f372c5b6992032699ef6c66177131e6aecd62431cbca53fc9c2daaaae7650199

Resubmissions

26/01/2024, 19:55

240126-ynh2caegar 1

26/01/2024, 19:53

26/01/2024, 19:52

26/01/2024, 19:49

26/01/2024, 19:46

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BLANDITIIS6.html
Size

40KB
MD5

0a940d1bfa4b0834a4f2af9080578372
SHA1

f4e05a2b419d4caca71747dd174fc77d04821994
SHA256

f372c5b6992032699ef6c66177131e6aecd62431cbca53fc9c2daaaae7650199
SHA512

1532d9cdbeeedc98eddad3b878dbb98b5b506013c353619cee9020cb7f1e954521375277d7daac76d6eb642ea5180b942bd88f02cb72e639c46677335f654aa9
SSDEEP

768:MBL+oAZizxCmaptUR6lUYWGLYrpVKS+3xVvMFD/ajVmUZPIzN:k+oA0zxCmapioerpVKr3PGIVmUGzN

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
26	1536	powershell.exe
56	1856	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5068	ipconfig.exe
416	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133507723594253249"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
1536	powershell.exe
1536	powershell.exe
1536	powershell.exe
1856	powershell.exe
1856	powershell.exe
1856	powershell.exe
3672	chrome.exe
3672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
396	chrome.exe
396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeDebugPrivilege	1536	powershell.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 1444	396	chrome.exe	85
PID 396 wrote to memory of 1444	396	chrome.exe	85
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 3136	396	chrome.exe	89
PID 396 wrote to memory of 1548	396	chrome.exe	90
PID 396 wrote to memory of 1548	396	chrome.exe	90
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91
PID 396 wrote to memory of 4412	396	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\BLANDITIIS6.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0e699758,0x7ffb0e699768,0x7ffb0e699778
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 --field-trial-handle=1908,i,1006509366319150601,11126764240009167757,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1500

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1536
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /flushdns
  2⤵
  - Gathers network information
  PID:5068

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1856
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /flushdns
  2⤵
  - Gathers network information
  PID:416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
702B

MD5
f5c3e7950fe01eeff9255b7d2d53b305

SHA1
c937d3c824d6ed84772eefc61a08a719965ebaec

SHA256
058641310464b5e16022f2bd9f2345542a4a30788649c8688e378abfcd89af6c

SHA512
7c15eb96e7ef19a8457fa2d6840f349f042905ac87e2d83a05bc17500cc90156cc815651f3928187939aac245a97ad1fce6b27b632165c576e3aa1cbac23a77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2b2b3e04abd6dda76fe1c39049c13981

SHA1
f7a64277a221ddec6aa0311a7264d192236e1ad7

SHA256
f4d569b57931813194ed422a240ad76de839b48238f9ad89a36b28a5963ec7cd

SHA512
32a72342e0ab4f07268829ef18b36b910cbafd10cde1edaf4afcf28ab48cbe4d2d2429622809985803fa4794b5d1ee092c7070b14f8f05f4973e851e0c354aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0117589c54bf275f295e9cd7cdb368d3

SHA1
d1450776d169d02d1e1d41b9c87a9dc5c25abc88

SHA256
7f5e1348b203c5f3de5dddba9810ce31e09855911cd39f740c6be1d86f04d760

SHA512
3f588e16ae4d429f03751dfaa9c3a1d74fe5de49a306edd4b8e0cdec6f506edba5468c15d9b9e31b1aa751fd45ab66ec38783d75e4b013d84827ff05f3e7ebfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
15008023c37dd300754c72d168a2d8a2

SHA1
3e05cfdb3d18ee770239937888814a8b86b06c69

SHA256
5fe9e1614e587cdc48763c29ac66246dffe79f6feed1a93954d1513e4d2c1e7d

SHA512
0ea1e172e802c221131cd232fa7d531a2c4077e1bd93f923f5627b6e638f05a1818d86fe82ae061845210459ccbbaafd0d77d957d5048f87a6364b0bc83aedd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
bfd959cd17c30bb6cb2b59eba7c53d75

SHA1
0c959610d064ee53457bc99d63dc782e814d46df

SHA256
726a2638c78dfc58c0ae63750f78e331c27a003d580e23c1042158fe4d129f13

SHA512
e66dc2c984eaf421ba5612dd7a59818c12279aa8cd894c931b4e821556255fdad7050c2b0eab1cca7e6617c192ed305b9be8b7d881326ae542eb1c1411c6643c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
13f7c87ef935a50d0805c6d1dcb2e821

SHA1
35cf8689bb1166fe33641600da694b279abae179

SHA256
f376d64106e913f9bbc6c9f57777da61348549d924969ce609c376ceaf78d619

SHA512
fb6b407a8d75b672d94ca03853dbc6cf25b722a450074346753ffa5a4862e95dd028c22abc60b29d96087f43639c4d185ee1ec1bf890ad65594cbbcc7c36804d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
3KB

MD5
66a2562aa141b3a08a84646f941ea4c5

SHA1
8ff8650002aa9c73fe1cc7c4f17b3f45677afbec

SHA256
9f84f0482701287673b39e92e5d07d770f8caba86325124fd8f25afbe0b04ee4

SHA512
368f879db8f770a6cd8f5bb9a66eb63be676702d927df60853d8420847fb69d341f4a8b1492b16c4d049da1dec56735cd43757b9502469fefc121f5b8ce955b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u54owebh.gap.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

Filesize
352B

MD5
d8c27b5afd98f840d7a6181d72a62f41

SHA1
9dad58054096b2f91b781049bbbd74c6c4744713

SHA256
640d7055cdcc3ea78d0360f434827c65ea39661f9b102fb5c727821658dad0ab

SHA512
b1a0bdfa5babb12653afb141cfaf846af6c11d8e05989ed608ea7f9f329abf34e6a79f25e3a66ec6bb614f22b0e8448772fd378bf2d3833456a17e98514950dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
5KB

MD5
6fe06639327be720356e109f0d90a595

SHA1
a70f500f67b33b572fee00259668d21ff7012f44

SHA256
d407b436c6fe807fe3ee932fb22dfe9df159c9db7d3f028568eccce38d5ef325

SHA512
0f39412a39a75282ceb30a38308523c418f2f0072f0981d9c31538f2b819b3e116bba257e93b3363af4f7067de3b3e4b47ae8c1e4aa5d1689dccc1bcd04628af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
5KB

MD5
57e882b5b718e0e23223d672d171d53d

SHA1
f1593eef625ce214ecf3514bb06a6a4d3225fdfd

SHA256
2056743d60703f26f0b5aca0acdc6b1151b61e98d14b299991da90548970bf44

SHA512
02259515b8af6aee2b436e1bd39310377273850c1d05051b2b573b2ee0841aa1277969adc3fe3c424d2f1bbe35e49a66ac761a396033abfe50b17a962cd903ee

Download Submit
memory/1536-62-0x00007FFAFA630000-0x00007FFAFB0F1000-memory.dmp

Filesize
10.8MB

Download
memory/1536-49-0x000001B9368F0000-0x000001B936900000-memory.dmp

Filesize
64KB

Download
memory/1536-51-0x000001B936EA0000-0x000001B936F16000-memory.dmp

Filesize
472KB

Download
memory/1536-42-0x000001B936890000-0x000001B9368B2000-memory.dmp

Filesize
136KB

Download
memory/1536-47-0x00007FFAFA630000-0x00007FFAFB0F1000-memory.dmp

Filesize
10.8MB

Download
memory/1536-48-0x000001B9368F0000-0x000001B936900000-memory.dmp

Filesize
64KB

Download
memory/1536-50-0x000001B936DD0000-0x000001B936E14000-memory.dmp

Filesize
272KB

Download
memory/1536-56-0x000001B9368F0000-0x000001B936900000-memory.dmp

Filesize
64KB

Download
memory/1856-85-0x00000212A80B0000-0x00000212A80C0000-memory.dmp

Filesize
64KB

Download
memory/1856-83-0x00000212A80B0000-0x00000212A80C0000-memory.dmp

Filesize
64KB

Download
memory/1856-103-0x00000212A80B0000-0x00000212A80C0000-memory.dmp

Filesize
64KB

Download
memory/1856-104-0x00007FFAFA630000-0x00007FFAFB0F1000-memory.dmp

Filesize
10.8MB

Download
memory/1856-82-0x00000212A80B0000-0x00000212A80C0000-memory.dmp

Filesize
64KB

Download
memory/1856-77-0x00007FFAFA630000-0x00007FFAFB0F1000-memory.dmp

Filesize
10.8MB

Download