a7279e0a994ca250007f38fe5f52ba2503c31801df4d2ae4ed818235ace3f932c9c456cdc9b4bda248c1b12084fd2d944c00df4418be303d8167d8000c |
C:\Users\Admin\Desktop\SkipOptimize.xhtml
| MD5 | 2862fda66ed719b4a65e899dd0a4e728 |
| SHA1 | c56777247106b5183b87c860c2afdf7660fcc9c1 |
| SHA256 | 93eeca642153ae0e96e793d66bf6b52fe037dd0edece76df34b7584f1c8d8a7a |
| SHA512 | 63cd957b953c3de5e331506e19fa5cee409ceba7515c56865246ec678da6fd2f10f72c845d3fcb9e53f48926602ddc4cfcc9d356e4af3416e3e95c7771533fc4 |
C:\Users\Admin\Desktop\ResetBackup.potm
| MD5 | 4cf9a7959f24cdf1fcf045b77d1ca38c |
| SHA1 | f9fe87d96696c456ba7a58b96188bbc5b1078ec0 |
| SHA256 | e1218c4d95cbf014b73927a57c08150c5ccdfd344be0ab66133036b953c9bea8 |
| SHA512 | 0cb294419348930d966e4eaae7f5e4c98d0c2682e8f7670d2b3a3d8b2e66a02393216a32006fcd4eda1c6e43d2f57b2c7f8d01e62d0175e7dbfb88492d490ff9 |
C:\Users\Admin\Desktop\RequestRestore.mp2
| MD5 | 36572dcd2189dd54e444ff0ebadcad46 |
| SHA1 | 4f44147a4e166df5cf268632dd90c76b430e4534 |
| SHA256 | b6f1a175936e441f047b155aa06ad9375b3b2cfa9b678bb69f338a89232f4867 |
| SHA512 | 301ff5ebd28b2edbaeec5c540d858e871cf6f4b4ea3513c92041c04e89546c5e5ba262153afaabec4fc6121ea02da00b11d323eabc30ccf81bcdaa96217d8297 |
C:\Users\Admin\Desktop\RepairResolve.vbe
| MD5 | 9a60f4fe21a65554807d9f2ff2226478 |
| SHA1 | 3ef9a43f60b80ec9adf990af50d10ee7e019c63c |
| SHA256 | e396ef4dbb38a83dc28b59cdbdbd507c97212c413d7f8ed914e1ccd201d41d98 |
| SHA512 | 954eeaa76eaaf676f545acff75d848c8724c3116b95cf3fb643595bee87ca24d765c0b1d6827915e672608b5f8b8177f61108f61be1bbcda614d487131e72dfd |
C:\Users\Admin\Desktop\RenameConfirm.vbe
| MD5 | abf6091160a02ddff781a3547225e22e |
| SHA1 | 0820e6dfbbe0d2aced18c09b67ad6f8760e341d5 |
| SHA256 | 8a8273e7d64f509eb7eab806f0cdd3b12876ac9f143d49fa534804f3b4182320 |
| SHA512 | 0f38947eb361e6244cf6f52904268aa5d5529342d2c4f8c0855c9b1e6bbef3efd6bb4307a45e8dacc8a901fefaacee481b3172b73d8d6a4e8261187ecd822e45 |
C:\Users\Admin\Desktop\PopUpdate.tif
| MD5 | 9407dd132a34986f5cc9f67376138807 |
| SHA1 | 2cbd59a76aaa9edc9348e5885743cb4e07113409 |
| SHA256 | 2d9fe10d7ecc6d4857bac2f7d6e7664fab8ae14bed7e0b88c7648b6e5636ead5 |
| SHA512 | db08f60ccb571c339b988d56dad5e08b098091de8396ba1d4e6b3fb6e5dd65ee99f598bf1e6cef270813e44e9adc65a348b76a2dbcef70a7c489a1a9cdecc691 |
C:\Users\Admin\Desktop\MeasureTrace.vstm
| MD5 | 1b935145bed4e7f93a6fb4dd4c3a4576 |
| SHA1 | e880eef13da9d9bbf43d04b03e672e5af20899a3 |
| SHA256 | 9db5d54c9a1c90250576b0904a3d61f0fd9365487a920a483e9d3f708ac36cc9 |
| SHA512 | bc4eb01e9c3ed08fdeb328b13ad0fd655a1327394dd8a2b5a8678240c301673993b2cfb5dc09e08f1391b32af7b347fd84d038a27107aa077498d15f1542a656 |
C:\Users\Admin\Desktop\BlockConvert.vdx
| MD5 | 4f490c7e40b28fb90108992acb810a40 |
| SHA1 | 713a4652797d4992c2967b2bde3dfa6d5456bc42 |
| SHA256 | 4d133edf985eb3a465d6a9d2e4ccdb28280a3467ce20948d75bf4e413a441cef |
| SHA512 | 501c24066a1e7a06eba0dc62a4993413025ce0732f9840e5b2dc991d94916cb2b6f91f2edb459f3f984785d419b9a90817ced01cc4cc8757bd84eb0e9269fbb2 |
C:\Users\Admin\Desktop\GetCompare.sys
| MD5 | 76e36ed15495c496883e12ffe0514296 |
| SHA1 | f79ae26d080c03d1789c2131ec9b16fd33cb8dc7 |
| SHA256 | 3f559244a28b84c2844e40e8b1577c23236bb2b9211aa86b76ea0e5f345c248f |
| SHA512 | c94af132dc20cf27e033418e4c95c6a0c0d48b832b0d3614a0ca103f38079413b5be7e46154cea88a840b0af31ad86922ab9da9e884f8c93d2cc8e9b951a9e6c |
C:\Users\Admin\Desktop\ExitUse.mpeg
| MD5 | 2588a4a1ae545d6a6bb58358fd37a6b3 |
| SHA1 | 7dadc4af9d2aac52bfb4e755baefff1959951df2 |
| SHA256 | f4b010f71545605b63b4524841048d1bbbea687009146c4ef75cb6f3aacd88ba |
| SHA512 | e640e52c370a75f6f5f8ff4c65cf890d1f39ee9717afdc85833c67d590f4bd6baeffcdaa72f11900c4913a5d40ae74f5790e2fa0df2d4e590870e7fe867d7b5f |
C:\Users\Admin\Desktop\EnterImport.MOD
| MD5 | 2c8042cf33556b3432a7e76098bbab66 |
| SHA1 | d6b52b0301386cee1d40c9878ba5d33bf69f1ea8 |
| SHA256 | 0c6e0f4d494a3e26ee8b4b53ab1a2ce182c11c80970771aa733bed9651fbfd36 |
| SHA512 | 6894cde5ea90ff7c40464eb185fe9747786bd7c561e7cee955d92ded565dbd490b271ec8970ea88bb3e79439e1801941c6eeaf022b2637f30d5a30d244ceb52c |
C:\Users\Admin\Desktop\EditFind.vstx
| MD5 | 2c40bf2c82c33beadaa2054ef0ffa802 |
| SHA1 | 58c5b1b3b30d3897cea3551ccae7e25970f66428 |
| SHA256 | 05e9b9d790311a93b38800f5bfa496427995d3be0f3695f0fe6471121419c619 |
| SHA512 | e83e92a4e632ab2de26cc1646e7bdc603172de09e0d19d13c805d12ac1e4d6ce4c3fe310e445e447c0161df68ffbdce5f8e36d45b8d884d75dc1ad48519b0369 |
C:\Users\Admin\Desktop\ConfirmFormat.emz
| MD5 | 8ded5fe14be81f5289b5e77cbc5eb028 |
| SHA1 | 53784d517a5e34a4e42e1dcc08660034f6d4fd78 |
| SHA256 | 93b0a46336080db10d9591c2036045f89070cb5a8d4daa8cbec5e1232e728e75 |
| SHA512 | b2949823b364c7c89577c239f0935a831176e69783385f9024741c500ae00b323c0569250578af2b0970c1a1a6fc98c05c1430de0fef7cdb7a9e05f84c686880 |
C:\Users\Admin\Desktop\CloseProtect.ods
| MD5 | c190b27b460ff4a2fcb336c2d86a0a8c |
| SHA1 | c3a56c339eb9ad6151de4876d6df9d6b8a24e7e2 |
| SHA256 | f2b844d6b8f2202b73323c4cc98637f51dabbc8c7c9329dc1e004a86258d44c8 |
| SHA512 | 5a6361220b069b4f6b7634bbff2201dd1a83d7cba61dd8da25ffa437848e042f314d7370b8bda8a8b2fc114a7f26f514719a9409488bb67176eb9ff70a5f7c73 |
C:\Users\Admin\Desktop\CloseMeasure.wmx
| MD5 | ba909dc7800e20fd16e8c6476b126fac |
| SHA1 | b017eba6867fca1b14a0c95b5fa7460f80261b06 |
| SHA256 | ba4c49d4ac974ff1e6c6fb41e32d01e448c0970801e6d9ecfcfe123a5a0c902e |
| SHA512 | d5826b2690501079897314b5a8c933f438a1dce7560b089999bc8111b8dac07b40be160e4fb5586e3a936da2423295508508162a78f7ee855ebe427c3970a135 |
C:\Users\Admin\Desktop\BlockRestore.bat
| MD5 | 48916b8a8b8006197963d14f769ce585 |
| SHA1 | 9170e0fb6efd8c18eda880dfc677ebe07b0e5c9c |
| SHA256 | 26e32718296e89ffd3586d6cbf5070a38fde57eb9dd93057797a38ba47ddc3f1 |
| SHA512 | 540934e8004c7053cff1af8e591c5cddc792a53466d4398f5c4c795a92b9fbf41e6df32bc8d02a87d09a3858712ab7587d06634c372fd9bcf95df522014b2946 |
C:\Users\Admin\Desktop\BlockEnter.TS
| MD5 | 7355244e0c444be353ae667f22dde1ce |
| SHA1 | e730d53dd4e88acc80cf8f725e134fe06e69bb50 |
| SHA256 | 615a92b86738a8efff56fc73e465bcd51a4a3fe499494264c41661ab3dfeb701 |
| SHA512 | a687871645bf0383dfbe6fc299170c736feda33ca7dc27a074fb76b64be8d93d8fd9236327bea4ed143de21d41cc21e20819ff3ad84dc131c6c85a91e9ef257e |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 61ac1e815d81f4a2f93ba70bdb7f84a4 |
| SHA1 | 0531d3d2953f72dd89a16cdafcad0a2a010b3a32 |
| SHA256 | 844d651080ce9319d36dcfa225504b6e77a36f00fe17693f2d9df081bdef81bc |
| SHA512 | ad015c9f9724b6fa71defde43ace702955ed0564a873d82716f97fef8f56d2a75879c7d1ae373ae879089ed1fab853d4f08dfbcedd2cf81fd8eec69c2a11b0b1 |
C:\vcredist2010_x64.log.html
| MD5 | 2caba40477d788931176c9ba9559610f |
| SHA1 | 5f594d573a165e23b3730d3cd6b42d1d118652e5 |
| SHA256 | 67d84790b58927e07137ed73805b93691657d636557bbbd6ae778182d312084c |
| SHA512 | a654c5581add01632ed292b3a3be8a389c5e06aa1283000f7faf3ae710614c831a1af20cc6834f5089d2cc7792bf6e893667462c6f8033f46772960b7d833feb |
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
| MD5 | a1dc533e6a460f3c6429947736329e56 |
| SHA1 | 951f8e41f32924cb4a368b1afcb2064f0bed3c53 |
| SHA256 | 50711908283756eeb6a9ff72f26c06089e52a2b5fed6a3717698bdc6114c5351 |
| SHA512 | 8da84385ae4a1ab230e4c6e216bcdd60b4b41833689b6848f6fc7df83c4b589dd77a2c7ea4e30cb9fef988f1448da75e516b6b7316c8363c0bb671e60da7e4bb |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | 558c47ac9464ac57005c471082ffecec |
| SHA1 | 1d2dd97d9db3e4bd3bce170bc6b537d0c72f40e5 |
| SHA256 | 4f2f345f448cdcf857f59ce7a53204100f185800c27e990f6e676a92371c3f3c |
| SHA512 | b938c3dca63539d033b36fd17b864ef5985856bc5a9ce1421895753d340507352236dc253b53ad4edf7c224f6712b5edb12ecb95c1393e5c6457bcce3004ee11 |
C:\vcredist2010_x86.log.html
| MD5 | 0f2ca9c093463a9226cb2ddf34d06067 |
| SHA1 | 46ba28eabcc53049c2c3d7edea4849de55362839 |
| SHA256 | ea6b1ba91f334dbf432376b72cd8446528d1023afa09c56e576161519ced9415 |
| SHA512 | 4e01fddef736ae76ef95755c2cc021184ab1668002191897b59cd4810515a1408609a3cd2702b6434af60525b40631706f8b0deeef8de919a81b279cad8180dd |
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | 8fa5b971a416a17652b84f33972eba7a |
| SHA1 | 47fc619af3e9817bfba500f430e56c39b8a78de7 |
| SHA256 | 312c244978a50ee21626eca0b925551ca59e04f1ee2001891e0dec4da829a3f0 |
| SHA512 | 2c777b7c2e02e78c758004ec2d74b284593d42ea9af4e73f4cf2bfced781ac280ef0a1990131981f3e93ae38950e412f83c615d53aa7bd20e40810e65b228481 |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | 8248421fb1b19f6037dd59371478321c |
| SHA1 | 30456e3dc60a5aa3ef78a89357e0c2178df6e0b1 |
| SHA256 | 1df1d80531c21b1a5159e2ba56f8a9afd696be27b4a1479fad60aa3aba671cd7 |
| SHA512 | 99387f2376a9ec8413b7e09d5f52321e6e0fbed3b4a00ac7e8365c0fd8a90b05542313c2a8939892df9a27ef58a529e55d72d388dcedb76562ab48f15e23cfca |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | ce3bdc392ecc0387503cb9a873e9e32c |
| SHA1 | 2444451e00f5f4dae1027f82393f2e0ef5a3d88b |
| SHA256 | cc6e522fcad6956250d04dce1ffd61e90be81b142e5425d2dcd64911eb672ede |
| SHA512 | f776454eb5beb073b784e56048dde0a9e5ebadee132cf05b0489d798f55401481dfb970f77c7e5a600fce7e44a07287908505a7d96ec895334ab252726260eb1 |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | 40ab173fcf378f050c1c09374fb1e3f2 |
| SHA1 | 4c2a8a97e7e1df45cd98a6849175ffff6403e93e |
| SHA256 | e33561b147b9c682e8d70f8bbf0d5f704e43798dc2d57a095eddd263369006f2 |
| SHA512 | 3bfbe3d53fc0eeb4015fb46bd2e7666575179ad92bcc3689cc3cd4acd544a69b6f57b76cb568749033d5d38f6a401dd33fa929d678cdd73195fa199720e616c6 |
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | 64834e3d149753d913244536a511e61e |
| SHA1 | acf66ee86696b969772bd44e2d7a696993c7e76a |
| SHA256 | 874d942ec6ca7ad20ae826930c821601fa1a675f456ec91d19cf448a27da2648 |
| SHA512 | 420d884a4f6684c474693df1bf600f15e3b0fdcbe9c1cd6625cfa38ae10c3ee008366fb84da4d82d36cfb060bea6f8952d7814787444cff7dde673ee7cabc511 |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 79ef5296cf1e6069020872750d62a7d2 |
| SHA1 | 48224fb21d070b6ddcf22614739bf47167975e21 |
| SHA256 | 53c82a18261311adb22ac0ce36ad7d9a552f38ac877367ccd71c9b5d761b89b6 |
| SHA512 | d5d99f03d50ff9ab65bd0c155fadbd1f8a8ae2a7899d33cd44d7d4f7a871971bd29a510cf26c7fbf21d64fac9604ac541327f1e79bcf8cf69e807896baf63f68 |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | e56ad2c85a65f90bbd6622f09d551da0 |
| SHA1 | 1d78b25c954ba018c11b641dbd31d5ea44aaec52 |
| SHA256 | b66f6bfe7c0961960fafe2bf58766465bafd37d748743bdcdfc4e5cbe33dee6d |
| SHA512 | 0845c04e0c1e0a7adb19a3c32eba5f4a187895a6b2768f9e2b154b42e43ec7df6d5f4cf04eb3a0125f7345d376ae762d1cdbf1aa6d22be0adf3414dbdabeb67b |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 269b1f16d82b4cad110f23004052ef4e |
| SHA1 | b515420cc2aef034da4b98d7dccf0824893e4f8f |
| SHA256 | 2197ed4795e05b595dda8550c998270f27bbe05a58580db6a2decb80fb61a86a |
| SHA512 | cee55a5eeb1181a8c4aaa28555356505588928bb13300ee50ec173f0298cce138559b1a4b953b8adbcc796514527210fe4aac809de93af553a999be2cbf8aa20 |
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 7a455167de3943bfb5e39920beff6a63 |
| SHA1 | 2fc1a551350e9734afc22e245f73ca982f10d31a |
| SHA256 | af054b16a0049433b50d5e4c32de8445ccc485d3c7e45b8329b61e6782d234df |
| SHA512 | 1beaca857190b46995b76e64a8d0cd364a83a556cc86ef4a0bc6c4888ad5219b03654eec9207796fc7168b814b20d862c9da5afb7f0394fcf8c908f4116adfd6 |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 464b1d4e4a6ff90976c9f0ebadb1a26b |
| SHA1 | 79b9e0f65319fe3385f64e544baed87b124f2688 |
| SHA256 | bf1af4b1805abbd74e2cebf61d5991b161060c3fcfdcbd96f25203d543b31a56 |
| SHA512 | 5f5679aef2e84f1cbcf2a8df6e3dd6392ed721bb5bda1689b721543a71036e0c55a5a9c13d265e44e39dbbd63a1110db30c602d2cedaf5145d0419eb7373bc68 |
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 68b8648fb8ffc5fccdca2eda6f887f0d |
| SHA1 | be2434712be3ab155cd11dc64d610ccf33d62542 |
| SHA256 | 26b24e997241dab9a796abd46fc9b7a613aa915cded4abbec3a40e0dfdbafb6e |
| SHA512 | 8cb435dfb5bb78c1ea2a78195fa61c2e72d99f57d39fe1d72d7e865570a72be5a37fab51f3d157b6b7feac76e97cca737ee7fb4f7b8ae526e0c439b882e71b72 |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | e63d80f7349f3bae889c21d6f473955c |
| SHA1 | 2dcdf1b8fe9c071e5bf30ae5e9f7e99a50312076 |
| SHA256 | 89ac4e80e2f539319e38b750f430292d073efd561968c3fbaf551761bf735259 |
| SHA512 | bca7c63eb2819f1cce97edcf6dc1af320c0d7704aa9b7c3bf6f10512fdb53adf7573f27feee65b9aff1d40a5b8e2fd44c0d52898f24ec1fd2d303263fd9a3b82 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 17:30
Reported
2024-06-13 17:33
Platform
win11-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d8ed3cb8,0x7ff8d8ed3cc8,0x7ff8d8ed3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1788 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10692774903203574127,14811304910646301856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 2.17.107.129:443 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a74887034b3a720c50e557d5b1c790bf |
| SHA1 | fb245478258648a65aa189b967590eef6fb167be |
| SHA256 | f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250 |
| SHA512 | 888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3 |
\??\pipe\LOCAL\crashpad_1736_IATQNCDHNLNIQYTJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 64f055a833e60505264595e7edbf62f6 |
| SHA1 | dad32ce325006c1d094b7c07550aca28a8dac890 |
| SHA256 | 7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99 |
| SHA512 | 86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed7546d8f33962eb295d5dd6d8ce767d |
| SHA1 | a90d146224fd6731d15e824916ad63ab1f8603ab |
| SHA256 | 1499ebf0aae4a860072e3de470558edff80c84622ae33ece9d139ee482f3bab3 |
| SHA512 | af8242b7c8a1b1b230fc3cf0f0f151ed72373c547c46afb475067b4b356d9ce88423eb04b0b18c812aa4b0f4c863b675aa66136dad32b5aad4678a8c7e280bc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bd9b34c2-44d4-47d9-b748-86d43fe9ff38.tmp
| MD5 | eb34b4b68d1ee33adb31fbf94b246ca3 |
| SHA1 | 812bf5b461b3156938a6d0d24d1a18f1c7ca69c9 |
| SHA256 | c82277372ba84b13f56d03618ef979923492f6059f3ccf87f3a8ae603fa9a6c1 |
| SHA512 | 0d218d99d35d3462afc1e9a6d5bb35dae8f9a33f90f866bc605bfe0e6559c578d5854f06bbe4ea6ee410a808cd6df350e80c582bd5aaf7f1dbf4d106ffde5053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce1af0b7fb8d09395436efdaa6ab5125 |
| SHA1 | 5de48beed42abf97f3f7b72ac57fefea991421a7 |
| SHA256 | d49f4cbd28ae5d38895ce19449255146b1e1e62e9476ee3d93ba36601261eae3 |
| SHA512 | d50e797c9e82435c8d435d213e1e59b6ec2c6407cb1d803ee0cfff117faf1a9b86587bb0161a97f2214144518130850e1ec9bdb8483ae59e21123f353edaf385 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e0236413295e49948baeeb46d884acef |
| SHA1 | c24f80184264ef596722c1a84b8dedde9bdad557 |
| SHA256 | 11af5d1895a6e5952ebf08f72ad5121d828a5e2f8dc0656875d527e886ca54e8 |
| SHA512 | d99fd945c37dee141ea4e4f2e2460f482230bb679d8a63131348685a7dbebce074c9543161672fc525cd0c84d41d29e2ee78f6e3a7b8f7d18ca40eefcb95e5c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b85238b3d7a2ae9fb61dba1ad4958b4a |
| SHA1 | 7e6831f10f1efc95f9a89ea3f62823a4fb3ceacc |
| SHA256 | 5299b4a1d4e43f3daf72f870c26f0fa858da02576d5aa6b0b0a770d907b41be5 |
| SHA512 | 7f4f6430a52804686e2e4227e21d788564a0c58b2dc9ad1b10d4449655786a344ed12274e7262cd594d80e7bcfd24318855bfcc8e6ece00a9892ed939b58d6d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bded9f39799a5bf0b38941b23a450d06 |
| SHA1 | 06f94a61cf2d651540cf90f91403ebfd33892c81 |
| SHA256 | ec3bb62f8ac9930fc6194fe774934d1867b5d90de645826180cd3bcc930ac80c |
| SHA512 | 871efdbef4efa727af2227147a29f306d0769ca3bda8676295d2d3dfd64063c5a79375728b19b777ac016c296a39ecdaaf4595a6e43771a165450d9f6504a166 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 27b3e0bb158d312204614102c0b5da67 |
| SHA1 | d7bdf414678306210194dc701dccecaaf01e3fc6 |
| SHA256 | a6bfc51d03bb84f6f0d34b73aa99064d70cb3e826fa8b32c297d6e66ef81a60d |
| SHA512 | 8eb0f5d22b43f8487e39cda036dfe54eed8853b52cd6d245522654c7832719d0faa794f06ecf80492f59e69e23554e17e37cad82bc15b36fbdd3b8abc23635c6 |
C:\Users\Admin\Desktop\AddDeny.hta
| MD5 | ea1b1e1237acda3c2e83994faba1950d |
| SHA1 | 2b8c8bdbfb4d211a52879ce88adb35f07ffccde9 |
| SHA256 | ca95bd6f6ea88bdffb2e62836e7e124f630acbd969c39e05abfdef991b501113 |
| SHA512 | 97d37beda34026434e4922899823c7f69aa32c3c54414caffd04497bc16b0d95cbf65397562cf31e418b980295eb2f84472a6c40638734809897ded370eff33e |
C:\Users\Admin\Desktop\ClearSplit.eprtx
| MD5 | 1b22c2e194e32992e073a29f33ba667c |
| SHA1 | 251a128e109804d5253f992dcd41d8a74d86c7f7 |
| SHA256 | 79041841a665e7d938ca45d76e7a356497fef81d414cc2b5eff44fd7aaa1f1b7 |
| SHA512 | c5c8b05c52f1a2727c20e9ba367b31e8d30c4858c82e27df24ed37f669dea62191717db123c9fae5a4290d60e3384cbbbb792e13746bc0942d9a5acb1602cc8e |
C:\Users\Admin\Desktop\CloseSync.rar
| MD5 | 94fc5acee39e7f6c33d35293dc1f0435 |
| SHA1 | 0c7a002af8cccbe31cf2e7ca099475ca7c79513d |
| SHA256 | 5647eb868086243b20b7a8d6813c3571bb7ee2c9140d43b8539ec3c1410a2bfd |
| SHA512 | 1bcd2f9b11869396e7b62e94caf0a6886bec4c8924719af322a36f5e20a54705a817caf785e1a72a3a7e79d2a5447b83c125dc5e7735743c0a800c09ca6f0bd3 |
C:\Users\Admin\Desktop\CloseSuspend.wmf
| MD5 | a2e5f21088ffca7bdbdc7955eb46236e |
| SHA1 | 2019838700f95d997f3f0d465f4710c49ad9e3e1 |
| SHA256 | 2ee11b1439f3569bba48ec4713d1de155afb41e7476da26099d4362f56487926 |
| SHA512 | 2d1fc39168a6de77a3a01ce475bd1bcfe703e86800ccdd7427422718b77b3eb1f6a8c0a17d3f8e7aa45467d14a33c032048ae5259f92dfff294200c8fe4977fa |
C:\Users\Admin\Desktop\CloseGroup.wmf
| MD5 | 22392bb4f52e7059b5eed6fec656262e |
| SHA1 | 235dc6b03922278e7a2c2c7fdc293ac5432e2eec |
| SHA256 | 6304348ba43f12b0fad62280837981cd11e6fc0358829444e2c6e6a8bcfa315d |
| SHA512 | 00dea4fd3c5b377186aafbde6cfc84c696de5fe7eacddeb8f8fffbf3f89876695225326e3cf190039a39412f3c0cd1fdf00277959b0e1efe07af93c51ec71293 |
C:\Users\Admin\Desktop\CompareAdd.wmf
| MD5 | 9d566d2d30a8cabded965a6bcfa48fb1 |
| SHA1 | 0dd6f09a35fde20aff83895d517e725e0eecacbf |
| SHA256 | c00df076cb0f32ab38f9cee6345cdbb3f7dc031547f14a852b481994d69a57ef |
| SHA512 | d0e4804b28325f41f6f7966b52f725138b51804d21d1769f5c1b51018f7acb34cc6285f7a2a690cf6c7a278a317a92c86b7aea940bf735f0ff5353cf3f74b554 |
C:\Users\Admin\Desktop\CopyUnblock.dotm
| MD5 | 6c04a737e34f1012cdde3f48ec963ee7 |
| SHA1 | fcfe17a315e7c4f47eb633b99b46cde0ff70ab18 |
| SHA256 | f8cee2b3524139cbd649cebad04dfd05b47ae2a6275792457e69317e1931aea8 |
| SHA512 | a93119977b1c21c24466605d8439e635867eac8a6ca63954c6719415a61ccf3299ffa54113a09355ad87bc8d065ec6fba653aa18dae692903a8fcf4d82ae266c |
C:\Users\Admin\Desktop\DisconnectUnblock.potx
| MD5 | e6208106571ef0b33d9c67a54a8b5fda |
| SHA1 | 892835714d3eb029801146e32c3aa46ea650a848 |
| SHA256 | bea5d78a9933f5da97d929d9a5192ca1db6b8e5b925b29adb1415cba5e0894a5 |
| SHA512 | e24641a38e8d3ee0caabfe16c2907e5efc94a0d76671ffd966d7e55ab5d55e52b61b6953049fdcb6526b66417ceb738131bdc11762a79d3e6282a92f1b2af742 |
C:\Users\Admin\Desktop\ExpandSave.au
| MD5 | f514a7052f6fcc0f40b395e4b19fde2f |
| SHA1 | 874533517ec8e0abf0fe64351c9d7df25d550f9c |
| SHA256 | 12b6c4a22f9413fb46ffd45448c1d669e966b09f56c0c3d815c4adb7b32e4b76 |
| SHA512 | 5a4c05be24fb177f09ceffe4dd6491957dbef937af74e525dcc0709513873fa4e91cf86ec6daf74520d64d9316c3e3a0db74b2a029def4fc0485d49de970fc8d |
C:\Users\Admin\Desktop\GetReset.kix
| MD5 | b3c76058a1cc840ab658a3b843c03362 |
| SHA1 | 28723caa243f6a22ed2a570f9571d548ec725c1a |
| SHA256 | 264104fe4b72c9add949ce949765013d67891a67f8ff7ec426fb24d6d2dc4106 |
| SHA512 | 7dc923f4d5d61b998f3b10108f16500a2738f760dcca997ea2a19f1ef27a915ecaca371506dd529b403731b455a88718b318ceaffa01e48a6945d1936956def8 |
C:\Users\Admin\Desktop\GroupReceive.au
| MD5 | df0e7182ef8ac5dfbfaa2ad872a61cc7 |
| SHA1 | bc5168c2d271819c7d6dcae42f3866368ad9a9f7 |
| SHA256 | 3145e6262f526227ac258c17902625ba91b8ce394d92cf3b0677b44766f0574c |
| SHA512 | 94b1a341bdcf50da68fffc424728601f5c2c2e8545e24d25bb90f1ab116d6d2590788460c42eba1e3d4640c35bd0dfe2af91b6fa3f917f884bb4c604226307b8 |
C:\Users\Admin\Desktop\InvokeNew.mhtml
| MD5 | cdf004a58547cf4db138502d0ad20ddc |
| SHA1 | d5cff9ed94d72e316f372e47f3b86d9e2778bb75 |
| SHA256 | c636fdb464a02a531e85816a00edf23901e73255cbf52328e6a12a238b11672f |
| SHA512 | b37c09850952950917f16ce1ab4cb0144b1544b8a1644ee937d5be9d8b19894d6cd6020f9f42fab56033fb392cc1c645882b38b56ab85fe71a0c2657c040a83c |
C:\Users\Admin\Desktop\MergeRead.otf
| MD5 | b94921fcea4a431b5e50b81601b56b7c |
| SHA1 | b9d5211527c70297279c2b3582887db0ad1c4fda |
| SHA256 | 085d1919fc667106029346cb84dc75992c1efdbfa5a4570c1cd7cf5dfd403b42 |
| SHA512 | d63b96104db83dd15bf2c35bd5443592b9867a0049e2eebf55d131973543331dfa3beaaa4141df73dbbe965dd0cde9ed3ed0977dec075d5908d44d2177f64333 |
C:\Users\Admin\Desktop\OpenClose.mp2v
| MD5 | e6bb779a6b25c583b78c3b00ce6a932c |
| SHA1 | 210008c8af0f452fcb8f1bfb5df74c3772665843 |
| SHA256 | 6b1d8aa30cbb5e734b8da931f8c4822777333f1b046884cc9fa1a49efbc2b1e0 |
| SHA512 | 526eb40c9bded69ace46737499c4e759a8cd78ef7afa8672f814e771ee43505635805b73aff2871ca01e1190d08893a198ae2a6c26f0cf9ea82aea9e48ea86f6 |
C:\Users\Admin\Desktop\OpenRevoke.vstx
| MD5 | 74edc0d7860e5f3d32d8bac2f86b289a |
| SHA1 | c9a82c316f9bfb7446426b2a76dfbfd68111413d |
| SHA256 | 7264109b32724c9c75d93cbd9148f04db18574f9d132c655acf0531015652b4b |
| SHA512 | 4ebc20d6a169a05c44b2242d85c1548cf0a3994fef35c83326793d12a2d394751c72b8a45cb14b8b039c4ff99b8965de71344f147db65bd21fb1d4875729488f |
C:\Users\Admin\Desktop\OptimizeMeasure.i64
| MD5 | 21db61eae4b62aab29fa6961efeacc6d |
| SHA1 | bc61cf7d53270383dddabf4ee6035b32b9d7d8f4 |
| SHA256 | ca9f4705de4b2739e3c866a76a247c2ba94f20d75b1e551fd40c239143d7146d |
| SHA512 | 8ed8e5e14b41dddf563d503fcc1b23fda5e1a7e59c2ae5003461669fcea7ea7492d85be94525d45f9f5d16968989574aa82129d903f18bd2699bd194fdbe4843 |
C:\Users\Admin\Desktop\RepairUninstall.vdx
| MD5 | afc7f6b4de4f04955a89c863e80c3a79 |
| SHA1 | e8bdbeed4210c517811620410b3bdc1a663c519a |
| SHA256 | 4f3e2081aa45aa5b7f29ca77efc3a8e61786461e8d957cec74af841be449b098 |
| SHA512 | 79c9234995969b6a563699ad6c78049e0c6fd26784b8b9ba5bec2b119b5472638acb2b56ff4019ae7e40560629679ee194933411708cddef54af8a02a8bc7b75 |
C:\Users\Admin\Desktop\ResumeClose.wvx
| MD5 | bf7fe9b654e5fca44b1ea47b39a5d97d |
| SHA1 | 2986183ad28b88abceac837414d86f0f23099b6b |
| SHA256 | 11a8f66af906672900026693aa978dc1954e1a1fca1cb3b7f9c10b162b6293c4 |
| SHA512 | 430d1bd38d7a103692269b096c96e0cf35093c426dac366f928d26fe39ae26ac2593ccbd6a32ee4c6924c805c8d236db76da02180b6a79e2cd4382917945294f |
C:\Users\Admin\Desktop\SyncCompress.mid
| MD5 | 8ee541fe11a54f56b4f2ef3c2a7b9834 |
| SHA1 | a5187b9c71a171b695b543f54e910a3c91df16f8 |
| SHA256 | 823821b06459c8dd0473738c57d198b669d5308877989fb12c5a1bfd033095cd |
| SHA512 | d9eb41590339ad4d9ed1a0d775520298ed05bc23a06a545608fe876ef290d812bb2c0d96d06c10fd316d11453ad3a3694aa5106669b801695299e0c6a4c3e945 |
C:\Users\Admin\Desktop\SyncReset.vsdx
| MD5 | f2f023d2dcd0d20f6124ef6a31bd36ef |
| SHA1 | 560cabf0315571fa3e66217c93df2b8aeebae565 |
| SHA256 | 6595f8606c2dce4fed9911b7005a81658d5a075f55fffe175432c97286886141 |
| SHA512 | 5ad33fa03a8ad9f8109c748b12c14fbf0e4f04398dc16a147d63f23a4a30dfa31b0a0194db7d149ed437fcd29c9f482064ab007e7ba61260f3c6188d18db6643 |
C:\Users\Admin\Desktop\BackupConfirm.xml
| MD5 | 570238946084f68fbc3ed1a35a69a65a |
| SHA1 | e95f127c3caaa5f5df6cb723b6aa02381bc3831a |
| SHA256 | e24c5834c41b1f3287cf2d774364ac0e9dc8f8d0e57feb505b36bc950a076839 |
| SHA512 | 84f448f77b635166066fc0219387d46caad061c7110338efdf0c19b8e2f328cbec75ed772375e08ab976da53d26435ab7a73c53a2edb05b6af2f48abe120e648 |
C:\Users\Admin\Desktop\UnblockCopy.crw
| MD5 | 18818c94f0a8edf72a47d52c52fbab13 |
| SHA1 | 95e1adae3dc6efd7c04d9b95bf2fae15c8e6c78a |
| SHA256 | 67991ccc8aedf74295df5d0ff00cd6276e34abde639c181e7c168cd4031b0dac |
| SHA512 | 1de76ba4328e1a5587b640c15790853885b76d20e8a3b63be521fa9b4d2777a08cdb61923ba09fa2be236ba7bbb54bac0aec33f4c10c9a97ae83e7a766bbbb7d |
C:\Users\Admin\Desktop\UseFind.ttf
| MD5 | 48bf4709ffc9941bc8ef748ddc18f1e5 |
| SHA1 | 17dd4a7c4492fe91d83fd3be62dd5c0fdaecb7a7 |
| SHA256 | dfa9ef421e56bd3ec3a04c050805ed918dd8d1eb8f0212893b0ac2c42db9ecba |
| SHA512 | 081c79e87f4384812747620d32fc20ecfdf3d9ed6c20fb935ecf3eb176d3dbe6708c79cace7c446683bf26089405dea93cd25c3ffc03008c4cae3f0c0828a1c0 |
C:\Users\Admin\Desktop\UnprotectUse.3gp2
| MD5 | c57ee551df634a0e44ac5e7138347f64 |
| SHA1 | ee9901faae797d874de94a90d323c21c68e904ec |
| SHA256 | 30974971a8fa37596fc914a4a6231b62a6ae1e65973df849d3da8940f5d201cc |
| SHA512 | 4f5d276f65b592343b143c136a950e66613a6ee0d6a707ff396e47be0edc05d202a8f2d8c8cae634de454dc51e716d3f382eb6755b896e802f05d956e735b739 |
C:\Users\Admin\Desktop\UnlockRestart.ps1
| MD5 | 27df2e5f3a8cffbca227dc2235bb2b03 |
| SHA1 | 130575ccc7ccc70c0db27d35ab4071520691c073 |
| SHA256 | 8da855b6dce3fe9f98a1a4198ace17f08d549402f8b42fb85959ad5782b09897 |
| SHA512 | 161958b64b33d31a3310e3ef66731c026e9b442bc6e7f4f03ac5c1d3f9de1e055a67bdf561fa0f2f9a4b388a2c5fbf46a0c4b44c60078aee1aeffa3c8f706c39 |
C:\Users\Admin\Desktop\TestRegister.ppsm
| MD5 | 4861e6e48fc12264e7a11d32c4ad8b77 |
| SHA1 | 3c071fc3f9a72505eb269415d7a59f2854dab686 |
| SHA256 | 067ce615715a0b115a593d762488d87204022e1055f90eaa75cb28e598fe89f3 |
| SHA512 | aa85bca01b75c858998c5dba5d394dfb3e82c8284591b11b711b254ed00f4b1b3b171a16e31273cd9048ad6a6e31236a4078e49562512f76a203e3b3ec975aea |
C:\Users\Admin\Desktop\TestOpen.ps1
| MD5 | 42656327d90c784be91a9cdce1407289 |
| SHA1 | 6879412a73ab04882cb8841ef3f8e5172ac760ab |
| SHA256 | 99e11ba8254b8eb863614fd7645072c279edacd50789136bd607b8beb7865171 |
| SHA512 | 987f96a2d5bb8c18eaec291bd1c7787d975c7d3d477a362f4dcb065858095ae826ffa28ce6d5a850cdea6dfea09bee7b6538da8ee1844b05e0c3f36a371acf0e |
C:\Users\Admin\Desktop\RevokeSplit.m1v
| MD5 | 65ed1155545cd8684397bbf5cd2ce6dd |
| SHA1 | 3035b782ad244b0a0702d493f12ad585fbcdad77 |
| SHA256 | d100cd314a9a403dbacc065f99318ae72e151af2ef52e9758bb74ff96a2fe3de |
| SHA512 | cae023937b88b85f4cd9babc669cc52f13ab0d909a2fa22e0f2cbe7cdc11d67e1f5de0b23d2bc46cb91303a7b15c39c9eb836366dc057914641d7019a93dddb6 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 2e393cc414c06d33e4893b74255b6248 |
| SHA1 | 3836db3e01411a233b9daf6f36d96feb4c833cab |
| SHA256 | 4914c7587c8e57c50a4736d9c96260a2ac78703e48f4c5005d7f240fb6f137c1 |
| SHA512 | 6d620005e7469861e2f00a630ff19236bdbb682ddc5b897a4e92ef703bbd6099b470810ebf6d28bb19ac20d139021f87a273ec76d12170c187319c22001aacdd |