Overview

overview

6

Static

static

3

7ec2e77211...a5.exe

windows7-x64

6

7ec2e77211...a5.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    138s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ec2e77211e97af72575872b8cc081a5.exe

  • Size

    3.9MB

  • MD5

    7ec2e77211e97af72575872b8cc081a5

  • SHA1

    6bb22149e38bc7d5b97dc36027256a8ef7c83081

  • SHA256

    fcc68f6e41b44762bd7e9ce1213b366ee10790b5b0e668a8f74d050a36fdfd1f

  • SHA512

    60d60f7daf3ca2e3cce69e24220b248ee88a7b110252df10086fba10feb0f5a6bbaddbdcf6e099e244706b57a0823528dba0bbc5c141b22fa912d82b9795dfbc

  • SSDEEP

    49152:JYQ9p/TMILu3UAJvYIJ7PBJw47z1CgFd5Tn3ZhNvhpR1aMo2IHT:Bpgt3ZvhpR1a5HT

Score
6/10
microsoftpersistencephishing

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ec2e77211e97af72575872b8cc081a5.exe
    "C:\Users\Admin\AppData\Local\Temp\7ec2e77211e97af72575872b8cc081a5.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2768
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:864
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_wp.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8e6c46f8,0x7fff8e6c4708,0x7fff8e6c4718
          4⤵
            PID:1220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
            4⤵
              PID:3872
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4372
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
              4⤵
                PID:4904
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                4⤵
                  PID:4608
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                  4⤵
                    PID:836
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                    4⤵
                      PID:1236
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                      4⤵
                        PID:4256
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                        4⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2072
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                        4⤵
                          PID:3828
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                          4⤵
                            PID:904
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                            4⤵
                              PID:5292
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                              4⤵
                                PID:5300
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                4⤵
                                  PID:5672
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
                                  4⤵
                                    PID:5760
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13357564277348803882,4452430507543626755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:2
                                    4⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4392
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_wp.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                  3⤵
                                    PID:5596
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8e6c46f8,0x7fff8e6c4708,0x7fff8e6c4718
                                      4⤵
                                        PID:5616
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2104
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4912

                                    Network

                                    MITRE ATT&CK Matrix ATT&CK v13

                                    Initial Access

                                    Execution

                                    Persistence

                                    Boot or Logon Autostart Execution

                                    1
                                    T1547

                                    Registry Run Keys / Startup Folder

                                    1
                                    T1547.001

                                    Privilege Escalation

                                    Boot or Logon Autostart Execution

                                    1
                                    T1547

                                    Registry Run Keys / Startup Folder

                                    1
                                    T1547.001

                                    Defense Evasion

                                    Modify Registry

                                    1
                                    T1112

                                    Credential Access

                                    Discovery

                                    Query Registry

                                    1
                                    T1012

                                    System Information Discovery

                                    1
                                    T1082

                                    Lateral Movement

                                    Collection

                                    Exfiltration

                                    Command and Control

                                    Impact

                                    Resource Development

                                    Reconnaissance

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      559ff144c30d6a7102ec298fb7c261c4

                                      SHA1

                                      badecb08f9a6c849ce5b30c348156b45ac9120b9

                                      SHA256

                                      5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

                                      SHA512

                                      3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      e36b219dcae7d32ec82cec3245512f80

                                      SHA1

                                      6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

                                      SHA256

                                      16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

                                      SHA512

                                      fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      264B

                                      MD5

                                      148fbbab4ca9c0fbc49d8e65978ec33b

                                      SHA1

                                      3c180f2ec7777f46e2fdb97f866a9020e7efe4d0

                                      SHA256

                                      aa7cc8e23cd74dea24e8d15783b5b4c11dfc15a34f4a5d4f66484888aa3454ce

                                      SHA512

                                      1f448ea554689a7facc44f1f7476b8aa999d92f4263a752f8adb87323bbfe3dede8726e25565d5e81ae267f3b6cfd3ea0f8fe4c47e7900f74004d4fffba0316d

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      437B

                                      MD5

                                      05592d6b429a6209d372dba7629ce97c

                                      SHA1

                                      b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                      SHA256

                                      3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                      SHA512

                                      caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      69d69daad175e1851e89b1f2424674ed

                                      SHA1

                                      547d4b0296608855b31f9818cc967c2f0fb6f056

                                      SHA256

                                      351a595a4da79077f9d4efe9ea47a94b1bbc7b5e29a1ca0e9bc471221b3ff597

                                      SHA512

                                      904d94f0fea4c09d1c030f043da39556068a7bb5ec2a2f22c863de519f750028518d5dfbed70c782ae77837bb813a876709e67fbd697c2984269dfdd7ede7f12

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      ae550e8c85c316d657a60fa0e76a8655

                                      SHA1

                                      3d5f919c30b3f9fa5dbc8925b5c2e0397696b4b4

                                      SHA256

                                      9f5961530f2e1a18eb412314253c806ba8cac91925a8848f68e2681dbe9d656a

                                      SHA512

                                      311ad73e903a6e71aea2aa77db663bedc4473e0b4bec57a8c54528ce877103e79446800338164b385c27d4d6658954897083a4a74928a63cee66e5c6abc4e076

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      b29589b55e1944d31be66566ed6fd67e

                                      SHA1

                                      c5af7f61d50790f4ffc35001c7c6d97f1d4726c6

                                      SHA256

                                      b6e56036201392863893f3a5a55274ad85518a2383a0247599b49757bd83ca58

                                      SHA512

                                      95f5c9b62a8594b78ac07f70754c00b9e4c676ef1b26be88073fc8eae58e74f1b2dd077b560336a8fb45a23635821029208e4a562a80b4d369055e27390b22b7

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      371B

                                      MD5

                                      7bb4b2f63137e3830b45696e551774df

                                      SHA1

                                      9bc4f58f6e2a9633c3f02db17f3af1def0e360c1

                                      SHA256

                                      0d525b71420a8cb24ec456b85cc7f62b952ae029d51637d2ddc01831fecb2218

                                      SHA512

                                      a206e6cf4dd51361b452e5d89c51a6c7ef6ac3d3992e43595defd76aa7470021ef56757c1e92a96e38b6ff635a3af25e1d2b1df349dc0bc3c0d37eff5f2e18ed

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b3cf.TMP
                                      Filesize

                                      371B

                                      MD5

                                      5830dbd48334c740139f31def14e6722

                                      SHA1

                                      bbaddbe0a0a8c0833deb1ad8e455f2ec7cb52d59

                                      SHA256

                                      68e451f5f0f25be1e57184a6c6d7d3ef22b5dbfebca0ef7cfa5af2d2698b74be

                                      SHA512

                                      89a6e9f98639a05f15a000ce2a6ad3a5963c81fde8a632b6eea63ff47cbef7c1e7764e20e0d253448672b34e85f6b988e0639b5a5c670e1b49067e102d8f0992

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      a5292000eb2e036a408603672f336d98

                                      SHA1

                                      8a6a462a213ce36f373ecd9c977fb04f4257baac

                                      SHA256

                                      4b7f1b5fd9b5a59f240a5ce3bfa43d5ec64df7cca97596d3a30865e7e656021a

                                      SHA512

                                      955282f8be337f939c66ff5bac6aeecbd0a243a2955d027a7293c0d207ef7e94451e883ee4a7a9d26997cb8864c354b0a8aca6fc0403713214e2921ae5a63139

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zwsl4v2e.lku.ps1
                                      Filesize

                                      60B

                                      MD5

                                      d17fe0a3f47be24a6453e9ef58c94641

                                      SHA1

                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                      SHA256

                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                      SHA512

                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                      Download Submit
                                    • \??\pipe\LOCAL\crashpad_4060_RJBTSOMEAQRZKTDI
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit
                                    • memory/864-17-0x0000000140000000-0x00000001400A2000-memory.dmp
                                      Filesize

                                      648KB

                                      Download
                                    • memory/2768-0-0x000001E246910000-0x000001E246932000-memory.dmp
                                      Filesize

                                      136KB

                                      Download
                                    • memory/2768-15-0x00007FFF7E6C0000-0x00007FFF7F181000-memory.dmp
                                      Filesize

                                      10.8MB

                                      Download
                                    • memory/2768-12-0x000001E244890000-0x000001E2448A0000-memory.dmp
                                      Filesize

                                      64KB

                                      Download
                                    • memory/2768-10-0x00007FFF7E6C0000-0x00007FFF7F181000-memory.dmp
                                      Filesize

                                      10.8MB

                                      Download
                                    • memory/2768-11-0x000001E244890000-0x000001E2448A0000-memory.dmp
                                      Filesize

                                      64KB

                                      Download