64ef1ad529910b2fcb07dc3064d79a688b6237cda97b68074cdab1ea2a3024c6

Analysis

max time kernel
0s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.msi
Size

4.6MB
MD5

d71f1c7acb3a6956566b882cad135f86
SHA1

60dce95145ab22b64e73586cf52a8f2e2e8a2e2e
SHA256

64ef1ad529910b2fcb07dc3064d79a688b6237cda97b68074cdab1ea2a3024c6
SHA512

e8817f195324e8caea888ddd68d90d4f5a12c80daa4de1963f11b8862e3c3ea25fa097a75c0a43ebfaf3d8e098b9e6f570dd066b4d9ac7074234f745df432a7c
SSDEEP

49152:26QFBeWK9YwPhH9D+g5jvum36W547vM9kgMV3NSmzoDWM5LnbE53ChpP9gY0dB0l:2VmD+nmq3AW+mP0a9H23Xs6

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1996	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1996	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	msiexec.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Setup.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1996

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:5080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 13A0AF227F92B801D29A5B0A872354F0 C
  2⤵
  PID:3184
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4148
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9B5732AF98A442DACC01AB51E046F90D E Global\MSI0000
  2⤵
  PID:4384
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss3651.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msi363F.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr3640.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr3641.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5448
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CFD8908DC8EB629F045D8EA553CD2396
  2⤵
  PID:4704
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss8482.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msi846F.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr8470.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr8471.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5072
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss861E.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msi861B.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr861C.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr861D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:3304
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --load-extension="C:\apps-helper" --no-startup-window
      4⤵
      PID:5192
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:8
        5⤵
        
        PID:5436
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3260 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:8
        5⤵
        
        PID:5664
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3448 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:1
        5⤵
        
        PID:5708
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3960 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:8
        5⤵
        
        PID:5840
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3256 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:8
        5⤵
        
        PID:5980
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:8
        5⤵
        
        PID:5800
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:8
        5⤵
        
        PID:5384
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1912,i,43623023471607467,6513459406150774698,131072 /prefetch:2
        5⤵
        
        PID:5364
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss82A7.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msi8295.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr8296.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr8297.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:1692
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pssDE66.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msiDE63.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scrDE64.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scrDE65.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:4508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" --load-extension="C:\apps-helper" --no-startup-window
      4⤵
      PID:4876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 /prefetch:8
        5⤵
        
        PID:1332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3792 /prefetch:8
        5⤵
        
        PID:508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 /prefetch:8
        5⤵
        
        PID:6068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
        5⤵
        
        PID:2388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3132 /prefetch:8
        5⤵
        
        PID:624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
        5⤵
        
        PID:4716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13462708983543795906,15118223202492652074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        5⤵
        
        PID:3760
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pssD824.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msiD811.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scrD812.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scrD813.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:5904
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pssD6A7.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msiD6A4.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scrD6A5.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scrD6A6.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    PID:4380
- C:\Users\Admin\AppData\Local\Temp\browser.data
  "C:\Users\Admin\AppData\Local\Temp\\browser.data" --system-level
  2⤵
  PID:5656
- - C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\CHROME.PACKED.7Z" --system-level
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      PID:5404
  - - C:\Program Files\Artificius\Application\artificius.exe
      "C:\Program Files\Artificius\Application\artificius.exe" --from-installer
      4⤵
      PID:3136
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Artificius\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Artificius\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Artificius --annotation=ver=121.0.6159.0 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffc86a18710,0x7ffc86a1871c,0x7ffc86a18728
        5⤵
        
        PID:5932
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1960 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:2
        5⤵
        
        PID:5896
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3632 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:1
        5⤵
        
        PID:5612
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3740 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:1
        5⤵
        
        PID:5176
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=renderer --no-pre-read-main-dll --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=2832 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:2112
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2100 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:6044
    - - C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe
        
        "C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
        5⤵
        
        PID:4936
      - C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe
        
        "C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Artificius\Application\master_preferences" --create-shortcuts=1 --install-level=0
        6⤵
        
        PID:4128
      - C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe
        
        "C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Artificius --annotation=ver=121.0.6159.0 --initial-client-data=0x1e4,0x220,0x224,0x1e0,0x228,0x7ff7cfb435a0,0x7ff7cfb435ac,0x7ff7cfb435b8
        6⤵
        
        PID:2360
    - - C:\Program Files\Artificius\Application\artificius.exe
        
        "C:\Program Files\Artificius\Application\artificius.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4576 --field-trial-handle=1964,i,7422736287770960746,9171249586045497179,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:2272

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:320

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss73AD.ps1" -propFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\msi739B.txt" -scriptFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr73AB.ps1" -scriptArgsFile "C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr73AC.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
1⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7b499758,0x7ffc7b499768,0x7ffc7b499778
1⤵
PID:5208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc784046f8,0x7ffc78404708,0x7ffc78404718
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Artificius --annotation=ver=121.0.6159.0 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6225e35a0,0x7ff6225e35ac,0x7ff6225e35b8
1⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\CR_DE7E0.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Artificius --annotation=ver=121.0.6159.0 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6225e35a0,0x7ff6225e35ac,0x7ff6225e35b8
1⤵
PID:6080

C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe
"C:\Program Files\Artificius\Application\121.0.6159.0\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --annotation=plat=Win64 --annotation=prod=Artificius --annotation=ver=121.0.6159.0 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7cfb435a0,0x7ff7cfb435ac,0x7ff7cfb435b8
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss73AD.ps1

Filesize
35KB

MD5
e65492603e81bc831f0389106f652f38

SHA1
fe2203801ace9e4cb005631b50cf9da8802feb55

SHA256
73cef892a3dd894af2b7a9a94f4fbbc63a316cf52dd5dd98cb53331446a32d60

SHA512
ca7cc29dfa51a526e14a6d93abc4d55268551a74240796c27ef4e3284397300629aa109fac7a76130a672159f261abe8f548d5ed0c34a0a393e75029acb24370

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss82A7.ps1

Filesize
35KB

MD5
1464346864241668dc4d38b37cc04de1

SHA1
6dd3f150792bff74627402918c027b52ff0b18eb

SHA256
f57ac9c30b86719923f3ade8c3ddc31f43a1174923916ea55348b162485a6dfb

SHA512
64d53bb0171b244f52db7977adf3b276fd98e5900d1393ff470509ec70ed76caca01e7c5de1f0de710cb38205fd321ce3af274660268234bd16c24dee2d758f8

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss8482.ps1

Filesize
35KB

MD5
d9a16c61b53866f7541ed9ded8575417

SHA1
646336847a3a4eeb4ca442508c1ec1c3479fdc94

SHA256
6eab4e7899c52d501800f57ab9a7957bae629375d402efa18f42e973e12588c7

SHA512
60e4ba64c632f6898ce259095c8dbf05f8527aba86c71c6069f2bcae650860b0056f493396f9997796d77c01d631fb62b4a6fe97ac2ad3049b01f2b22c55de88

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pss861E.ps1

Filesize
35KB

MD5
9fe63c5e89b7f91552146b86c9dbda6c

SHA1
70b6bd3f0b0eed406af8d5b112b91fed749214c1

SHA256
4dcbd73ad4c92ba9ae0be4cbef807568730b1348c949777203287f4ae5fc75e7

SHA512
9deb0d5795ce4b17e1ef4e96764c462dc50ad0221a75af8489a6e0127f6320a65a841f853f267ad217231fb68909942e58a953ce50d4a71beb881abfa5a74ce0

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\pssDE66.ps1

Filesize
35KB

MD5
9ad634c14f142fcaefb7844e695a06ee

SHA1
92433a20b4526ee605cc08c7f9bfb417372a33aa

SHA256
844a1ea23c80814327b970ed1cf35bbb7ae75bfcc2c5f7eda4e53390ef32cee3

SHA512
0e777329fbe36cb507c3473951f69a2698d42b0cea2aae51cc79a071ada3b71a69e8174b7857641b10cd8d3e4e4856a931d440964bf426c84956a448c445b1f4

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr73AB.ps1

Filesize
30KB

MD5
536a20f3c49ca504da49f37322e3d2b4

SHA1
270f5062379fd5f06cdb57cf38cfb59818b00998

SHA256
cd9e20c6093421991b0db036307801cf39b99b1c99af4790fa7eb3b38c044734

SHA512
9d962cd1ac9f41f482ec8552e50e6c10f2303d8cfc28079a6bafaeb4746fd7f6a50cd4839817090ef0b3b103206f77cb5532db6347a0e3ebcc6123592432738d

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr8296.ps1

Filesize
29KB

MD5
b961debc19f07ad7400787c4a5f9db04

SHA1
0888b0ed87ae687825f2c46ac9030b8e9c56c120

SHA256
854a6e7edd02447736bd1a340ba1a9094af8d0d8eb57808bf125f29e965769c7

SHA512
2ee07e489481d99e452810c02eeab5f04394f7a41b388a39794a8843b08d0a48020b163d617341d6555f7d7a8222c3c9eb5346b9332b6e07a0d5078a62f5c5f2

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr8470.ps1

Filesize
30KB

MD5
e5ff34c7f167aa421de7ccaa52525433

SHA1
a4711f6eecaf222927112ac30942c5e46372e7e1

SHA256
c3a9a1e8ee9e5e71ba0dedb74f7f2ce2c0e04646542a2066fbcdee36af68b879

SHA512
5988bc66eb4a2c77d5d6f1e7dfb6cb8da8f96b7101af19ba6ae71d9d6c53da791197cb8b4620c73883bcbf65b3c3d2be0461b26a270ecd8b0e0a1008253068c8

Download Submit
C:\Program Files (x86)\Artificius Browser Solutions\Artificius Browser\scr861C.ps1

Filesize
32KB

MD5
f7bdba6ba8b7847731b2e77124c5c1de

SHA1
1df6d50f60964f52aa2972d6efbea3f4ea46dcf1

SHA256
4dfa8a384bfc38a1be1fc6cf3308d0d498c912d878892eead831f95f35bbfb81

SHA512
7479e01c6b4f4e5f9ae20e74f019d2255720d10d18f035d748a77a073c6e113af7aa9eae92559d3798605aa2ca57b4da270309f9054123f36f4e63c9db2230ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

Filesize
1KB

MD5
79129595bfa92dc453e4f4ba934bcd56

SHA1
d614e91c8f8131a88d28252a3d69fe9030d30394

SHA256
554ac8826cee3d3b80792e01832f65e2abde6116c67187365404321ea78dbd7b

SHA512
2aad9210709875483b8b3dc029cb378d16523433ba4dc6a3f915ced3ae26ba2054e108d7249ecbc16e667f3c66fac0910f23444ff3f53cf4a111e983bec4c0d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_A9CA4191D05D34A8E11E01F09820AAAF

Filesize
1KB

MD5
c8b08bb37158582baef39d85a035c8fd

SHA1
acdcaed9ea6cddc67e8f3e7f2f93f362573a1dce

SHA256
a61a9fdcdb7378f0b98395524d36cef7e0e44a6384eaa28cde6203f15679ab34

SHA512
49bfd48208ec3a6910c124d81b6f66105edd8bc8b5512cebbe6c22692f2500acbe643b696ae98b56f3a3fda3c226c36fa2093ed2f2be8f628985e908eb7326b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

Filesize
532B

MD5
29b76f2d913b6ebde7a4366a715363f0

SHA1
27953d9563cc864a9abbecb1bd205dc45764552a

SHA256
66432e9f08eeea754a59d6c623d408849fc36f25ceba905531719bd6e785bc07

SHA512
b12c2ec00bbc7ac2a5d1c7479e2593b2fbafed911ae0f18e602bf462f90f58f65e1c304e680694b5a876cca13d32fa491e3afa5c61cfad2dcf233354e35faf1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_A9CA4191D05D34A8E11E01F09820AAAF

Filesize
540B

MD5
aeea35d0d5d9000ccd8e94b6e9c8f0a8

SHA1
c6007a78ff9c0cb5adb46a5abf524c41fb374b17

SHA256
017c920e8b09165b97f4d7fdfc31cee16eac9ee8abdd6f4e28dd928572500284

SHA512
c959530cb3229f9ecce4771b593d70873c7388006b001c527291e40d53f99286f9de09d99e1acd84e61ef2628e8fead120fe16df3a3f893ddfa1e7bd1379bacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c02f16d628ac4d3a0dcaf79d7ca2fff

SHA1
35a19d9e2cabdd539df84e6da3b8395e4969e9b1

SHA256
4295c69f85bd7681b8f06c9216c83d26ffc0952c95eee0b5ca99ff8409a3a6ba

SHA512
7ad90b527c6acd573184fecb99196f20a458469ce2eddbfb6d85c89dcd987567c5accf814ed1474aeaa7722ffa2165dd59816793f9b55a22a06e429b36b045e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
556084f2c6d459c116a69d6fedcc4105

SHA1
633e89b9a1e77942d822d14de6708430a3944dbc

SHA256
88cc4f40f0eb08ff5c487d6db341b046cc63b22534980aca66a9f8480692f3a8

SHA512
0f6557027b098e45556af93e0be1db9a49c6416dc4afcff2cc2135a8a1ad4f1cf7185541ddbe6c768aefaf2c1a8e52d5282a538d15822d19932f22316edd283e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a45826ad526066cdc9d691fda67c55cf

SHA1
13b64764f5de1ec4471ea80f67cac62f0e1717ba

SHA256
b3153ecd9b855743f2d8d95f7e1363a66a59a088e0509dae3f647d590ee9c0a6

SHA512
67c2564b4fdb81b285ccf38e032bea3968d6b83515289286a6db9495af831c56c8eb5b03e27386934500e0185ac51300acdcb25dde27b86aa9efd481d7202e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
27KB

MD5
b2d0ea72dce710858441c32151fbcf96

SHA1
3c484b15461c9e234d9287f597fa8b9cbb64f2b7

SHA256
e81a2dec99374a35693a366637d00588e1dd3a80e7c7cf8f036bb02c240c8b12

SHA512
8b548fca91ce42e6618c0ce049109af2bb6edb477fbae4d9ff4d16f9137f122f30877653462e96634b837881fd949fe291c50a3414e5707ed06b981053456833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
57d18b6bc174657e81cc00c66d99a357

SHA1
6ddfd126c4cfe92748df7e928d91c17bfb930778

SHA256
c06b2633fb5b3c8391bc761768cc407f841919971f54b1d669a7360104b5408c

SHA512
c4dcc52c3f12474e5fefa5daff9390be3e5fd3c5876e4d7d66faf53f082afda3f5bf112c2cca00d43d8a56793ec287fd0e859b4994598c578fe0b1764f7c7de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c20c06c7-4b62-40df-97c0-9e789216f725.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
60d7ece47adb57d735a3f128af8f3db3

SHA1
e417acd8391ac0b8233f0a9273c8e71a523c9abb

SHA256
ae994393e93d8a1fd44d49d7f2779bc87b71994be1761aa1948f24c2fd6e4dcd

SHA512
4426b3826b40183539ba517fcf91f0d85d9fa2dde5fa1228e9082fe0b329c371b411de3f507a0dca83c8345c44636526c1e74e01db1af51c501355cc448817fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ac3bf9756600f6c31a15240716e6e7c6

SHA1
521aa76b55f74cafd1b579933dc0fae439acb0f5

SHA256
f7bc65b2962543bb5165f2b1bb6b3390ed3b55801475b2fd7701129cc8a081fd

SHA512
96ae0dddaeadae05fed313707076af5d443d328d2ea8524aa283812591b615b596a0aab1d2918471aba59f5546cebca7521bd2003db63a24f548899bee5fa67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6b33cff2c64571ee8b1cf14f157f317f

SHA1
ae4426839f5e8c28e8ac6d09b5499d1deda33fd2

SHA256
0381f2b66fae947afa407755ca58105879f85411d9a78b99774059f982ee3619

SHA512
61110504890848c0f2cff028a9f726445d5d63221bade9d3e801527483d29f9730051b10bdd5fa4b454cb40af130989c1aca3a123b5fe7ae665f3ee18c4fa2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4CD8.tmp

Filesize
385KB

MD5
1accb1e148b5ec189cf031e019cb25be

SHA1
05ef3dc01b954c0c09307f9e2571e2931af8ad57

SHA256
15be51a55e10c3139099e584fc7d60df21651e8ca9e2390edcf9d671eee9d72b

SHA512
8242c1c628989c05a300731fb9411afabed1c1c3461184f34c963fe89d3b3315329bf3676075c3c8dbfc7f72fbdbeb272e2ec073283931f579f91812334c92bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4CD8.tmp

Filesize
94KB

MD5
39b71fe69be7f96b2fc9a4b9e325eeba

SHA1
302b372dc03415c6c62aa810e3477de8e0a7294a

SHA256
9c26f7d836f772c0fbae632c6843117872f57542a6c72f0dc9213d0000f6ab30

SHA512
3bdef81dc8c9412c50684119b35803a0aa0196ef7204db1ff060a989617fddfe99d8c39937bf9de7359cdf37e5d71b714d50d7799b11944bd65982faab87d3de

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4DE3.tmp

Filesize
621KB

MD5
3001c9ef692026fbd92ac2fe81edbb7f

SHA1
3390760aa7431ef3f467b3db51229f8bbb1aa318

SHA256
fc19e279371b71c1f4e46e094a1ccb671bcbbcf10213676468d4a37ab94d67bd

SHA512
9366cbf4baf15a59d754b73e61ab8ed0c88b8acaa1c5af073140beccceee1373d18d6a359a9206a00c8114cddae1b999d1067e763dde4dc1b2162b3ca5f1b8c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4DE3.tmp

Filesize
652KB

MD5
39d6d9b003548e87f75b9cd913ed6983

SHA1
5c6318f32678276c277c957746fbde08e2d9ddbf

SHA256
6fa3d91cb869115831f797b048896fcd8556f9671dbac8b39af5093c42398a2b

SHA512
adbb439bd283c9d69b0a9a311dae01c9c9bb3bbffaab9838a6e91beda8169b97df6d3bce118bf0a8a4a96508253643aae5eba89584381b3c0d6b5544688397ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4E52.tmp

Filesize
669KB

MD5
1df77a48d1b815ae402f6e170595ac89

SHA1
5326e7d74a19a59d0a2e54de81df7e93c71b9ba2

SHA256
ed3afa0bd8bbc73352ba8407a2d4042024ab0040d9ed3a918cffd46e6c1e4d2d

SHA512
825db1dec39e44a864e9e6aaa2e97640197bc9b973443f76ab9bcf3c7c6480bfbf0e757f3b7160084d192abe99b56f01f3f880c41a63318363dca0f81478f05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4E62.tmp

Filesize
738KB

MD5
b158d8d605571ea47a238df5ab43dfaa

SHA1
bb91ae1f2f7142b9099e3cc285f4f5b84de568e4

SHA256
ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504

SHA512
56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4E73.tmp

Filesize
525KB

MD5
769fd5d29e357b50af3fabf26437bc58

SHA1
674226518aa6ba59d6058c77b9d9e8483af9ccb2

SHA256
4845a8b3b205f47f480a8be68b7b0ea98e219d9d9ed90e883dc807a272913aed

SHA512
704b8e5315f3398f20e917357f9408af67d84163eb80bfde35d29084ceb074bda4e439d56b9a0ddc24fb5e02378a6df2e27f402d54420dab02035497734c835d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4E73.tmp

Filesize
611KB

MD5
ac026e5ad253beccb47959b9b851f748

SHA1
858022c65e7f0b20e879100d0861439384395055

SHA256
4b7a575fdbf33701adc9a327cfae0942f100b25b15be501293481ae666a2e948

SHA512
08faaa8aa467e35b77029c1915ff284710072607b0975cf70e764eea4cca66de803953183e43b1b200887a52bf5e757779616c14b26fb9b797b2e1b6ee3bc808

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F01.tmp

Filesize
601KB

MD5
aa2549123c1dc7a1f0e72b3e84fe8a84

SHA1
c4df3df089e7ba2b7a4205086669d8b8907e1cc4

SHA256
f94bc93d115e5ff1eb593c9b22e67150dfce6b572734f4ab16c9f6fccac4126d

SHA512
352d3d06b8cc7179f3bdb2af0ba117a8f79c14932b438b63bda36317298b60258a26dfca4c0ec1a752e19256d3a4d28c42896b155da9ba3cb600f5a89c0f4fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F01.tmp

Filesize
666KB

MD5
8fbb774d29638ff41d0d6d09f84947cd

SHA1
6a265b7ca6b772c057491359b84bc6a557fd4d32

SHA256
108e3dbf88182fb85cb1cb2503b9f7d1b4b822b80abc29dd3c86376b832e2efc

SHA512
137b215d9409d696cbed4092f837c44db7ae05d4ddb9a33467bc0974a2648fbe63e92731fc413ed12a15abcbd6629479cc988dc00b27c00cfd71f8d2edd614db

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F11.tmp

Filesize
662KB

MD5
ba46d1e610c3bb7e0974fddb1999b334

SHA1
1c30c16d116d892df91b2aa73a18a2fd864ea9c3

SHA256
a153a6389ce4aea8932ff2c16a8269c2656833ba470c89daba49834a57de27df

SHA512
5987a1bf30de3f924f904a5bca5fe9b36cfc43734c6a2e367aa9b374cd89d11a6d1cee73bfc96b3b4aa0691870bf0e8396d36902b3394ffbd76a6d3a5faf22bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F11.tmp

Filesize
524KB

MD5
b5e523864d0bd2e897d6fba8ba83e2cf

SHA1
3d7bcbaef3282764bbcce7c7aa8462a798381e69

SHA256
5195ca578bf713406b1cdaefb11d717bea05f3715b20ab170db44ff56ef15bd0

SHA512
8c99cd321f5ad0d1df32bddbb476c0b7b9d9d39cd7a866603db93d6141d1b91ea6b27aba17161a38824b230a4ca3842fb3277a4bd9f84a1794ae4467428a470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F22.tmp

Filesize
633KB

MD5
c28ccbb281d2b8525eebfe8853f3f380

SHA1
fdf49f13eaf30cb684085c70f1be87535495e8b4

SHA256
82e99cfa35a7cd221104d4b872411af7de283b68c593e6d6489995c3bd01e8ec

SHA512
d69a6b5a27d3c682655bed0fd0ce2f3cd7425443a4700c6217b5f5a652be1ea316b272b8ac975b3304e1da66e08f42f35e5a5c9c99d97ec6621b5fc1ef898554

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F22.tmp

Filesize
669KB

MD5
45c6e0ec7a6855c3063d7d8ab7f85e22

SHA1
7239f36fc58e1f49b1b0c560b423c693dcae4694

SHA256
dfbfaa30205176af0085f3e65e28a2c78406d5e38c90646aae2a6fd6c86d29a7

SHA512
2511a071aa057a39fd01d6b3059efaff366adf633ac71be2610b172cabd9df2edc7ec44d05190161dba6ca963a7f1bb921567f5d8db13a5f404ddc3b1557f249

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F32.tmp

Filesize
621KB

MD5
f9fc33ef81a8c436b75db2fffb4ad813

SHA1
25d71a738675408fb562c8c3f006db9ae574a9e4

SHA256
2d1281210741fb0166be65ade2a031721abfd730c304fcfda2956c949c8ef11b

SHA512
5d72a70a8c7a4c83fb568b4cfdcc447e2825beb4cfcf3a7a13a495fb43c958bb8ebf6fcddf965125c8d18bc95c896fd4165c31fa34679ab53226314290c45f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F32.tmp

Filesize
527KB

MD5
8fb3ae0ec9e8e6254060cee89f273fcb

SHA1
c1e909943852728a46a1bb324a7de3b831345f4b

SHA256
8f5942a50f2103081e8c292a7018005a63295c9f81b7c774adb9f5e75c1e12e1

SHA512
5ee7fe2b662ae9ea546db466f10f4f9e53ee7550b405ac0d4e4162b5bea0446c86382ad5b99bf577cd9436965a41f3f2be033c785a1a22d126bb4db5365f54a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F43.tmp

Filesize
657KB

MD5
3db19708ac3651f17a87ce9b39bde7de

SHA1
d3a7cdfae599eabe0275a84f441df11142dbeadf

SHA256
d453881bb98e4bc0290e7316abf17d3a4ec7ecbd46f03c52c0ca96e74843ce95

SHA512
dd980bf53fe1dbf25f8ec94968969fe0c0fea3346707ec8976fd04704707f777f4da1c2d5d5caa2e525f54b479db552f08353f026e97c37ba4195171c034ed92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F43.tmp

Filesize
566KB

MD5
7140cc786575f84cd665e3fb8c2c556b

SHA1
96ecc2b97a37b1e272c7c520e029b03cae72377b

SHA256
6b46e5db2440871da525c8f250079a0d8425675706205187fd1a262377ee6b19

SHA512
f294e9d198a2488f543d3cfd9e76dd0fc47f13478b24a2737973b2034f81424ce8fe0c74a4f30af1aad05e02cf64ca2755533c7dd1511378ae42d87d6b802ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2dxzywpi.550.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\config.txt

Filesize
265B

MD5
0307022210931a07195adda069054f1b

SHA1
59fe7c08429db52d4949cc27a104028e67f7eefe

SHA256
d97ad95f7811c38b424a28d3bef578287ca09e5c8c561d7c3b7742d88ef69006

SHA512
9d350f03b78f8e420a3d13f74488b6d43088e3f6b945db584d62629a401df852a07bdec7c27e0a3c23131e962b7746c5fef7588548af2e13acb07e520cf08bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4876_1024407230\CRX_INSTALL\manifest.json

Filesize
707B

MD5
f305d0389a674fecb517984b859910de

SHA1
a774c14bae2009612a3a9fa8fb3b90ea0c153ae7

SHA256
430a07840d4b827454a6284822b1a966ab972c3418937cac9aaae91e27ac43ac

SHA512
a4da8b6b324d930f0722217d5322bb48ca0d1c89b933f1c5e7e666bf20eb360f91d33b4856035eb6fe2aa51f7836caa0b0b7f320b3a82dbbc5372dfcbf83bd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4876_1024407230\CRX_INSTALL\web.js

Filesize
3KB

MD5
3b477f3bcc33448264b63998102a7ff6

SHA1
236cd82088c040e4c830f979ddbb0629f2b6d6f4

SHA256
7c76f42b653eff40ac1480ab4e6d79de399030975b17901e336626a0cb357142

SHA512
72f4d7349b14f0eff2d0e96be5cda066dfc2f448394dcb41762cbabfa05fbf23d210b89fbdf25d593fa1ceb0e9dbc24686acb1c371c0b2b3fce756232ac483ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5192_645852734\apps.crx

Filesize
11KB

MD5
c60ed723c1f82fb75b91e889a9b55d00

SHA1
6e3853812f54c9594ef921975f5970e72753abb9

SHA256
afa8687d27eb335b0dd3dacddf36de8c2846aae3c8c54871761302e1ab5949aa

SHA512
3c5a88e3b25fe9b0044765b82572413d7cc53a70d111d3e2d55a66c70ee939793ff4104d0cbb4f0d1a7521205b4e52b909b2841f98ad0e6d912d801e62b8a823

Download Submit
C:\Windows\Installer\MSI71C5.tmp

Filesize
91KB

MD5
fc0d0bc9a2d1309603db5609d49402ab

SHA1
265be7b84a1d4c8d7b90ade3914f2a0c98435f80

SHA256
0b584b97ae5386a02277fc42af6aebd2926c156d726f2e8f256c026d40d4aa8f

SHA512
ae3721b5aa5715720ee8bf2b049faecbd12e4e66f6f521e932019d91c038a1616950cd4f1d52b2dbad42910fce98afa97cde73ab7fc715def9872cb003e7d07e

Download Submit
C:\Windows\Installer\MSI7205.tmp

Filesize
698KB

MD5
2984b9cdf8bab0e73758c19377695ceb

SHA1
8f08ada42c00c163a3a801f1d6289b7b0b75c5e6

SHA256
1cf7d435c2131dc6d8ecab0cf18b0f4e44253a093d5cfdb5889879ae9281891f

SHA512
475018d1c046ea28e48562bfa911e72842876b7f4299eadcca8a28b444947490a35b3a2329d157ae7aa783e46f37260f6f5fde329ca1163e9fd0167c90f459c3

Download Submit
C:\Windows\Installer\MSI7216.tmp

Filesize
693KB

MD5
c659dc1a4bd028d022bd77df4af74b24

SHA1
b53292738e52fd5ab32ddb02f3919bae4a43c3b4

SHA256
c1e448946089b74bb8a6346081d2ca8fd1d7d12c1cf5797178d213dade4c80eb

SHA512
d630214e6a2ba6b00f61724a1f1da818b4ef6e006ca9d45c8201fbbab4871af2b846ade3f2ec0dd70b2b39fc7bcb497a8d0efcdebc503834a4c809b70f781700

Download Submit
C:\Windows\Installer\MSI7216.tmp

Filesize
467KB

MD5
47da7d7a57710a0cfdd4ce7e5c09ba60

SHA1
bb3e5e273e2cc2c95353187fff4cd142500d7651

SHA256
1340d97d0014dc55a945fa155742b3a0f667ed53b9012bbe0f16b56ddb3c882f

SHA512
55f0fc030003c7b28a200b6198078985f99be30c9819458c3acc78d177db598f04c7aedd1c84264287cc82a3039ad705ca2ad76fc78f1e629a7b5853eea658e9

Download Submit
C:\Windows\Installer\MSI7266.tmp

Filesize
215KB

MD5
e7e51805794e1a71c5e2bdd45f4ee5c9

SHA1
d178d4c1deb28018a180ac3a6182e923660e16f5

SHA256
f6216d72f4d9a7d46f3b878650b2f26982e4f05b8b5ce363a60c564159db781f

SHA512
5632ceae01b6aad3d806bcdf2bdaf40e487cb3dc48d83597429dc4e9c5867a878a87ca06c3a2e43e8fc532295b5b8efbb472bd07c33f6b6629e877e3392eb576

Download Submit
C:\Windows\Installer\MSI7352.tmp

Filesize
703KB

MD5
2ae0aeaee7871bdfc6d1f6e0935efcd4

SHA1
994b4d574bc1613d0967c7c51b2dc70ec022687b

SHA256
f21c221d2b37e66852e033d830d98ba2b02c1e381e55cbed8946d2028ceb12b3

SHA512
deb640f897c3cedef84e18b93be4557ef49cd013aa3bb1120a56aca4fdd5b8f4115b3e8af3f0784348bd99edf5fc9dff41230adc43431deabd756cc11040dd4a

Download Submit
C:\Windows\Installer\MSI7352.tmp

Filesize
565KB

MD5
ce03b57d470683756efc665c38777307

SHA1
8b7b648f723d0d90e022d7645070680ac7e7e313

SHA256
a8e8b64d7777bed39e1e495a4229fce9a99ee4ecca4e5e95446b59448712f37a

SHA512
9e291901ac7800e726c0ea7cc8cdea8266e4484704b3660d1142b7cce0a6a71a3156be1fe4a899c03671dc4471c7e106b57702305416d33cb4875e7b858c6eae

Download Submit
C:\Windows\Installer\MSI8248.tmp

Filesize
563KB

MD5
1b4dcc10ee9c8810d8d46bde80200eeb

SHA1
447ae3cedfcfdd690dce9abbf26176a37e066af2

SHA256
bcc1bbf8d4bbab18efc06a955bd56367722edf3e985f9025c3ce25c3ff3f958a

SHA512
5ef15cdbaa22d5ef10c4fb804a354b8fe8928f52d6b544fa73ba8ad0d2b61aff95310e07fe53d7fe5b1520e9d194ce0133ed1483c0238812cb10379e5e9dfd4e

Download Submit
C:\Windows\Installer\MSI840E.tmp

Filesize
438KB

MD5
b17a54dcec418420db61ef690f9bb25b

SHA1
bc2750e0f05c62a3e72362ba1a769a6bc4b257c3

SHA256
d90f4079b9ecd84d6cbb866ec54f84a766fd642f54dc1c8ac88c404d591ab316

SHA512
3262dd1d5ad9e5bda18a0c4e5f98425cfa6e675af34a749b802966b8877ee1fc3834cb8453230e45196166127f016c9496344fe0d3ef2cba5e979d7f8a11c30b

Download Submit
C:\Windows\Installer\MSI840E.tmp

Filesize
527KB

MD5
eb7bc680b4c01c420beb3d8019459433

SHA1
b0ddf17f4856884a1b131d3d1b9739070393bafb

SHA256
d450224645d848b6c69e5adfe20b0e3c83f8d6b1cc3228d174cac021ac46a53f

SHA512
cf69febf8a14c9891e2d9efe7d5b5c23596ced55c3fade00ce200e6f3e19d0858b3652f34812d19bd4fecc8102032216f8faa7a2aea851a12315cdf3cb73344a

Download Submit
C:\Windows\Installer\MSI840E.tmp

Filesize
502KB

MD5
f34a27c7c9bb41a8a6b7073276e5d1e4

SHA1
392a2e038abae8492f97b73e1782385cea460199

SHA256
a0f5314abd948fe72ada6ef5857f3e5ae50570db1616dd37a9f735e0fc0be6ca

SHA512
0051c670380ead9a7fd17340d063a1f123f3579b1c8922d89a1e146274c686827f399323f4a50e50f1a5d9dace07bcde80b4cdd51215959689ed57c77db2faa3

Download Submit
C:\Windows\Installer\MSI85A5.tmp

Filesize
526KB

MD5
f6b2a2a9abd088b09fa2b977d1016523

SHA1
920d0aa5b89c06f343a0bba37f1898353c1b75e6

SHA256
778884d26f04fea6d0c952ba12927612002a7f95f545751232a3a059e40accd5

SHA512
65c119fb52d75ce882255d3fc26f5a1ab23134103b0b889332fedd0dff5a38d9770f281cafbdfbf4f0a5bbca682f77a143be8fe6c0e0328a0c1d34eccc03ff23

Download Submit
C:\Windows\Installer\MSI85A5.tmp

Filesize
515KB

MD5
9168745c3737432c69b4057d7d6dc229

SHA1
71462902650d813316ca76bce0ac76fca3013bd4

SHA256
4d8f1c0749a554cef5c9d5a1e7aca0b7902e5b70f74f1005610956b550b63311

SHA512
c9a85ed46e2724027e62f0ed458643a3e16259903530ec0415b9e96f096b26f1df77ff7fab517a231d546d203505cb946a59a932c970f537fe8f81c7effd54e1

Download Submit
C:\apps-helper\manifest.json

Filesize
219B

MD5
8cb0aca2b1457ccdffe28f9843bed9f5

SHA1
dcff694b3f2eac4bca4a6b96f32026d1cad9fb83

SHA256
15db2b5b55e74489dd4ad623328fbc10022bde652c6099dd07d93f6263663c62

SHA512
07e99c3684c9952d1cd9ad42ba147b934023392b1abd2fd688c585505c197fef9eaa5804f6413d9be8217f6c66cfd3f09e05d1ace57230380c0f9b4ad333e670

Download Submit
memory/1692-174-0x000001ED6AF80000-0x000001ED6AF90000-memory.dmp

Filesize
64KB

Download
memory/1692-178-0x000001ED6AF80000-0x000001ED6AF90000-memory.dmp

Filesize
64KB

Download
memory/1692-181-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/1692-175-0x000001ED6AF80000-0x000001ED6AF90000-memory.dmp

Filesize
64KB

Download
memory/1692-173-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3304-226-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3304-310-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3304-227-0x00000250F35B0000-0x00000250F35C0000-memory.dmp

Filesize
64KB

Download
memory/3412-136-0x00000232FF340000-0x00000232FF362000-memory.dmp

Filesize
136KB

Download
memory/3412-149-0x0000023298380000-0x0000023298390000-memory.dmp

Filesize
64KB

Download
memory/3412-148-0x0000023298380000-0x0000023298390000-memory.dmp

Filesize
64KB

Download
memory/3412-146-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3412-155-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/4380-696-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/4380-697-0x0000015EB60D0000-0x0000015EB60E0000-memory.dmp

Filesize
64KB

Download
memory/4380-699-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/4508-328-0x0000019B633E0000-0x0000019B633F0000-memory.dmp

Filesize
64KB

Download
memory/4508-327-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/4508-446-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/4508-457-0x0000019B633E0000-0x0000019B633F0000-memory.dmp

Filesize
64KB

Download
memory/4508-460-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/4508-329-0x0000019B633E0000-0x0000019B633F0000-memory.dmp

Filesize
64KB

Download
memory/5072-201-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/5072-202-0x00000135EA5F0000-0x00000135EA600000-memory.dmp

Filesize
64KB

Download
memory/5072-203-0x00000135EA5F0000-0x00000135EA600000-memory.dmp

Filesize
64KB

Download
memory/5072-209-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/5448-478-0x0000020425720000-0x0000020425730000-memory.dmp

Filesize
64KB

Download
memory/5448-497-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/5448-477-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/5904-714-0x000001DE312A0000-0x000001DE312B0000-memory.dmp

Filesize
64KB

Download
memory/5904-713-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download
memory/5904-717-0x00007FFC85010000-0x00007FFC85AD1000-memory.dmp

Filesize
10.8MB

Download