Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3WindowsPow...m.psd1
windows7-x64
1WindowsPow...m.psd1
windows10-2004-x64
1WindowsPow...s.psd1
windows7-x64
1WindowsPow...s.psd1
windows10-2004-x64
1WindowsPow...s.psd1
windows7-x64
1WindowsPow...s.psd1
windows10-2004-x64
1WindowsPow...t.psd1
windows7-x64
1WindowsPow...t.psd1
windows10-2004-x64
1WindowsPow...at.xml
windows7-x64
1WindowsPow...at.xml
windows10-2004-x64
1WindowsPow...s.psd1
windows7-x64
1WindowsPow...s.psd1
windows10-2004-x64
1WindowsPow...t.psd1
windows7-x64
1WindowsPow...t.psd1
windows10-2004-x64
1WindowsPow...s.psd1
windows7-x64
1WindowsPow...s.psd1
windows10-2004-x64
1WindowsPow...s.psd1
windows7-x64
1WindowsPow...s.psd1
windows10-2004-x64
1WindowsPow...y.psd1
windows7-x64
1WindowsPow...y.psd1
windows10-2004-x64
1WindowsPow...y.psd1
windows7-x64
1WindowsPow...y.psd1
windows10-2004-x64
1WindowsPow...t.psd1
windows7-x64
1WindowsPow...t.psd1
windows10-2004-x64
1WindowsPow...at.xml
windows7-x64
1WindowsPow...at.xml
windows10-2004-x64
1WindowsPow...s.psd1
windows7-x64
1WindowsPow...s.psd1
windows10-2004-x64
1WindowsPow....cdxml
windows7-x64
3WindowsPow....cdxml
windows10-2004-x64
7WindowsPow....cdxml
windows7-x64
3WindowsPow....cdxml
windows10-2004-x64
7General
-
Target
WindowsPowerShell.zip
-
Size
2.9MB
-
Sample
240415-v5ll1sed3z
-
MD5
4beaf6b031c0c5207b19918913b57e0d
-
SHA1
c9856b91a671619302799d166875cfda119fb121
-
SHA256
0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b
-
SHA512
3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e
-
SSDEEP
49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1
Static task
static1
Behavioral task
behavioral1
Sample
WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.xml
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.xml
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1
Resource
win7-20240319-en
Behavioral task
behavioral14
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.xml
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1
Resource
win10v2004-20240412-en
Behavioral task
behavioral29
Sample
WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1
-
Size
3KB
-
MD5
01e30f6e7a7441f98b283907b4b3b2f0
-
SHA1
79b703be162acbc765602cbfc346d1c27b7177c7
-
SHA256
b0f9a266da3c2233160ed723ebf647581883984f9b960a8c59852455da9203e1
-
SHA512
6810ae8b44578c63454d9a08f6b8678abe2a7f3cf34c0b8aff7b982cfdd0488a651fc66d498a9119b4264f415a8506cb642c4107d62dfc41d3771889fe0a5f76
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1
-
Size
5KB
-
MD5
b6fb8c9e94187c19d30332d19d9454e6
-
SHA1
b5613fbea2aeb44db3e4e4b5f0c99ce3189c0a5c
-
SHA256
1e74df4fb9cadd8c0ab63c48789221aff0d9fb3ebeab8420410ebfad14571fd8
-
SHA512
d116a192892a0309df6950af99dd78bc61e34458637805e78f345dd9d68f853da84b5a6de4d9ec87624c66911bf4314740ca844297482dcff8ae245640411197
-
SSDEEP
96:t9PPKhxnT/uezmVgg9t5HcJ31VY7g92OINQeoDoXon:t9PCXnqezKgqLACfVWR
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1
-
Size
675B
-
MD5
8c667f4d468e3df1d7ababace768b9ee
-
SHA1
e9c54dab3216baf2abfe96a0732a208f063fb592
-
SHA256
3c59b91b00f9fe6cdf7cdef9265c7517ebe0c26f8cff70f3c5fc15e3bf7e67f0
-
SHA512
e83df56dc64de3eb5ccf2a9f40ca098baf9362d5989918fbd80203afed76189efb0a40e0f9d97d38606d8f965828e9631789d6673bdcf31fbe138a349d192694
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1
-
Size
455B
-
MD5
0431ce57285a9dad6afaca1d8a997906
-
SHA1
1f90a95728e4327daa84c4e798032687619c4a7a
-
SHA256
c13dac2037187b2fd18598e611137c5fd540050d5a85cedb44d06f05f1fbb852
-
SHA512
fdb27d503465656c3dedaa9ae9a455d339c5fac16aa7bd44754965be6dfe54c73a952bb4a7f48f209bc8d7d46b307e3eac82fcfd173baadcee69c95d79602f52
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.ps1xml
-
Size
3KB
-
MD5
7c5d2125dc6ff83578160e2411f3e50c
-
SHA1
d889cc3c474624572024c4be39ad25acdb893551
-
SHA256
0b5b8eecd3e4d9b12ab98fd98dd9551d27dd01fdadf5f118f1ef52834d483281
-
SHA512
00064a1bb36a7b3cb17df8a385e055ea2d8e2d4cef7e04a7ce454039c08359b98ea6e00571b347e723d2e7844a047e5bae16e61037b86aa9b747fb4322a89c5d
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1
-
Size
1KB
-
MD5
c69d3853e5bce7c695c5bd37ba96d699
-
SHA1
6a79df1e70dbad4a0aa971823f85206a8d5faf8c
-
SHA256
cda4e020d5a53973f1290db25cad7e2cb746993d4fd12a68431db54681afd0cc
-
SHA512
524ec61d1056a98a3b4436b045d097988cb7723d0441e5721c1136f83c5240be233633e9fc1bf74dfc080a4d7e6c5198709ea76f2bf00dfa7c49be8a1639bf73
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1
-
Size
2KB
-
MD5
90741a929966119be0d0c9b7f66c0b6c
-
SHA1
ab3cc5cbabab4c3e02536c2ca6910036597e6a10
-
SHA256
91ea580e6bbc54148eadac5e8018f6e6edfd04bcd3cf07489a9028fdeea948a0
-
SHA512
8af83f14a6bd1b22a10109fa818c13079ca89c78ed560d678d7431ae2a82c3235b955c5cff0018bb5de33b6aabfd11d661f32ff67d4fb7edac5a5574b0996c00
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1
-
Size
5KB
-
MD5
e7b7d304f901913db03ec8a2c66928f7
-
SHA1
0eca57a45b2002d645d9ab9413db90aeea49e5eb
-
SHA256
0772d101921bb12f7d7a07f5fa795a04dacebb1bec33111f89b2d2f1740ea8c3
-
SHA512
d6d73a910ecd622486b4f742bffe558458db217d0c802c493fd48dab02b27fb86852303a27131392aca67fa366088a0975e01f33f47f5596ae32237a4f4f7470
-
SSDEEP
48:9cw9b0HIfb2eVccuVXsWd9VOieYcxbYojfAW4x49HkVFgL5B2Q+zQHxLuIF5l+z9:9cGb0gLdhRfAR+KVFc5wv4xLuIF5gmQ5
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1
-
Size
11KB
-
MD5
45cb52ef9a4f8cbad6a4e389401c7af9
-
SHA1
b54c3c07d92c06cbab719d09ede588c05097ace7
-
SHA256
304a315267c0cef24839966b51d7e76019f62253dc50f0fc5c0279227094f614
-
SHA512
d9f07d0b4b4d804bf27aab7ebb6969bcb6de5f2ca1debc4a9b1bc950a6f5916ff02a5eaafb562237ef2875e1201e8478e452ab6d1363384d61fa5525e0c196f3
-
SSDEEP
192:sEaN1boLnAAsnNRjS/PxqhQXAOQBdOOH0UQcatN/Noeqi/Nv+I/N/866/:6N5TA46RZY1n764
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1
-
Size
776B
-
MD5
f4ab6d4a6c93a1add7b46c8edb9ec06d
-
SHA1
e630af88fbc6698fb8474d01fad05c42551444b6
-
SHA256
fa7150089e8a67a0aad27cd324d119b9778ccbead6242397780c5d5077246d30
-
SHA512
425e4bad8f6219414db677e0c51bba4df67de647919f2d5b400d941b0c7d96c2020f4058ad95abda5727620959f310a5d37067ade302620d11dfa9594bde42ae
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1
-
Size
2KB
-
MD5
6b0dfc59faf81fe3af64848aee309c4e
-
SHA1
1f469f4637fdb4f8c1b42f83d7b8135c1ee505b1
-
SHA256
c09df190addc67f7c6c38e7ea1dca719fd87807107f688c3f60ed8816e1c48a6
-
SHA512
173fd9b7ec3876fc06e680a95c6e762803e91cfb628dd0942ef38dc2fbba7603b7a504dde1b28f57e81adc0d614317c92e4a75bccbb24f1ec75a371a9884af7f
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1
-
Size
785B
-
MD5
651b3b06114705c88b92a8cd6a978526
-
SHA1
7d8e3d2f9b91e44a98b879e79cd55fb68c14a545
-
SHA256
96973a7f69c967fe665cde9ef7b82423f34ad5248f2fd35f88d25fcda3fb9035
-
SHA512
34ddb13ec8d2730ed718052c9e6ad5682c415b213b688d58f5a82be2e2c717b47719d6ed3d1627f2c4de51b93ee51548c280cfa45a22a9c67558fd1b93cb1320
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.ps1xml
-
Size
5KB
-
MD5
7ea886d135ac103fd63063dca7e150a3
-
SHA1
a10f3d3ea34be2266be6611625136cad5ea8fa44
-
SHA256
a31837f742c1cc25397d8b06bf182b71f926035554cf575bbba34029f3da3403
-
SHA512
45b1ac8f92b8957c502726475d39a2a3f262be6aa8e4616d16549c4c45bc95f6729a0a47e8dafd75a396d931695f8e2329a6e918835bdc72a24dfdc2aa3a900d
-
SSDEEP
96:qAmLl6umMlRLTpBTUvmvQA6umMsSOEKzZBfEDgcRPx:qLlXHLTLUUQAHsoKz0DgcRPx
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1
-
Size
2KB
-
MD5
9b07cb90e78d467a0de7be0f4f958fe9
-
SHA1
c7014872c3c02f3c45b40aa109d113c0fa1002f7
-
SHA256
e94186903107b294eb1c8a9bf74068b4c4e828843c4d33696af733ee2e3dbef3
-
SHA512
6bc046823f5d9dfe1bf7c39f03a7246524f9b285c89e32e24c1bb9e89b571c56a7db900e6d3b4f5ec06febfbe2c75d67fa1f13347bfd96908ea6835493738109
Score1/10 -
-
-
Target
WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml
-
Size
3KB
-
MD5
8ad3984071cd41f88be85478d9d3b927
-
SHA1
de487ad34ef752c5bd7128829fa06fc7a47bd723
-
SHA256
ef1d87489f53c6fac620fc4e1656931ac6b4050b2bba6ff03412417b5006ddc1
-
SHA512
4325334fe608c0bf5c98b0b7c263ee7c2c9d1f66010c2b3f931a6fc60265ba73cd8981a90ee54cd86374a81b22a74df7f18e87bde027de13c8061677f1606ef8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml
-
Size
3KB
-
MD5
5d3b6b8efdb22ab05507f985f511ce0a
-
SHA1
993e810d767b08df2adabad13d04dc8c5673b345
-
SHA256
2d892e242e809f9f00a74788aae4238f444c89457a14938fb8aad4368c69d107
-
SHA512
b47b83603aa15f3dc7b93ebc816b29da3231e65b4db0aa7e6e94a7516a57a85446b8a056c417637cc0ab50f5210659f03b3d23927093ce48d0a672a4563a969c
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-