Analysis Overview
SHA256
44c35d3c90744584a6cccfd62bbc3bb07bc921007b71dc0df936ebaa729309cd
Threat Level: Shows suspicious behavior
The file brigadier.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-21 17:49
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 17:49
Reported
2024-05-21 17:52
Platform
win7-20240221-es
Max time kernel
118s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2256 wrote to memory of 2460 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Users\Admin\AppData\Local\Temp\brigadier.exe |
| PID 2256 wrote to memory of 2460 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Users\Admin\AppData\Local\Temp\brigadier.exe |
| PID 2256 wrote to memory of 2460 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Users\Admin\AppData\Local\Temp\brigadier.exe |
| PID 2460 wrote to memory of 2600 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Windows\System32\Wbem\wmic.exe |
| PID 2460 wrote to memory of 2600 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Windows\System32\Wbem\wmic.exe |
| PID 2460 wrote to memory of 2600 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Windows\System32\Wbem\wmic.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\brigadier.exe
"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"
C:\Users\Admin\AppData\Local\Temp\brigadier.exe
"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"
C:\Windows\System32\Wbem\wmic.exe
wmic computersystem get model /format:RAWXML
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | swdist.apple.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI22562\brigadier.exe.manifest
| MD5 | 7e8594d05bc5a232d1a0f5c219a8a5ff |
| SHA1 | e97c6d7b8541e21bc051d5e30f0f8932a74f390d |
| SHA256 | dec3610aee6c172332b3f0aaad22f8ed641fdc80971369715d71492210910f5f |
| SHA512 | e29c374980c76ace055d32d44e6476c4ebde67b363ce8f5f50fb628113311cd9c5c682e2b8494607d2cd63b8d7351678144800c68be14426f9ec694eaaa4c582 |
C:\Users\Admin\AppData\Local\Temp\_MEI22562\python27.dll
| MD5 | 367b77fb4be93bf0e965e0149ed96e7a |
| SHA1 | 9fbea126ff80d2bdebeb1032a27514aa933c656b |
| SHA256 | 8ef134c6fab5395aa0e3943dc4e758181583759f0f849bd9580ed87145eb5321 |
| SHA512 | 8c4909f080292ca21e9a49165fa8d990162729c9d9a266b0d8561b02c26eabc060c6422a66f535d6e493f7e698542d1a1cadd0ac0e6340bf10680baebff3de71 |
C:\Users\Admin\AppData\Local\Temp\_MEI22562\MSVCR90.dll
| MD5 | ecbbed2f44afb22ba1f9ef8603c261b5 |
| SHA1 | 98c1c3e0960b3653b772e71a5ea0b63362ebdbd3 |
| SHA256 | 75613e14c26c84a21763cd315bdb3129c997f1c28dfbc3932379970901a22820 |
| SHA512 | bf76cb53f81278f65e2e4e3a8ec6e7b2246fe2a53e43dad49e84b567f73b7090d0eb915ea9c183da38b4a0ad03ff40ce4cca63b8609f467e40c4a3cacc394cbb |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_ctypes.pyd
| MD5 | 28e5d05ab42adb1e7ada35f1eef1b32b |
| SHA1 | 0792867716c8a933305455a2c7f39d30807dad65 |
| SHA256 | a93e3bfe62afa5062c6257a7f347d715af346ac3aec7999b8d86a9f2580ec176 |
| SHA512 | 0cb08ec46068e20a2df3fc0e69bceba5b8a807aeb580002e846d9272fea7a6ee24b8f2c571571677b61dd8c58eb998c26a656193798de5075c6943f6d701c569 |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_ssl.pyd
| MD5 | 9c6d526768f8395aecff0af0d27f0063 |
| SHA1 | a580e2782c31ffb9365ea31dce8b337aae9eee07 |
| SHA256 | 2c4cb4459c37a2152698e19f27350a7dbf56c51509689b1d7a65c60fb5a75751 |
| SHA512 | 52bc14aa9f6bb6822740b7be98187fba1adf86f484e130ac6df3fad6e456b41288cbb9c8abf9d7af8730e9c0f7438ed362582ee7f39a5cab9cf471bb5b84b9eb |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_socket.pyd
| MD5 | f28dc3a4451c29fea272d7ae063425c5 |
| SHA1 | ece376146a7115cd5b1ad141a59fff25b6da6a5d |
| SHA256 | a75aa54781de3c97f5b4c2e0389d5ad39602cda6fcd5a3810667a4cf24f4286a |
| SHA512 | 746b1b608c457cdf8aa784683533e1220c60dd689f7f5266013f1194e9fd091123eb11d697119b9de65686019176062eb9aba04d2845930369829182a399b5e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\_hashlib.pyd
| MD5 | 6f784c403e2097d11331f8778f6d9d2c |
| SHA1 | 64ecd6ee875f89a88204e673acae9547992fd085 |
| SHA256 | cda9a6478417629cb40809aad57bd5a884f183333506d00008d16e47368fd633 |
| SHA512 | c1fbd548f03a46ee19cd003831bcb53df204cd1c71ab672955a2ff19267c523a17970f8fb9586e712665c09b54c19338037a38a425dacb857aae5b6162fa282c |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\bz2.pyd
| MD5 | 51fdb7790e680a394e9936498d3a73fa |
| SHA1 | fab9f97feee68fbd9225de051349ac3258920fa2 |
| SHA256 | 985902e0813564981059c2f57282614f5a907dc3df0273ba7bef2ad64123c921 |
| SHA512 | 594153dd913a3369d310980b0e53bc6a10174e18b0b416dc1b86b2401b4bd94546bee9fbde7421e102490ccba4c8a8d7b91b3df5e3c0506cc98b51bc63e15c50 |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\select.pyd
| MD5 | c76ccf3e7883917832c3b2fa2b980aa1 |
| SHA1 | f35f0424522f3986f5917725b8c0b515bd80bf46 |
| SHA256 | 417ecb5fe0caf271ae53fd9132f4a6d50cb5304d586548f964a546cd5858f347 |
| SHA512 | 44e15c8b0d61c2b7f9dba92d0c43acb8d0a27b1c7fc58b9f1a89d39ae7ceabc5b7df5d8b2592949f014e34a04b0592189a5d1fe7551a0b59bd9499c0a7d16d8b |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\unicodedata.pyd
| MD5 | 6c38211cc951d7800cb961f4bb16716c |
| SHA1 | fe49ce52862fa87fc6c2ae8731a3c22b69dcd3ba |
| SHA256 | 45edce458a292465d784e07a3ffd46580aab0a4f925c40704bc45a60325e7537 |
| SHA512 | 4eb5daabfdb599e466b17ef541809cae9fb83994be28ba2b3401a79e5b94e6d991aa1821c22f54c6ea90b866ce4f6f9c857053eb4f37b3751dcf25806ed4e674 |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\pyexpat.pyd
| MD5 | 2a69dab6a61d6837f3f597ea44e5415b |
| SHA1 | 1a2c541c9d7bbacce9485bef0f557722782bdb23 |
| SHA256 | 24b321a24c67b6afb095f9bdc38ff1ecf74e95b59928fa36e6011c2fc37e4b96 |
| SHA512 | dbd1df10cdd066e3b435455bbc62d5c5dea1aa1bcd2a63fc985c61fe187fd4a3ddfe97e63bb8202ef60a2e16866c8d150f24905e3dc0b1460c83c0deb1c8d121 |
C:\Users\Admin\AppData\Local\Temp\_MEI22~1\certifi\cacert.pem
| MD5 | ea4ee2af66c4c57b8a275867e9dc07cd |
| SHA1 | d904976736e6db3c69c304e96172234078242331 |
| SHA256 | fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c |
| SHA512 | 4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 17:49
Reported
2024-05-21 17:52
Platform
win10v2004-20240226-es
Max time kernel
137s
Max time network
146s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4068 wrote to memory of 3924 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Users\Admin\AppData\Local\Temp\brigadier.exe |
| PID 4068 wrote to memory of 3924 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Users\Admin\AppData\Local\Temp\brigadier.exe |
| PID 3924 wrote to memory of 3968 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Windows\System32\Wbem\wmic.exe |
| PID 3924 wrote to memory of 3968 | N/A | C:\Users\Admin\AppData\Local\Temp\brigadier.exe | C:\Windows\System32\Wbem\wmic.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\brigadier.exe
"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"
C:\Users\Admin\AppData\Local\Temp\brigadier.exe
"C:\Users\Admin\AppData\Local\Temp\brigadier.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3484 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\Wbem\wmic.exe
wmic computersystem get model /format:RAWXML
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | swdist.apple.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 51.140.244.186:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 51.140.242.104:443 | tcp | |
| US | 13.107.6.158:443 | tcp | |
| GB | 216.58.201.97:443 | tcp | |
| GB | 88.221.135.81:443 | tcp | |
| US | 13.107.42.16:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI40682\brigadier.exe.manifest
| MD5 | 7e8594d05bc5a232d1a0f5c219a8a5ff |
| SHA1 | e97c6d7b8541e21bc051d5e30f0f8932a74f390d |
| SHA256 | dec3610aee6c172332b3f0aaad22f8ed641fdc80971369715d71492210910f5f |
| SHA512 | e29c374980c76ace055d32d44e6476c4ebde67b363ce8f5f50fb628113311cd9c5c682e2b8494607d2cd63b8d7351678144800c68be14426f9ec694eaaa4c582 |
C:\Users\Admin\AppData\Local\Temp\_MEI40682\python27.dll
| MD5 | 367b77fb4be93bf0e965e0149ed96e7a |
| SHA1 | 9fbea126ff80d2bdebeb1032a27514aa933c656b |
| SHA256 | 8ef134c6fab5395aa0e3943dc4e758181583759f0f849bd9580ed87145eb5321 |
| SHA512 | 8c4909f080292ca21e9a49165fa8d990162729c9d9a266b0d8561b02c26eabc060c6422a66f535d6e493f7e698542d1a1cadd0ac0e6340bf10680baebff3de71 |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_ctypes.pyd
| MD5 | 28e5d05ab42adb1e7ada35f1eef1b32b |
| SHA1 | 0792867716c8a933305455a2c7f39d30807dad65 |
| SHA256 | a93e3bfe62afa5062c6257a7f347d715af346ac3aec7999b8d86a9f2580ec176 |
| SHA512 | 0cb08ec46068e20a2df3fc0e69bceba5b8a807aeb580002e846d9272fea7a6ee24b8f2c571571677b61dd8c58eb998c26a656193798de5075c6943f6d701c569 |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_ssl.pyd
| MD5 | 9c6d526768f8395aecff0af0d27f0063 |
| SHA1 | a580e2782c31ffb9365ea31dce8b337aae9eee07 |
| SHA256 | 2c4cb4459c37a2152698e19f27350a7dbf56c51509689b1d7a65c60fb5a75751 |
| SHA512 | 52bc14aa9f6bb6822740b7be98187fba1adf86f484e130ac6df3fad6e456b41288cbb9c8abf9d7af8730e9c0f7438ed362582ee7f39a5cab9cf471bb5b84b9eb |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_socket.pyd
| MD5 | f28dc3a4451c29fea272d7ae063425c5 |
| SHA1 | ece376146a7115cd5b1ad141a59fff25b6da6a5d |
| SHA256 | a75aa54781de3c97f5b4c2e0389d5ad39602cda6fcd5a3810667a4cf24f4286a |
| SHA512 | 746b1b608c457cdf8aa784683533e1220c60dd689f7f5266013f1194e9fd091123eb11d697119b9de65686019176062eb9aba04d2845930369829182a399b5e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\_hashlib.pyd
| MD5 | 6f784c403e2097d11331f8778f6d9d2c |
| SHA1 | 64ecd6ee875f89a88204e673acae9547992fd085 |
| SHA256 | cda9a6478417629cb40809aad57bd5a884f183333506d00008d16e47368fd633 |
| SHA512 | c1fbd548f03a46ee19cd003831bcb53df204cd1c71ab672955a2ff19267c523a17970f8fb9586e712665c09b54c19338037a38a425dacb857aae5b6162fa282c |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\bz2.pyd
| MD5 | 51fdb7790e680a394e9936498d3a73fa |
| SHA1 | fab9f97feee68fbd9225de051349ac3258920fa2 |
| SHA256 | 985902e0813564981059c2f57282614f5a907dc3df0273ba7bef2ad64123c921 |
| SHA512 | 594153dd913a3369d310980b0e53bc6a10174e18b0b416dc1b86b2401b4bd94546bee9fbde7421e102490ccba4c8a8d7b91b3df5e3c0506cc98b51bc63e15c50 |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\select.pyd
| MD5 | c76ccf3e7883917832c3b2fa2b980aa1 |
| SHA1 | f35f0424522f3986f5917725b8c0b515bd80bf46 |
| SHA256 | 417ecb5fe0caf271ae53fd9132f4a6d50cb5304d586548f964a546cd5858f347 |
| SHA512 | 44e15c8b0d61c2b7f9dba92d0c43acb8d0a27b1c7fc58b9f1a89d39ae7ceabc5b7df5d8b2592949f014e34a04b0592189a5d1fe7551a0b59bd9499c0a7d16d8b |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\unicodedata.pyd
| MD5 | 6c38211cc951d7800cb961f4bb16716c |
| SHA1 | fe49ce52862fa87fc6c2ae8731a3c22b69dcd3ba |
| SHA256 | 45edce458a292465d784e07a3ffd46580aab0a4f925c40704bc45a60325e7537 |
| SHA512 | 4eb5daabfdb599e466b17ef541809cae9fb83994be28ba2b3401a79e5b94e6d991aa1821c22f54c6ea90b866ce4f6f9c857053eb4f37b3751dcf25806ed4e674 |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\pyexpat.pyd
| MD5 | 2a69dab6a61d6837f3f597ea44e5415b |
| SHA1 | 1a2c541c9d7bbacce9485bef0f557722782bdb23 |
| SHA256 | 24b321a24c67b6afb095f9bdc38ff1ecf74e95b59928fa36e6011c2fc37e4b96 |
| SHA512 | dbd1df10cdd066e3b435455bbc62d5c5dea1aa1bcd2a63fc985c61fe187fd4a3ddfe97e63bb8202ef60a2e16866c8d150f24905e3dc0b1460c83c0deb1c8d121 |
C:\Users\Admin\AppData\Local\Temp\_MEI40~1\certifi\cacert.pem
| MD5 | ea4ee2af66c4c57b8a275867e9dc07cd |
| SHA1 | d904976736e6db3c69c304e96172234078242331 |
| SHA256 | fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c |
| SHA512 | 4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412 |