Overview

overview

10

Static

static

1

cb58bf8100...4b.exe

windows7-x64

8

cb58bf8100...4b.exe

windows10-2004-x64

10

$_12_/Ufar...en.ps1

windows7-x64

3

$_12_/Ufar...en.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    31s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2024 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_12_/Ufarligheden.ps1

  • Size

    53KB

  • MD5

    81af4fd82b47873584f160fb4228293a

  • SHA1

    656b56b51ec006f0dd660a92a8d270d52ae4fb8d

  • SHA256

    f639169cb559cd1866363100feb43da1b170b708623f45b12c0a706e01561ab6

  • SHA512

    caa807605ec4b51dc27a2e2a5db33818cebc082c84893d6ea0b588a5d1a4bb80f49ce3d5dae96a1baaa25a64420a2455237ae3b1ee8e3765cb99987f775af406

  • SSDEEP

    768:RjrAVpqj8lMfQwOJ0dACRcJPBYIsp8+mIrOvpk7bql3p3ruLcuIxAPTa7uGAoeW9:RvYA8aYYIsp8+5YMOtU3hPTa7eo

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 5 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\$_12_\Ufarligheden.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:436
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:532
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4788
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4384
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:860
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2512
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5052
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:412
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3584
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3560
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:428
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4008
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2584
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4764
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:800
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2296
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2544
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4884
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:5000
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4168
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3464
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4536
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4344
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4880
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:216
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1424
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:780
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:4220
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:3904
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3200
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:896
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3976
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3352
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:452
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1564
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:1680
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1720
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4740
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:4780
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:2040
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3904
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3008
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:5076
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:3668
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:5024
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4136
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:1892
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:3280
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:3496
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:4336
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4996
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4084
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:1296
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:2304
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4548
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3020
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:1772
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:756
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2216

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      510dd14c4da57074904ab3760c0d999d

                                                                                                      SHA1

                                                                                                      887f37d2cf053118279acaf6c051ef54973f0027

                                                                                                      SHA256

                                                                                                      4faed0cfb3c0d29215bf5f5ffa601292a5660bb4c49b659f8c4def2521e0844c

                                                                                                      SHA512

                                                                                                      b85675112f4b12cea146e616056cc59b34570d65d57538ed1c001dc76d4901756e2b85743504f7ba0037c01c10172b069b3a6992e470288b807961a2d4cfc6d3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      d6636ae9c788bcbd67d9a3dd789e871e

                                                                                                      SHA1

                                                                                                      d99622701bcb82a38c87debf03df1d8205e7398a

                                                                                                      SHA256

                                                                                                      42adc42599a91940ac0e446a50e0acda3d7db80075d4a3f6adc6ffdea8f1f989

                                                                                                      SHA512

                                                                                                      9b18a07ebb6ab81455b50b44e14dad40a87c265cb5c3b2b9763a4c8f28fbce3a06bc431e9ceb32bd3616ab76c90cd9a67b1ac1206d9ea22ddaf389cf0530cf90

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      0e73eb7f62702d55fde5a426254c372e

                                                                                                      SHA1

                                                                                                      bfcc4a97268f68c6fcf81fcca0094ffee48b9bd8

                                                                                                      SHA256

                                                                                                      a190457e5b95197333ffa62962a98331f8fad90037d5af5997b43e138aea55f1

                                                                                                      SHA512

                                                                                                      e3d7e1fb74145913b3d26e353e528d2bab66b14a89780a9875bb4d0ab1146ffc38086df1bd0600548d194f164698def8ac3f6e5cab5173d04ba1c3ee4b517b6f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133743839987749062.txt
                                                                                                      Filesize

                                                                                                      75KB

                                                                                                      MD5

                                                                                                      c89a3fafade8e64909dabbcbf9962835

                                                                                                      SHA1

                                                                                                      8eef915df2b8361f7285f3b83c71b28a2d4794b6

                                                                                                      SHA256

                                                                                                      d6a43f3735ca21e6e5d09653ea1ad33b5c06122346e831a878a0332b52cd2916

                                                                                                      SHA512

                                                                                                      692e907ecdc2c26af877258e3ca19fdc6df2b97902a737c0a78c0c81171603669337f941d485cdb475bf20cb016cb3b4ae0302df096811c270f2c96b58364357

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2CFNWDLC\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      97B

                                                                                                      MD5

                                                                                                      539db492f33fccee9be530dd0bf34a46

                                                                                                      SHA1

                                                                                                      650b2a3583d6c9499b4ed73e9a5dca37f342a50e

                                                                                                      SHA256

                                                                                                      f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999

                                                                                                      SHA512

                                                                                                      9328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oykbmmmh.l5j.ps1
                                                                                                      Filesize

                                                                                                      60B

                                                                                                      MD5

                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                      SHA1

                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                      SHA256

                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                      SHA512

                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                      Download Submit

                                                                                                    • memory/216-182-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/412-49-0x0000024CB6F20000-0x0000024CB6F40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/412-60-0x0000024CB7330000-0x0000024CB7350000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/412-38-0x0000024CB6F60000-0x0000024CB6F80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/436-25-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-16-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-15-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-14-0x000001DF32740000-0x000001DF32764000-memory.dmp

                                                                                                      Filesize

                                                                                                      144KB

                                                                                                      Download

                                                                                                    • memory/436-13-0x000001DF32740000-0x000001DF3276A000-memory.dmp

                                                                                                      Filesize

                                                                                                      168KB

                                                                                                      Download

                                                                                                    • memory/436-26-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-6-0x000001DF31940000-0x000001DF31962000-memory.dmp

                                                                                                      Filesize

                                                                                                      136KB

                                                                                                      Download

                                                                                                    • memory/436-23-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-22-0x00007FFC72ED3000-0x00007FFC72ED5000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      Download

                                                                                                    • memory/436-24-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-12-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-11-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-0-0x00007FFC72ED3000-0x00007FFC72ED5000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      Download

                                                                                                    • memory/780-902-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/800-330-0x000002406B200000-0x000002406B300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/800-344-0x000002406C300000-0x000002406C320000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/800-362-0x000002406C710000-0x000002406C730000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/800-335-0x000002406C340000-0x000002406C360000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/800-331-0x000002406B200000-0x000002406B300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1564-1232-0x0000025FFE700000-0x0000025FFE720000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1564-1200-0x0000025FFE340000-0x0000025FFE360000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1564-1212-0x0000025FFE300000-0x0000025FFE320000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1564-1197-0x0000025FFD200000-0x0000025FFD300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1564-1195-0x0000025FFD200000-0x0000025FFD300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1680-1345-0x0000000002130000-0x0000000002131000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2296-480-0x0000000004360000-0x0000000004361000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2512-32-0x0000000004160000-0x0000000004161000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2584-329-0x0000000002500000-0x0000000002501000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3008-1629-0x0000000004C50000-0x0000000004C51000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3200-1048-0x0000000004580000-0x0000000004581000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3352-1193-0x00000000041A0000-0x00000000041A1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3464-623-0x0000021C32A60000-0x0000021C32A80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3464-632-0x0000021C32A20000-0x0000021C32A40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3464-640-0x0000021C32E30000-0x0000021C32E50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3668-1632-0x000002DD3E000000-0x000002DD3E100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3904-1498-0x000002A6BE700000-0x000002A6BE800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3904-1496-0x000002A6BE700000-0x000002A6BE800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3904-1501-0x000002A6BFA40000-0x000002A6BFA60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-1509-0x000002A6BFA00000-0x000002A6BFA20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-910-0x000001DA03580000-0x000001DA035A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-938-0x000001DA03950000-0x000001DA03970000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-923-0x000001DA03540000-0x000001DA03560000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-1521-0x000002A6BFE00000-0x000002A6BFE20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3976-1067-0x000001CDB9E70000-0x000001CDB9E90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3976-1056-0x000001CDB9EB0000-0x000001CDB9ED0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3976-1087-0x000001CDBA480000-0x000001CDBA4A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4008-184-0x0000022321C00000-0x0000022321D00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4008-190-0x0000022322B30000-0x0000022322B50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4008-208-0x0000022323100000-0x0000022323120000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4008-198-0x0000022322AF0000-0x0000022322B10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4536-756-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4740-1347-0x000002EF4BB70000-0x000002EF4BC70000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4740-1352-0x000002EF4CAD0000-0x000002EF4CAF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4740-1370-0x000002EF4CA90000-0x000002EF4CAB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4740-1375-0x000002EF4D0A0000-0x000002EF4D0C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4780-1494-0x00000000048E0000-0x00000000048E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4880-763-0x0000020E99080000-0x0000020E990A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4880-788-0x0000020E99450000-0x0000020E99470000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4880-776-0x0000020E99040000-0x0000020E99060000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-493-0x000002794C820000-0x000002794C840000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-482-0x000002794B700000-0x000002794B800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4884-487-0x000002794C860000-0x000002794C880000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-504-0x000002794CC20000-0x000002794CC40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-483-0x000002794B700000-0x000002794B800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/5000-616-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download