Analysis Overview
SHA256
0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21
Threat Level: Likely benign
The file jfxrt.pack was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 09:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 09:27
Reported
2024-06-16 09:30
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630037270235329" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc9aeeab58,0x7ffc9aeeab68,0x7ffc9aeeab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4496 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4940 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5096 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1700 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4372 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault787f4f24he734h4e7dha839hbd92c82c77d1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ffc9c3a46f8,0x7ffc9c3a4708,0x7ffc9c3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3992 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | miniblox.io | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | miniblox.io | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
Files
C:\Users\Admin\Desktop\ApproveUpdate.jtx
| MD5 | 4deb0003801cb20dbeb2614024ca8a2f |
| SHA1 | 9b2f7f2b249cedea26b65f03839f1d1d091c01d7 |
| SHA256 | f266f5dd7649ec150c0bfa8f2a2d59cf2ad25a133d6fa608b2847c612b1d04d5 |
| SHA512 | 6a4921be3b190b3b34e5d09daf02d9891f47b6466ec60984f53fa7f0a769c39e3047a709622cf2aa455b791ff4ebc826dede8b4a2d216e900c8f27dd6c1344ba |
C:\Users\Admin\Desktop\CompleteResize.wmx
| MD5 | 3cb1164936f2a7f63293a90a30ff013c |
| SHA1 | d0ac2a2d309760c2491f78ff9e19dcea86fad9da |
| SHA256 | 1df99625e8b16c81d95704a91eec692257a6fe2777c896809836f2e229fa1086 |
| SHA512 | cfac4aaab74187e322c44cf1f27e5112c582786ff6ac2e0ac19b25c73230a553a2abe3e6435822c8549845c017f09bad5081af5f2dfdda843b6e98b75e9e1ef4 |
C:\Users\Admin\Desktop\ConnectPop.dotm
| MD5 | c901f56fd67cd74237f6cf6f148a65fd |
| SHA1 | a1ad3207b754698725210ae9c105508c270aa140 |
| SHA256 | 629232938c319679210732b99a2944a6886fd914a5124f21e11c92707f5d84df |
| SHA512 | b1258e7b71e1a70d360b2a79f4be85a48ab51ecb54ef3152445b87882e6f939436f5ed6f41c6719bd975e516be5392a46410d858a8a30e2a70b1e5703dfcf250 |
C:\Users\Admin\Desktop\CopySave.vssx
| MD5 | b16e58ffe89b1e92ab7ff17e6fc55f7f |
| SHA1 | 6f4c83d08b345aeae1f6c9c9d5f5216b808d3812 |
| SHA256 | e699c7c47c2a10c7b8d0b544aa9757a58057dc04adf588805c921aa64822eb3f |
| SHA512 | dacf40f9838ef85be3bcd024958c77c1634c2d0b56442770a4b7003d0aa505d1c7bcfa0ce34e3a715b6bbfffab5347b7ef4bb4917d1f9639ce420cdebd6ea58d |
C:\Users\Admin\Desktop\EnterSend.zip
| MD5 | ff04175b1cc572dd1b4cd7682fc2f445 |
| SHA1 | 85f98ff5316401c27f0b91de59d9cba26538dd44 |
| SHA256 | 83f472b9116585b79f6b4bb1d3f6a2c59cbaf3e62ddeae9505c9de186b01b9c7 |
| SHA512 | be3b5e4d7e7a8075ecb30f99c3013db2e0227765798b0acb2ffaff5403b1c0cfba5200e28b77de57f40ee129842f9e432b2d680e54a2614f35f97595c3033b18 |
C:\Users\Admin\Desktop\EditInstall.gif
| MD5 | f521be148938c6c0956771bf68e9a53b |
| SHA1 | fc6a552c0adf696dfb4edd60d519c7b112aae29a |
| SHA256 | 6b79818efdd8c7b3fc1f74c028488656dfba05061ba17513637f07c75b2f040c |
| SHA512 | 22b0146829ce3c7128d041d13900d43acd9f5ff207171fe119abb2251314d91af5c0bdb2b523bdb0c48f3c62b19b50887aad701da69c281f110c2065f805278d |
C:\Users\Admin\Desktop\DisconnectMount.emf
| MD5 | 8d776fbd9fb81c86bffc7db239f446e2 |
| SHA1 | 1c5ae67761d6bf1f400fd4b389e55db8f4142d4a |
| SHA256 | f2287fda69694058c3f44dac89cf6478984c0c7e987d90a6a828486c1d3cadf8 |
| SHA512 | 3effd16ede8659a71c25c72a3adcd65bd4ae6676e5756464f857524c1ff737c3491bb4cce182fb2254d14db2b1b22f4300abd0b044493b3d576280319bc75950 |
C:\Users\Admin\Desktop\RevokeApprove.emf
| MD5 | 84492c8d3d92038736286a27695f108c |
| SHA1 | 366453d19eeda8610cf54eea2e833fc65e5d158c |
| SHA256 | e985baabb3da52f156a4a51490240b64cf743449f144650762172e83f9b63ba5 |
| SHA512 | a00776ef388a3c42539e7a9a5e2a8fb538b51b732ea7b08d96f072a07e0f4c6d58246293aa6c4f2ce9a98b3c7b4971958b94a8d140e6fd21a4f968a940ef71c9 |
C:\Users\Admin\Desktop\UnpublishFormat.vssx
| MD5 | de57c4ab3eeee5441b09c572969bd582 |
| SHA1 | d932a986237b8b1b10cf4810e9a5fc96d0c0fcf9 |
| SHA256 | 942885d289f7c9461fa75e64312a786a1157e5e631d427b35abeb42419a0228f |
| SHA512 | 32d26853b42fd84d4c6b85dc653d3ad0f9b7af07751ee91dc6dd950b246016b81f5e024ef3fb4e3cea347e91d6dbd7650116b09ba5715b53d2284e4972091329 |
C:\Users\Admin\Desktop\WatchConvertTo.odt
| MD5 | 1c6343b84a03f13e28aaf08a5d59afce |
| SHA1 | 21ad2995d2eb2566f39f5417c35871d68c408fca |
| SHA256 | 7ec071e38d3f81c3e75284c934f36f8a335761c6a5a5135e82ae61be088e3c4d |
| SHA512 | 17654d9e7d7d59cd5dc059fbaba0ef88c8c63dd2637da1886580a5c925be4959604b5f4c74f2b0223c0340b79de0b8e2ecc4373b680bc5fde5fc7406ebff535e |
C:\Users\Admin\Desktop\WatchAdd.dotm
| MD5 | 28bb33836847dd3cc4527dade2c3b1be |
| SHA1 | a2ff0e4ba5d534df208ce92b8b1220cb41079933 |
| SHA256 | 4ca4cb4674e9cb65631908955665b3c4a578c62b44f9e1d3ca0af59b7635fce7 |
| SHA512 | 962d4aeca8f31d9920d48fb6a4238c786adc2864ebe7b096e2eb0e689ab63d067bdbc5e25ca99343b58de092c30fc27bb90e72c1e90f80fe9385125fa73f7c46 |
C:\Users\Admin\Desktop\UnregisterStop.tiff
| MD5 | 5518b9c6ece0ee3a23a8aac24d79f5bf |
| SHA1 | 9f1179a021e8698b1ce3b665754cddab7a16fcc3 |
| SHA256 | 44ab8823383e337682b5075f6698034fd54a496a61a4cd8f80c1a6786e957f7d |
| SHA512 | 0611553e125af1ba9d881c0be30fe017c8d389dd4ac04f885b168977ae83bbcd5c8b81a6d9de0e9ada07fa8515a1f53f8f182e53b7d4e028b2e1548d86fb703b |
C:\Users\Admin\Desktop\UnprotectFormat.dxf
| MD5 | 3d07e29e80335df371710b0c574fb787 |
| SHA1 | ed8806f43480665aea3bc3f279b4edb44f9144be |
| SHA256 | 31d737af6b8a2c514e5bf9eeb5023005f39b5b9d5ee05bda43a4c297bbb1af3c |
| SHA512 | c89c4a04924d7e2c8a8561447e633f39a33a2d0d85dae6e0914a93a5078ed09acefdc68606cc9620cc9dedf05e8fd934dea6547b73a11a3a893832484f89af22 |
C:\Users\Admin\Desktop\SyncOptimize.ogg
| MD5 | d34af3aeb784b4e2d96855940c10baef |
| SHA1 | e11fa76499b87121d25818a8784ae318b99ba299 |
| SHA256 | 3b6142086abad48e675abebb23b301e1d6c98f4099c82235630b04946320912e |
| SHA512 | 8e785e87d47f26f61a77f3d64c48139ffd64e4bf112dd4b4556a87bc401fde3ff2f50678886574b5343d2318e2ccaa2d9d8da1763311c5f557ae642256268cb2 |
C:\Users\Admin\Desktop\SuspendCompare.tif
| MD5 | 52550c2f92421d5fadff5f02721c0f5d |
| SHA1 | 8971101297062db4bb243c2cff051328e0c6bb45 |
| SHA256 | 67d32b60d92b3d66424ca70fffecea9a9121ff372aaec0de0b39a45c8232295e |
| SHA512 | 7687a94f5f9a3474ef5ce8f77c79b5f563634df8414e1069414f621fe7bde4815ea8dafbb94a8d10eaf0f71ea284133eeb95095d84ef8fea558d5b2b8dc30259 |
C:\Users\Admin\Desktop\SplitPublish.bmp
| MD5 | 7565ee3fe10758ef70a88a45c3ab79d7 |
| SHA1 | d8a7a04d511f18bcf59e8c8287a337c57ec47f07 |
| SHA256 | 4a062c4d43e7d73d892a0eaf85004b417ee061ed46ff106b66ddfe85de89a718 |
| SHA512 | d6a34adec27aeaea417f901c0242d2d8e42226bdf3231f20e18c7e5b9f34f7e916ce57ee8b69553a942ebef31919518ca229b58f52e5b7d60caa58eaff3b194e |
C:\Users\Admin\Desktop\RepairEnable.mpa
| MD5 | f1b7fba6b9a8103eaca989d7aa14ac98 |
| SHA1 | bca7ed7ea448e0673baee9bea72de5f840f39fff |
| SHA256 | 789bf4ad1bbe93e5e00d6e47ce0d8990f9867b852c85318d5ff3e11406b4baad |
| SHA512 | 2356c402b2c689d0ed83f6d496b23d16e8332b9b1926a39f6edea9077f45c854528be84df0f40b3873b8fa8ec71eb936aa442c91bb34245921f22b66d15d4d5f |
C:\Users\Admin\Desktop\RedoSwitch.wmv
| MD5 | 8aa811416942052342fe3ddc323233b7 |
| SHA1 | 66227428649d396506a4bcbfa97228c063acba18 |
| SHA256 | d01ebf9f74a2c74b245d772d28fe093d056a49024d43cbd33fa4af10d0d1bab3 |
| SHA512 | 48791276dd8f3e40e35dbad1ce77fac9f39d46926a28f9e448f488ad957d43fbb4d74f5c85886e73657b1e7bbfb20b315a2726c82c49592875045b8f081639dd |
C:\Users\Admin\Desktop\RedoFormat.exe
| MD5 | 1d174021c811080d75ac9cc87e209eb4 |
| SHA1 | 8ab2b9269c13f9d08ff8bd754761b183de54db31 |
| SHA256 | da3f4bc000df1a90e8e5de20c8b7ed34649b04ce9b3bafe1489680c7de799f5e |
| SHA512 | 708263ad1ca98f48946a02cf67efd8656ccc6dc3b2e307d8dff26edfdfb450ef24f5b5a99f58827bf265e946dc63d3fa5a2b75bb7f1473aa57c83e2c65d2d6b2 |
C:\Users\Admin\Desktop\GrantResolve.rmi
| MD5 | 5b971b43199bc97885308220511ac2aa |
| SHA1 | 55b639e9cbae01a92a0e81abebfbd333701d8c0e |
| SHA256 | 4a52d69c1b220cdbda075be145abf14ff02dfa36b62c86f5d8cb6c91b920ddfe |
| SHA512 | 869a0ceafe08fcf3ec35e75562785a3832cb313c32693bef792b74f9ea305ff8761f241fdca59fcf6a0b1cc41572881f6d1ec43409e4d14af6b072a1eb6710d9 |
C:\Users\Admin\Desktop\ExportSelect.m4v
| MD5 | 1ce62e49ae99ddd3cc98226d239f91b8 |
| SHA1 | 535e5fb4f6e2cc9676811b08877593ff8a2667eb |
| SHA256 | adf6259d1cafff65fefb4138975a075aca364a85b0a41ad92697951075078701 |
| SHA512 | a0ae7c16efc5419e363b2446cd7f80129051be3ccf9acb05a17d0ff7a2db721118fec1ab8a9443a3c365a4f0d60b7d61d9944533e45254c4882e7e0caed5072d |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | a62f85ded507d9e3b6201ce2026832d2 |
| SHA1 | e56e290431ab577db73c9d92da8463c765ed274c |
| SHA256 | 97cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0 |
| SHA512 | 387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 6f7965131b5e962a9635819f96160aa1 |
| SHA1 | aa2a5ec1bb2339db835982980aaa5373be687359 |
| SHA256 | e7f9942bdf76a6e7c4c4b1b5ad49ab1b8f597a2a00dbd0661cf1f87facecbea4 |
| SHA512 | 7b9f49699eb98382256c6585ab8a00faa567c5d9abdd1f9c7869716a5081a6ef7c49b527451be05f1c05586a861cfb983b869d055341b780d5890b7389dcace2 |
\??\pipe\crashpad_4120_PYCWTBLCMMYKHMZL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a5685176689e5490293d92573f780e4f |
| SHA1 | 9a133c6c9569ccb3fe7de71708e63506051a6afc |
| SHA256 | 60032f58fae23de41ef4407a612db65d73f84a604d5875e17012b2bb492002c3 |
| SHA512 | 9cda2da99987bf63890f225bfe0a29a8e0a949b4f12b28d964ab90f057a3e6b5ba8fad2c227feafdec44d40ffd9f9af8b5d742fa989ad184adaab98824ee1806 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb3b0a89cc6dde5d0941c43d28f10398 |
| SHA1 | 10fd7bc6906556470374c61857d1c8fc696b8bce |
| SHA256 | fd08fb386a34757658eda09f6cc8f38716a6d9e8da9e6f70f16e8443ce63e41a |
| SHA512 | ac44c34187520294119c3079ce805ce3f5dfea3f6542e9fc0c55065fef43a006ac3560ca0fa4ccd082e5503cf4f4f937890857dbef39af9045572cdf9d02493c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2883263e1cefac34a12308e289548381 |
| SHA1 | ba0f123131000853605214c5711bcc876dd715ec |
| SHA256 | 5908381d92342b665a775c9eae8463cb2e3be18f19297cfcb97721405d80cb1b |
| SHA512 | 4801ad3838ce3d2d47ccb32ec7c356ea0f4d39b9b7bfbb60cfb7f446cfa21f82301081cc3869b0317fde10919b2d488f918e3bbc3fbf01a9e0afd7eae947170c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b1e7350378d87f1ae173e466346c7e3a |
| SHA1 | 733b21dc194190945f31b0c1099d8e56fbf71b76 |
| SHA256 | 613a542b0a0357d3fc65bcad971e759d0f7d8fe0fc45331e86d4ceffcff7b3d4 |
| SHA512 | 9cfa676c71ad91c01597beeb273fa715008ae0ed8f44a5e5454b3f5f64a08a0ac9434b989049f00de501afaa173f3c26e19b1f172436eb744eb19be115faf172 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5898ef.TMP
| MD5 | 087bc06b695288bd6a61f8b640f5c636 |
| SHA1 | 616dd9810e04e470289719fef0f66dbccc27c70e |
| SHA256 | 550a159cac837a3ded20ef28463b79c5599a20278c3d5a851b335d58ef8804f9 |
| SHA512 | 10b15107a74c7ac3898e8e37b1a04a339a2d9360ce528c80a075bed51665b14046db11b484253df2b39533b4a5c2258040da1f16429664b5245004e2b46a1162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d472b079d9f7f8f848b5cc2d25e3d466 |
| SHA1 | 70c6d04206f1686907a6230495ad223f2042e49f |
| SHA256 | 32f642540294f0081f424d5d604901d158c361734e35de03dcc407250f68ff95 |
| SHA512 | 2a1736b48adecd4cb6d9c3c277bee578166a84efbdb6ddf6346d77aacf897cbebc8f63f1216d7d5e84c991da51b4e46e173172e9fcbca3a83b74248bf4d6aa10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91d4f68c57a54d09aa032220f3058d66 |
| SHA1 | d0c5c72148fe5cb618d1a3059f125c2e67907154 |
| SHA256 | b889b529755ad66ca3520698a9e50ba0b6a2dd4538c7167bbbaec61281d6a681 |
| SHA512 | 8586a7c5e246861ed20cf03306cd16f71e68dc29f23a219a6ee2489796635319a68d4fd6a228ecce645e77112a344d35d3044a8418fbf262403b9c78f3521256 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |