Overview

overview

10

Static

static

1

f8b3078e40...aa.exe

windows7-x64

8

f8b3078e40...aa.exe

windows10-2004-x64

10

Saccate/Ch...no.ps1

windows7-x64

3

Saccate/Ch...no.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    53s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2024 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Saccate/Chiriguano.ps1

  • Size

    51KB

  • MD5

    6c30e6cb99e14b8e5446a9a5726167ed

  • SHA1

    01d799ef731cf409d29a51696fd3380b296f8730

  • SHA256

    3a0443fe99e0be036a5747d6c6a4a0202f5f55ffb8a338af90f829d8bbf5d5f6

  • SHA512

    39358a6fa774429954c0a599f55685608220eabeef19b6c9be1040169b65577d51c9306d537a248779a79b092e820fef7e9ee4f256297434c3677be7f75b8696

  • SSDEEP

    1536:kVpjFOKIF51+UTMIKwoQTOxBrlGtGfZWShL+m:sFO1FChNBg5EL+m

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Saccate\Chiriguano.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5020
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1048
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1768
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4548
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2908
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:612
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4396
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4280
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4860
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:780
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3460
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4012
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3776
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3352
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3456
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2584
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4892
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3244
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1544
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1240
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2236
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1824
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1196
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4288
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:64
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2124
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:2964
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1176
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2872
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4664
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:1068
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:2124
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4644
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2852
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2408
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2460
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2420
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3844
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4736
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2064
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:1144
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4260
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1100
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4580
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1912
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4384
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:944
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4744
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2616
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2852
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1240

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                      Filesize

                                                      471B

                                                      MD5

                                                      4e32814baed4af44214cf06a21c09210

                                                      SHA1

                                                      8ee1c70d7bb0d6b200b052b30daca397eef7b525

                                                      SHA256

                                                      e9fb19d6fec5ad7ef921ebf098328042a1dfc8dbdc725a253bbb340a66fae59e

                                                      SHA512

                                                      608c2fa46685cee3bc45c1c2480c9adc3e04e9a5e543ce0071ca31ab94f25bc56d2f6ce641799d0097abc572039b4cae1ad1a3a980935b6e80a7457a775911c8

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                      Filesize

                                                      412B

                                                      MD5

                                                      8cf95b727ee441da9221ef6e8d066d85

                                                      SHA1

                                                      ca57b1ded0106ae0df57099d203db367c04473e7

                                                      SHA256

                                                      feaf6302b924627cdb5029a029a449dab4e6ca56a46095d08a1bcbdd075082ec

                                                      SHA512

                                                      0ed036d21505176cbd2aa7e7887f88e21580bef30a663ff17de4a8444fe7e8c650df6cc0fef32e4d821949a147f0b22de7e2bbea552e0182930464eb13d172b4

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      f3ee0c4dbb07b136914a2dc415aabfda

                                                      SHA1

                                                      5222580cea0e39ead3351f4af5ead5141403877d

                                                      SHA256

                                                      48249f3b220ee5c5c1f29f38c0a7b9854e84de1a3cae37ffe21dec8c57679236

                                                      SHA512

                                                      b19cab452fee980ec746075787d07a863534b0392b0f1b7a26dfcbe28e02318b1e3f9aaa3849735bb587d7a908a59d74f3a4ef0a04f2ca6ae194e69423b552f9

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133754674492358787.txt
                                                      Filesize

                                                      75KB

                                                      MD5

                                                      d8198736546efa4156fe478743216514

                                                      SHA1

                                                      e2f2d01745dbdcdf1ee8e856466d9552c86e3f33

                                                      SHA256

                                                      5dd11f11f79089110eef689089d30c6155df8a66a533986d416b316ebdc491c4

                                                      SHA512

                                                      66cd34aaa4275e70dfd3374c5ba83539da9b198a87eb909e1e0ac899f13c928c4137923b196348ec9dd45803ef0e9b9a66d0f428b102854c28c1ccb89b2f42d5

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\LLDJA3WI\microsoft.windows[1].xml
                                                      Filesize

                                                      97B

                                                      MD5

                                                      372706547a804b876522fe741dbfc040

                                                      SHA1

                                                      9bca733d6804f24c6841ef02b52e8ade1b45d7e4

                                                      SHA256

                                                      09fe1eb66c953d75dc66ff6df9237cde5f419fb25fab6327de9cde6676219651

                                                      SHA512

                                                      cc8057de048bf5646e41bed6f01111328bceae9abb4282a4ee1be635d086b6b3647cb5cc17cc3564980e5e31342a767dc639e536edbd3720df6b35ac7ebce34a

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jblhn2at.2be.ps1
                                                      Filesize

                                                      60B

                                                      MD5

                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                      SHA1

                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                      SHA256

                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                      SHA512

                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                      Download Submit

                                                    • memory/64-1034-0x00000000046A0000-0x00000000046A1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/612-46-0x00000157A1DF0000-0x00000157A1E10000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/612-57-0x00000157A2200000-0x00000157A2220000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/612-35-0x00000157A1E30000-0x00000157A1E50000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/780-319-0x0000000003490000-0x0000000003491000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1544-744-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1824-893-0x0000000003700000-0x0000000003701000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/2064-1316-0x0000018E80100000-0x0000018E80200000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/2064-1315-0x0000018E80100000-0x0000018E80200000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/2064-1333-0x0000018E80AD0000-0x0000018E80AF0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2064-1352-0x0000018E80EE0000-0x0000018E80F00000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2064-1320-0x0000018E80B10000-0x0000018E80B30000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2124-1184-0x000001699C560000-0x000001699C580000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2124-1207-0x000001699C920000-0x000001699C940000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2124-1193-0x000001699C520000-0x000001699C540000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2124-1179-0x000001699B400000-0x000001699B500000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/2124-1181-0x000001699B400000-0x000001699B500000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/2236-763-0x000001AC94F20000-0x000001AC94F40000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2236-783-0x000001AC95320000-0x000001AC95340000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2236-747-0x000001AC93E00000-0x000001AC93F00000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/2236-751-0x000001AC94F60000-0x000001AC94F80000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2236-746-0x000001AC93E00000-0x000001AC93F00000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/2584-602-0x00000000029D0000-0x00000000029D1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/2964-1042-0x0000023A10C60000-0x0000023A10C80000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2964-1073-0x0000023A11020000-0x0000023A11040000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/2964-1050-0x0000023A10C20000-0x0000023A10C40000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3244-603-0x00000207A4020000-0x00000207A4120000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/3244-620-0x00000207A5130000-0x00000207A5150000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3244-632-0x00000207A5540000-0x00000207A5560000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3244-608-0x00000207A5170000-0x00000207A5190000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3456-469-0x0000016399800000-0x0000016399900000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/3456-479-0x000001639A650000-0x000001639A670000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3456-491-0x000001639AC60000-0x000001639AC80000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3456-472-0x000001639A690000-0x000001639A6B0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/3456-468-0x0000016399800000-0x0000016399900000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/3776-465-0x0000000004050000-0x0000000004051000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/4012-338-0x0000027128FA0000-0x0000027128FC0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4012-358-0x00000271295B0000-0x00000271295D0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4012-326-0x0000027128FE0000-0x0000027129000000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4012-322-0x0000027128100000-0x0000027128200000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/4260-1314-0x00000000049D0000-0x00000000049D1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/4288-910-0x000001A61D570000-0x000001A61D590000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4288-923-0x000001A61D990000-0x000001A61D9B0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4288-899-0x000001A61D5B0000-0x000001A61D5D0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4288-896-0x000001A61C450000-0x000001A61C550000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/4288-895-0x000001A61C450000-0x000001A61C550000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/4288-894-0x000001A61C450000-0x000001A61C550000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/4396-181-0x0000000003F70000-0x0000000003F71000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/4548-29-0x0000000003F40000-0x0000000003F41000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/4580-1457-0x0000000002280000-0x0000000002281000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/4664-1234-0x00000000042C0000-0x00000000042C1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/4860-219-0x000001EAE2480000-0x000001EAE24A0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4860-187-0x000001EAE1EB0000-0x000001EAE1ED0000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4860-199-0x000001EAE1E70000-0x000001EAE1E90000-memory.dmp

                                                      Filesize

                                                      128KB

                                                      Download

                                                    • memory/4860-184-0x000001EAE0F50000-0x000001EAE1050000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/4860-182-0x000001EAE0F50000-0x000001EAE1050000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5020-18-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-19-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-20-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-16-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-15-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-14-0x0000027A24C30000-0x0000027A24C54000-memory.dmp

                                                      Filesize

                                                      144KB

                                                      Download

                                                    • memory/5020-13-0x0000027A24C30000-0x0000027A24C5A000-memory.dmp

                                                      Filesize

                                                      168KB

                                                      Download

                                                    • memory/5020-12-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-11-0x00007FFC53830000-0x00007FFC542F1000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/5020-10-0x0000027A247C0000-0x0000027A247E2000-memory.dmp

                                                      Filesize

                                                      136KB

                                                      Download

                                                    • memory/5020-0-0x00007FFC53833000-0x00007FFC53835000-memory.dmp

                                                      Filesize

                                                      8KB

                                                      Download