1624e398132a247c73177d7f2c30699b59c8c6b1c4db7cfc9db4be8b9ac82a22

Analysis

max time kernel
149s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

StealthGuard.appx
Size

117.6MB
MD5

f5cd50ddad16efa86556383fdcf120dc
SHA1

08f6746c4d65645e7fc040a335c55e600adf807a
SHA256

1624e398132a247c73177d7f2c30699b59c8c6b1c4db7cfc9db4be8b9ac82a22
SHA512

a3cfd0e7ac8887919602e0445edc974eed76f82e5ff4fcc30a2aa4e4a06f3e101afc1d7642f96dd3b0f24e8f137fbbb6e9f2e46e414ed0472ebe49df558da396
SSDEEP

3145728:G/fRxFzC2+R9vySUPFmaPa/MXrnjjf2+wtpeExBcIz7:o3FWN76SGFT8kjS+wtTVP

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StealthGuard.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	StealthGuard.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	StealthGuard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	StealthGuard.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	StealthGuard.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711100784649314"	StealthGuard.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	powershell.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1372	powershell.exe
1372	powershell.exe
548	StealthGuard.exe
548	StealthGuard.exe
548	StealthGuard.exe
548	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
548	StealthGuard.exe
548	StealthGuard.exe
548	StealthGuard.exe
548	StealthGuard.exe
3164	StealthGuard.exe
3164	StealthGuard.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1372	powershell.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe
Token: SeCreatePagefilePrivilege	3772	StealthGuard.exe
Token: SeShutdownPrivilege	3772	StealthGuard.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe
3772	StealthGuard.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 548	3772	StealthGuard.exe	93
PID 3772 wrote to memory of 548	3772	StealthGuard.exe	93
PID 3772 wrote to memory of 548	3772	StealthGuard.exe	93
PID 3772 wrote to memory of 548	3772	StealthGuard.exe	93
PID 3772 wrote to memory of 548	3772	StealthGuard.exe	93
PID 548 wrote to memory of 3172	548	StealthGuard.exe	94
PID 548 wrote to memory of 3172	548	StealthGuard.exe	94
PID 548 wrote to memory of 3172	548	StealthGuard.exe	94
PID 548 wrote to memory of 3172	548	StealthGuard.exe	94
PID 548 wrote to memory of 3172	548	StealthGuard.exe	94
PID 3772 wrote to memory of 2160	3772	StealthGuard.exe	95
PID 3772 wrote to memory of 2160	3772	StealthGuard.exe	95
PID 3772 wrote to memory of 2160	3772	StealthGuard.exe	95
PID 3772 wrote to memory of 2160	3772	StealthGuard.exe	95
PID 3772 wrote to memory of 2160	3772	StealthGuard.exe	95
PID 3772 wrote to memory of 2464	3772	StealthGuard.exe	96
PID 3772 wrote to memory of 2464	3772	StealthGuard.exe	96
PID 3772 wrote to memory of 2464	3772	StealthGuard.exe	96
PID 3772 wrote to memory of 2464	3772	StealthGuard.exe	96
PID 3772 wrote to memory of 2464	3772	StealthGuard.exe	96
PID 3772 wrote to memory of 4628	3772	StealthGuard.exe	97
PID 3772 wrote to memory of 4628	3772	StealthGuard.exe	97
PID 3772 wrote to memory of 4628	3772	StealthGuard.exe	97
PID 3772 wrote to memory of 4628	3772	StealthGuard.exe	97
PID 3772 wrote to memory of 4628	3772	StealthGuard.exe	97
PID 3772 wrote to memory of 4572	3772	StealthGuard.exe	98
PID 3772 wrote to memory of 4572	3772	StealthGuard.exe	98
PID 3772 wrote to memory of 4572	3772	StealthGuard.exe	98
PID 3772 wrote to memory of 4572	3772	StealthGuard.exe	98
PID 3772 wrote to memory of 4572	3772	StealthGuard.exe	98
PID 3772 wrote to memory of 2848	3772	StealthGuard.exe	100
PID 3772 wrote to memory of 2848	3772	StealthGuard.exe	100
PID 3772 wrote to memory of 2848	3772	StealthGuard.exe	100
PID 3772 wrote to memory of 2848	3772	StealthGuard.exe	100
PID 3772 wrote to memory of 2848	3772	StealthGuard.exe	100
PID 3772 wrote to memory of 1104	3772	StealthGuard.exe	101
PID 3772 wrote to memory of 1104	3772	StealthGuard.exe	101
PID 3772 wrote to memory of 1104	3772	StealthGuard.exe	101
PID 3772 wrote to memory of 1104	3772	StealthGuard.exe	101
PID 3772 wrote to memory of 1104	3772	StealthGuard.exe	101
PID 3772 wrote to memory of 3580	3772	StealthGuard.exe	102
PID 3772 wrote to memory of 3580	3772	StealthGuard.exe	102
PID 3772 wrote to memory of 3580	3772	StealthGuard.exe	102
PID 3772 wrote to memory of 3580	3772	StealthGuard.exe	102
PID 3772 wrote to memory of 3580	3772	StealthGuard.exe	102
PID 3772 wrote to memory of 4328	3772	StealthGuard.exe	106
PID 3772 wrote to memory of 4328	3772	StealthGuard.exe	106
PID 3772 wrote to memory of 4328	3772	StealthGuard.exe	106
PID 3772 wrote to memory of 4328	3772	StealthGuard.exe	106
PID 3772 wrote to memory of 4328	3772	StealthGuard.exe	106
PID 3772 wrote to memory of 4304	3772	StealthGuard.exe	107
PID 3772 wrote to memory of 4304	3772	StealthGuard.exe	107
PID 3772 wrote to memory of 4304	3772	StealthGuard.exe	107
PID 3772 wrote to memory of 4304	3772	StealthGuard.exe	107
PID 3772 wrote to memory of 4304	3772	StealthGuard.exe	107
PID 3772 wrote to memory of 4604	3772	StealthGuard.exe	108
PID 3772 wrote to memory of 4604	3772	StealthGuard.exe	108
PID 3772 wrote to memory of 4604	3772	StealthGuard.exe	108
PID 3772 wrote to memory of 4604	3772	StealthGuard.exe	108
PID 3772 wrote to memory of 4604	3772	StealthGuard.exe	108
PID 3772 wrote to memory of 3164	3772	StealthGuard.exe	109
PID 3772 wrote to memory of 3164	3772	StealthGuard.exe	109
PID 3772 wrote to memory of 3164	3772	StealthGuard.exe	109
PID 3772 wrote to memory of 3164	3772	StealthGuard.exe	109

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:AppsFolder\StealthGuard.StealthGuard_53y8kbbxhxndm!STEALTHGUARD
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1372

C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
"C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\StealthGuard\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\StealthGuard\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\StealthGuard\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\StealthGuard\User Data" --annotation=plat=Win32 --annotation=prod=StealthGuard --annotation=ver=1.19.78 --initial-client-data=0x2b4,0x2b8,0x2bc,0x2b0,0x2c0,0x759bc870,0x759bc880,0x759bc88c
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
    "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\StealthGuard\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\StealthGuard\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=StealthGuard --annotation=ver=1.19.78 --initial-client-data=0x1f8,0x1fc,0x200,0x174,0x204,0xa01108,0xa01118,0xa01124
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3172
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1896 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2160
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=2248 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2464
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=2020 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4628
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\gen" --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --js-flags=--expose-gc --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2740 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4572
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --nwjs --no-sandbox --file-url-path-alias="/gen=C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\gen" --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --js-flags=--expose-gc --video-capture-use-gpu-memory-buffer --lang=en-US --nwjs-guest --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3652 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2848
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=4040 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1104
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=4248 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3580
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=4216 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4328
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=3644 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4304
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --mojo-platform-channel-handle=4380 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4604
- C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe
  "C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard\StealthGuard.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\StealthGuard\User Data" --nwapp-path="C:\Program Files\WindowsApps\StealthGuard.StealthGuard_1.19.78.0_neutral__53y8kbbxhxndm\VFS\AppData\StealthGuard" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4612 --field-trial-handle=1900,i,17771426805615898235,2139065764094977507,262144 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Crashpad\reports\754cac31-971d-42cf-9a96-4fd6258206c3.dmp

Filesize
1.3MB

MD5
3f4a5365292c1913a734fc6611fb4c83

SHA1
c607e81e89997b38d21d233fb6e9184889a6aa96

SHA256
311d3c887c75085fc69dc35a82fa5a6163a60102f54b139654becb417ff7e4de

SHA512
4debe3fc7d73fde578524bff447489c30a5eff71ec264c1295a5d0c0823263081ff1c63b3b54826141177614a10678fbaa4800b65a410a3e92fac01e71d94bd9

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\20f150b4-378f-47df-b91d-4654f4125101.tmp

Filesize
4KB

MD5
fa807681200e3ad378b488791f23d1b2

SHA1
4662b052f2975e1e0d2b7777eae6213d97fb088a

SHA256
b8a148f4f821376dfc64519799cbc0dc356c1f796232e85601b868bb4a8aec49

SHA512
f46fd4649169e74fa546a4f54055b0b2dfff43c6f80f9cee5c3bfcdbf401b8ad67131624d97ec439de893e2d41fa5817402ec98885b0c8fddce9da22e70eddfb

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\83bb3890-d1df-4b01-8238-dffbf9fc09b6.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
2aad987c6133021a5535b632730c8dfd

SHA1
4edb31fe508a1ee9fb4dc8b2ddf1f1ebb48006e9

SHA256
296b96ff3f5600ff370876336d590ebbadc3aa5c1f4c491bd855615b248de6a0

SHA512
962a85ad54b501495317b3903fe63415f238ceb0054ad215c09e8cc1aca4551ed61bba3743a9a116bfbbe608b4f537409ee1056b8ba231f1c95a07e5a8a9fe8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
3594c918c79b7ab944381183d77ebb3e

SHA1
4397654c367a7cc76cdbd5a8ab284eca23d2a975

SHA256
dc77a884a63063c79132f5c94c5f61650d2547a04a555dc239126a30b25faa86

SHA512
a46291788a99bb2a57e77f1a0572881e66a882b3becb212f0acc0d628b47166bfe73f1e165994af14ff397350cbb4b19e2652fdcc8a0c73999fa0175f434575f

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5673766ffbace2c37db8fc4db4142fe5

SHA1
958dde7351063f41d35103ac3be6d2925040ea2d

SHA256
8937f60ffdd6d2614dd64ee111b15767e0d1e495a2269c95709d012459493355

SHA512
5ea4b24d0541b58fdac76588231626abbc674afb3b7fbee80cd19b702bb5ba7f906e236ea6e6c82996964bb89448c9d1a3ba4d514c226d851c365d0faa5e2f70

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Network\Network Persistent State~RFe5915ef.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e4c95043fbc932dff2a26c848fb0a098

SHA1
4864048f9aa02dbb8ac76b6691a87a8bf0083215

SHA256
171598fd9aa06d16d17e20e07737b11aded00b6c610c165589f1a52d176962ec

SHA512
338a0333952b4965e11b98f103045bfa11d51f78f6ef4ee87cfccab0739939137aba12b328a31ba55042036c511d481306f8f26127ccb535e598c395a3dc4585

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2c8fd2a9622cdf63a2d093852b350f8b

SHA1
1f6a11daa1962e2d099f81c54a523b51ff0f234e

SHA256
1a7f5ddd260557a589f96aa668052649e6f27d0513ff24653defb7d137e353b7

SHA512
14ae920cdd716356c4feea106a0ed0c03981cdfadab88e5a79d5c0f2cce85c26fbe86a6ea749d884b004cd7b37a34e3ee157cc9388249b945ee18b87f20fa82e

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Network\TransportSecurity~RFe5925be.TMP

Filesize
523B

MD5
39300e600925ca3462b21e97d3dad25a

SHA1
2b8fc33101301aecf8ccf3b4e86ffd610cb064cb

SHA256
5473a5521019c7a4d5edc71891c99be3e57ee91e688c930a95bfd13fe52b03eb

SHA512
6dcb8acc5541ac570c74a0ce9f8a18af345bafff77507b51996eaf71b32db471c773baceb2e306833ea7185bc096d408ad578bb10b150351dca4d2e5047be61f

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Preferences

Filesize
5KB

MD5
99a409785f98f89272c71183891c6daf

SHA1
526ee5e2eb9232cb32a6aba77ff3b9aacee68561

SHA256
d6bd4c21b8fbf2f930bfa7e010ca0729736f0f47923e6281e5ced0b61ecce427

SHA512
40d90efe25b8637a359e4d8fc535354ddb5d4d3986065a41832e38ef8d14b19aa58b1a2fbc70c9d2a99329799b0a81308226248ef3edfd02e23c5608c20d399b

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Preferences

Filesize
4KB

MD5
498b5f2135977d49285a5177efa03700

SHA1
3bac8e4c1190212ac9b05e3779dfc28761b92804

SHA256
65badb356635677d5025a96b2c86b71d3c0c37678d7e290f313cc5e80f40e2ea

SHA512
26a0cd2e24488d11e0c5c74f0fbe4633efc957a16b5bd454ae0700241701dac27fca588fe75f68734c8b40cad9d848b9001da47f10207bcff74bc1f46d1264cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Preferences~RFe589c5a.TMP

Filesize
4KB

MD5
b1c1b0cc6f30b8ca10d5768e700fd401

SHA1
6ef59350aecc0f45f807243c39fc810089ba2f52

SHA256
1ed059ee52b9f9fed27ab924a69542f8fbe0acd3b7c2c1ac53caab98e02e008f

SHA512
d6fcf22e4d602f1d088c328c26aced3b8f8c5e8ae8752ed12a3cd7fc1cd430e97fc12506a41b67678a3d07da1fdd9e7a65a2cb77352865c97d2e84e22eebd28f

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Local State

Filesize
3KB

MD5
41cecf5c060726dca05a536a54cce33b

SHA1
be437a2a6ea0f8433fd9c3a79ab01563a761cc13

SHA256
726b7f75bf2332eec17a5639b0097b0833e0531596e45d5288497d34099c8fa7

SHA512
0b0e537fd8d2e5b47524551073230d52dbaf46089f06ffad722565e3c7d38c9bf80cd2c341b1a610e0adca84f049a4a5024e26cb1af49932e1f31f81decc9606

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Local State~RFe5826ec.TMP

Filesize
874B

MD5
d3a4cf456ce7431f481b63db418a6d05

SHA1
0fbd426b87ff70a31e8d9f35293c98e5d1732963

SHA256
b199322cea1dd0c49c395a888a81d3777c1b54dd863231c8ee5fc07db638b198

SHA512
c067366389367a4e464746ab82d611b45c8deec4555eb22e4c1c1825860f66e352195b2f40abe1b966a3ea08d0a228e76cad28c8f599ad1428c7edbf699a581c

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Module Info Cache

Filesize
94KB

MD5
807ee101edbe47d2075d9ac6d026d326

SHA1
cf6e3de9186497f964f59d439e404e5335e126ad

SHA256
4fe0ae42b2d03f9618bbfce4e51a093207a8fd42b02fe099e506096705beaa9d

SHA512
983f2ad32d780bf5ecf7325ec268dbe89951995a14cec0e10bfb12d76c1ec90c668b28a4eadc987392d2a9886f707e6d9757c402f0f65d5948688414ced4c4b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\Module Info Cache~RFe589c89.TMP

Filesize
91KB

MD5
75eb9b49142f971d60f2be73fbba47be

SHA1
4159a646974835bf48d860d99d8e9f9c6810d9d2

SHA256
3154e434e036900e855bb0fd9e1ebf3486ab9b92eac996de0ced719a4083b27f

SHA512
4284271bd04515d72ee262cee480850842293c08156724112641bf164a1fb79567803450a970440dd9efcc854afd8874d61c084a1d2413dbe01cb2f396ece922

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Packages\StealthGuard.StealthGuard_53y8kbbxhxndm\LocalCache\Local\StealthGuard\User Data\ShaderCache\index

Filesize
256KB

MD5
9e6a5f93914e5e33f6739f67171e1d09

SHA1
dcf581b66ef09c6ea8aaed7c531b4cc5d5ddc68c

SHA256
e838721c3f12e2936efbf4267b530dfd7d799d96ec4360c15def67714fba2012

SHA512
099272e6f40a585a8f0fda58063601ef3c9f74d9080b17fdc018d313c2198e7581890183793b17a1fea7d1d28a62e4892b41edc2c9d204ef88c5f05f5de50cde

Download Submit
C:\Users\Admin\AppData\Local\StealthGuard\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5aaf182686ca36528343166e0c4f4500

SHA1
cadeab3c94ae89f97f00c6ef324e6e2b7543f5d7

SHA256
d50500dcf0a7c2869ec9cc691b1fb2000747b3b6bef61e21189868164645c8b6

SHA512
171307622ac168e4dbc0cd0998b60440ef631060d0ba2c2bfcaaca2a636f959ac9814ee68303943c0102de2e1124e35308b166091b2148c77619a917b31bcadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r5lirnwh.wcd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1372-11-0x00007FFD48EB0000-0x00007FFD49971000-memory.dmp

Filesize
10.8MB

Download
memory/1372-10-0x0000026049CC0000-0x0000026049CE2000-memory.dmp

Filesize
136KB

Download
memory/1372-12-0x00007FFD48EB0000-0x00007FFD49971000-memory.dmp

Filesize
10.8MB

Download
memory/1372-0-0x00007FFD48EB3000-0x00007FFD48EB5000-memory.dmp

Filesize
8KB

Download
memory/1372-14-0x00007FFD48EB0000-0x00007FFD49971000-memory.dmp

Filesize
10.8MB

Download
memory/3164-357-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-356-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-355-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-362-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-365-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-367-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-366-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-364-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-361-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/3164-363-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download