Malware Analysis Report

2024-12-07 16:03

Sample ID 241113-n2fs2avkgl
Target Launcher.exe
SHA256 942be7ea713e2cf7bac851510e2e601932103331902fe3ed436623f1c7c9507a
Tags
execution discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

942be7ea713e2cf7bac851510e2e601932103331902fe3ed436623f1c7c9507a

Threat Level: Shows suspicious behavior

The file Launcher.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution discovery

Loads dropped DLL

Executes dropped EXE

Enumerates processes with tasklist

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Command and Scripting Interpreter: PowerShell

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 11:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\configure.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\configure.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:57

Platform

win11-20241007-en

Max time kernel

93s

Max time network

99s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\tclconfig\install-sh

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\tclconfig\install-sh

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

84s

Max time network

97s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

142s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

82s

Max time network

99s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

85s

Max time network

98s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Replace.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Replace.js

Network

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

87s

Max time network

101s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 4420 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2132 wrote to memory of 4420 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2132 wrote to memory of 4420 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4420 -ip 4420

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 468

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

148s

Max time network

163s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

90s

Max time network

97s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:56

Platform

win11-20241007-en

Max time kernel

15s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3212 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe
PID 3212 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe
PID 1908 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 3656 wrote to memory of 4116 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3656 wrote to memory of 4116 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1908 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 108 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 108 wrote to memory of 724 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 108 wrote to memory of 724 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1908 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 980 wrote to memory of 3936 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 980 wrote to memory of 3936 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1908 wrote to memory of 124 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 124 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 124 wrote to memory of 3680 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 124 wrote to memory of 3680 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1908 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe C:\Windows\system32\cmd.exe
PID 3420 wrote to memory of 2948 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3420 wrote to memory of 2948 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"

C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe

C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\Launcher.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "WMIC csproduct get UUID"

C:\Windows\System32\Wbem\WMIC.exe

WMIC csproduct get UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic bios get serialnumber"

C:\Windows\System32\Wbem\WMIC.exe

wmic bios get serialnumber

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell wininit.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell wininit.exe

C:\Windows\system32\wininit.exe

"C:\Windows\system32\wininit.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2nkkyxyjAT9jgV1xCS15TU2oCxL\chrome_100_percent.pak

MD5 3c72d78266a90ed10dc0b0da7fdc6790
SHA1 6690eb15b179c8790e13956527ebbf3d274eef9b
SHA256 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7
SHA512 b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\chrome_200_percent.pak

MD5 3969308aae1dc1c2105bbd25901bcd01
SHA1 a32f3c8341944da75e3eed5ef30602a98ec75b48
SHA256 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6
SHA512 f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\ffmpeg.dll

MD5 60bc255d5ddd8fc9c8be4c82108a2c8b
SHA1 ad1a0606f27d95608e02d6ad0c40b342008d8f24
SHA256 cd0ccc24489532a6c6e977ea4d25250d9850a395b51c46f90b47ed21ef8044ba
SHA512 fc50c39cdcf60a622cd4b63490c9ef2b4e3897acc05b25e900bff5d351431628e8141048995deb28de270b002d67a3976a4b528a5b50b5d1cac6683f48f1fb38

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\libEGL.dll

MD5 998ccce35f45d91eda0fbf2272923b03
SHA1 9c99a7a8e4dec171cc0499e229730a241c164fbf
SHA256 ad75ac7d0fe26ee9665c075e705d290233732feb897173597a18887b3d1cad7b
SHA512 b5cf010ccfe4083d83e5c3c8df144bbf30eef991ac2f91f081562cf7e2b4182447cc4f86508fbd1ec229a6a34ab1907c861276776d8f657f557cea2ff7b3003e

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\libGLESv2.dll

MD5 06d7890e8f5423bf90a02137af53d95b
SHA1 980f746f895bef998bb78d7adaccddfab6a9aa5b
SHA256 586a04652de1a392e8f0c4cc69ece9b7370be4953b9fa4019d09207578324e42
SHA512 bad64ac5761e2db7a9453b731c10ba13409aa8793c7e82d56c48c6231f923debb960f89d92eb69ca2914283b85d4102e8e1ec38cb7bf3d1009fc390b45ccd605

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\LICENSES.chromium.html

MD5 f90bec233251fd8b0cec0a2aa45be071
SHA1 9af25a284eb14f1a8d5e67fd91d7f963d7a9c3d6
SHA256 1479be3660c7ebfa60813d7ce9c5f017d25946ef762b3f1cc571180b25151e48
SHA512 23dec29517ff7ab9999462211844d369f5f7e582037914d1be98af3bf43c41417a27c32314507d19d37d87d9acc4c8da085948794cfe32689dba7a2e0a393b04

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\snapshot_blob.bin

MD5 e039d61d0714fdabb0281425cc4ffbbd
SHA1 fd130b3c9f864f5491e913c3b07a2e0b1b0ca5c1
SHA256 803991729117f88eb4d4e64f77c49a1ed40ad1dbf7cce263c9a295bc0a23a975
SHA512 b7c4a2513a52acfb5e9f3671d86625346fb141ce204cc8f794f0521f3e738d05b5704454a77609c1f0a065820cf05bf52718da40674499ae2eb77ea9e2cb663e

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\vk_swiftshader.dll

MD5 a4badb3b16df7c363d00e8b54658a6d2
SHA1 b1ed12455ba568baf79cdf7c6df3f89ea668c8d3
SHA256 809f1914bee43aeb4bc45259893cbd50bdb4c2c54f4381e9ead2cffc048268f6
SHA512 b86f786b1103f7b3d806646a9377664f1e162e4593cdba83ef3b96d37485957ad846ec65477f88c1cf641bcbeb1f47cd133ddc4512f12b0c739918dce4888b84

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources.pak

MD5 8e873d75db7796e02430109a6945b9ba
SHA1 75c1513cc317619e04aa99e0a8dd66164892a77e
SHA256 da22c6359eb8d7205d8401bb6a5cd2b2bf2ed9487953038232baa6ad8a5e9319
SHA512 38a0696a4a6ff0c484ded95f552d89d6bf6324f1759f5c76f32f86cebd1637c25dc87d89c9b3627dd95627ac13c21872d07e045bfa4d576c72b0b8d47798166d

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\v8_context_snapshot.bin

MD5 eaf279610dee0e18089fd16e4467b440
SHA1 caae7ebe351e27d81a6861710d1faba418ba785c
SHA256 096fc3f5002f5032d5c350200d4948851647262fa44f0a7c3770477f9ce620ce
SHA512 355a1d0a82a81d46858a9df7c334b91db869d5c0539451351d188aecd785a4c3d5ac29fa347d6f87c2d0e770f039475fe2fd718b4ce6fb9ea5cf05f1cfcc7973

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\vulkan-1.dll

MD5 ae0ba3c0e27b4c141bb7d8d826ab1417
SHA1 903f8a739b03ef53455edfd30b9b6c83732ae645
SHA256 81f7ed468a8cb5d8847c111ffed008fea78a517c49e6753aae3ae3ab6f4d8127
SHA512 4e4a33463064be6d930950e318535f9f1334f9114ed06dde200851e4dfe9d202f4438e9eed26088edd9c46e741fee64df43311fbf914ae3454166b9ef6ee59f5

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\af.pak

MD5 14fd36a0675c7f31b38ae67385ecc35e
SHA1 d6c1c568ba36c5ca612caef828ede54d8525ed0b
SHA256 e2f838c58a05496ea2d9ea60ce3c4069784c22a234af27a09530f00612863e9a
SHA512 c96ac6303b0640279e4c9dcda1cd685bdbd01c941c4779eeb0d4a2a91d72cfcc9e5e148316b70e06a9b41c1a11108b75e6740849c0972a92c521d78c935e2bd4

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ar.pak

MD5 36039eee6a5822855b838336a05ff45f
SHA1 5aa6582e72184eeeb5bcf51a4c763871f7d490e9
SHA256 9537067ec45eaad411cda478088cdce4bade6fbed5d236c09e1d674db7f8c651
SHA512 a81046c1085a5c054f9388783fbd49d1b149e20aa5524f43b6de98222329eb5d6dc9e9b22f59df59692d5cfc171c7dd2694cb68d77eec38687bb94f295b2bb82

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\en-US.pak

MD5 0ea050358326e9ba2fd06751a7b2bad2
SHA1 3610b9d4c370af456bf8d1447417ba5194fb6a85
SHA256 55fd1b71a47b6d4a81240240fd24e12c3dd7b986924ecc11afd7d21e7717a49f
SHA512 d10d047be9629608f89afbbc115ece521af4ea1a7529832943b67441bff2fcd698feefe6df6296c306b399c55acf84dfa0734447f5f64063f2e1ecebbbc8edf3

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\en-GB.pak

MD5 f65acb944ce633180762095ec6a48e31
SHA1 ba5cc1fa02a1c6055f5a6bebe1aeb993e3844590
SHA256 87e534f1d0a4b32bd9ae207e167f87499bdf1e05c5a7c173fc3aacfdcb0073d8
SHA512 11655eeedd381c2629c34c72a106da1130dfbe6d50e7c8d32a29feb5c4c677a3606b4615f904e029c1703d6745fa61b959e50e928022f596aeea29bf2d2a65e4

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\el.pak

MD5 5d65998959e4a5ffadd4b59bd95e649d
SHA1 279668a833a995aa1f86ae3c880b05b874d278fd
SHA256 73fd71845722470acf551d6c187731bb14886f88f75d257dbd696552c3a83ad3
SHA512 f530428a41652fa42b3d53116483fc036c69f08d06e77097846f0227447ecb2a91b4e1aced743302b3f688869f611c498bd4ccfa980f5588093321181ae141e3

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\de.pak

MD5 5fce111d16298b7352dce5e116f18d27
SHA1 f5097d5d3939870e3399d04a415e339c0d94a2e2
SHA256 2505f0b9993eb9acb000678fc4616ef1bf19348ab98ff354683ddd51d5ca43bb
SHA512 24ad6cf180b4ec132bb57500523462ae9480cee710fe33e71835336ec5f1d06deac27e9d03cebfd09cbf2e46cee0fe93063921bef79087ff51cf99e07afbbda9

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\da.pak

MD5 200a10ca45a629d1d0ee59c8700c3626
SHA1 380e3d3ab0a7f210d32e3ed0ae566f9db3802fcf
SHA256 a8fc454536f58e34d3aa379596b3641b68b92989c2c2000f573c834503d47f24
SHA512 d5855ed1d2bf9992c7945cb30a133c3e6547a6f22f714baa17a1292d85c64e383bec301b77c01243b561a015b24803f93b384a1fe66dcd8a25cfc855b10b743a

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\cs.pak

MD5 c6c7a0107a65fdf86b93aea05f770a47
SHA1 4918ad156e75fac0bdc533442a55acfadb0de6fc
SHA256 3daa3cf19d7b4473394dc35a82781a009eef683ab0f7b1e3db8b84d6dbc4c57e
SHA512 122151d9d773115ee6ee09e7e4add15ae0d98fc7e6af878b3314e5fc1a4945157d3fa83e189817f88ad81d2738f5f2edd42b97198aed6c98e5ec61938c06d352

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ca.pak

MD5 ff3ae427de1581ca390b0b1f36f39f7d
SHA1 9f03512629c5042ef5a52e1a20f08ce5efa351aa
SHA256 3d98926176ea7e250ba58e304a3498d859cf66b9a123498f177300a109f2cf07
SHA512 c6b458415ad16cbe3c3463deb32ca0a1039447e4e170a37581d0945f2cef07068dd37bcc45df49a5507d26fbe2dc26988f7ec50eb7a26f3c0691602440238ff2

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\bn.pak

MD5 4be5823c75fcc1c1156a0c8813ccece8
SHA1 123f94f742f5cc20e9da173a611a5f0052253469
SHA256 21b1ab4beab7b420234b18c41fa48d6ce4bf26d5da89e8b235d6e56f74fc2e2d
SHA512 fb3263004a4dac70c1d03be6a9ab984d7d04889b5614a1ccf655f3a76961698dab6dff1c059bb6832487530472be29771e01ae8cc665a19aae4b0f6913b56683

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\bg.pak

MD5 b23e1d286b4332102dded607e667c71e
SHA1 e343facd16bd504714fe102949a3cc06c92d982b
SHA256 bd277988128fec0642d5fb2d922fb6d8dca33eabe2546cdbeef7006ec8b0757a
SHA512 9037089867a0d99f60a458f61ef4e45d00482f9f0558f908fac6e3c8fdf80fa5029de433cf89dd7f55671fdc6e4c8e8742cf9c53d2f4e40b5ea48347a8f8c3df

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\am.pak

MD5 4ccaf97afc2714724a32e9cd0f528a42
SHA1 7a74b02296cc237885d96179f4f81b65d8538299
SHA256 f5ff8bcffd6222d96bb2c180bea945d9e7f90fe3b4d2123eb3fb6a298f8fc61e
SHA512 f3990073b9f6a3662265bb5f39b942b06913fb3a6a99e3416d1099cc9de4089c9a98209c5e2f633d7eef984c7be155cd9624afc2fa2b0f3a4b735490ce743b84

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ja.pak

MD5 f84e728b97f1766e1cd24800a409a411
SHA1 c42bd9849b5e5510e56dacf06a8ce126bfd00744
SHA256 4beeabf6962e1e5b042dedbc45d21d3786c331a3ab1f3f3f51f75fe9ed8811ee
SHA512 769cd214f19d735a06dc7eef8db23f6b3302e0daeccfbcd6405c9aa251ca24392fe6cdfad9ab9273c8c38ab763a502f2204b48526e10cf2c3439ab6544698f9c

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\sv.pak

MD5 52be946c5512d40a8c4e1add4d37ee9a
SHA1 d0b8fdfaa572cd72b7ee15f6d3fe4c5cc0acce72
SHA256 b49021f35acd74a67af3d77ac9e4d938d9a54918ac3a9ec4e38e192f2cc9af32
SHA512 6f0a53a83e2819370fb5ed4e77e08fc01942d141e90d88152f5fb6a4e38de2f2dd07864e00d50ed18d1320d9cf827d22829218837822f6c6f34770a01a10a1af

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\sr.pak

MD5 755d73be3227055ef6cc084cdf8e2c2b
SHA1 b1894b1a8e53393d75907dfb2e88806581fc00a8
SHA256 8c31d207616b081e016a5df4e67dabfabe37072f1bcda1cdaa64ea4d935ee694
SHA512 79029204f641d07b9d729715ff1cfb0d396353729fbf40bbcb25a7dff3c843a9a054d7e38849aa1c87ef2014d83e864c1cd30b8265a7928778ead690dd4e0a93

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\sl.pak

MD5 f0cbfe15d823895ef5443367b906d51a
SHA1 06706edfd6fd9d3ed04f571cef89fcc3a81c33d9
SHA256 8493fae950d7caa3556d0f39fa992ec85c2ab6ab58ae5250a6fedee09f5e89f8
SHA512 bebc78688aab7fe6cc9b09469410bb49cac32b7f240b499abc5eb9aaa8cb4cef44fa3c71840102a6a854913b6bc3e9a473769487fb51eaee1a0973daf63c9004

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\sk.pak

MD5 e61d8cdf7f7fe4dada93a04ed91a9b83
SHA1 8553d0345be95d506a21c4e62149858feca51f56
SHA256 9b87ea25180bb8dddab69359d41d594f1a594f87ec75eb201f6bca6ac87b488e
SHA512 cf73149982c81e26d1c3bd73cb1cf6d4b1c8ac59d5e0c1777e92d420bc56e78fcaf737da785578cb95d2e8b61c1d8a828a0eead147b5934eb764b64f6e91adc0

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ru.pak

MD5 0a7e71f5efb94f8527c2a6750d2d2490
SHA1 c449c1b7f56fd5a1f7b536672309b2dd98da080e
SHA256 8558b5ae8a8052b5514ce4dfce04ace907ec54037a0236ee42890f8864a5f92c
SHA512 fc6be5ddd2407a5e59fc47020728b5f3bf85e9ebf7e80e3582f2701752e9dae523cb8a58c1785c52df9b0b169ab8646a9db1eb7cecabb588058bb70cbe113a0e

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ro.pak

MD5 c93f9732b24292d5b4e9fb5076127107
SHA1 9ba57f6ad8437405588d86548efb02945a530f03
SHA256 d01a6caf125cecb2bc232a00039c4c8422c88b2d5ec374c89a6cb0117e8ef33f
SHA512 c51015b24b1a73540648b4338da33783e7e4685317a60f64566cb3eb2366a4bd27114f96db1541f553e626f15ffbc95bec78f562e93613de935509e76ddc2aee

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\pt-PT.pak

MD5 86a155a0df0c9b5fec50e57546050bb8
SHA1 e14e1d956da30115ca80c694a5d0c781e085426d
SHA256 4387bddfbfe69542dbdc3c423362116bc34481cfb20b0311bab65186f571e87c
SHA512 2719c673b2dc4d8dba8dea6f589c4a43fd771b2783bcc78a1d387549f72fb1355163885dd68eb286d72737d7676df228647d1ad632e8599093aa845800861cee

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\pt-BR.pak

MD5 8634e12029fc824c1d68d4cffce1e523
SHA1 fb78bb73fb7d1bc9364a6ad509e4e3ef0a965b9c
SHA256 b5ef49a16803eaa39971f54285e8fe4f7ce126ad725edb99f8a521d121dbc517
SHA512 18d3209a7c76fed698b7342d875c3c4dab554771fc1c639006c20554d7074655795889c6bb0bdc5413f2b9ce226b8564c3a569280b11199f91eb209a9eb16f6b

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\pl.pak

MD5 1685f404ad1bff6cf94480786edf8dbb
SHA1 20c6c80a4309b56d2d424adc30c3b91331c8948d
SHA256 de614454a8d36409c4ac9aa03bad2ae0c4d964a12e36362efda2c83a59781e87
SHA512 b60e5c1b079ca3f46bef5e6ac5dbde1fdde54a6c210db6972b7d595a12d5ba6675192f047b8b067b3f1f9ee98ba5c15a1f069571c9692a5fd199ae93086b2647

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\nl.pak

MD5 be1acc31a045ac01087c89bcc3b26328
SHA1 f6cf150336b5202ed6fa2ad7123e5f82ec1c5106
SHA256 f3e044dd9bf6cdd0f406b12ba28b492c06937a7c046a801ddeac24750f172a9e
SHA512 f2a47f18ad953437d5bf61ff245a2bb5814f8d9d19c9265ea90d6e01489f997a68d754546700c6429f337760358594049dddcb1123b650eee6f0b0e95e252695

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\nb.pak

MD5 509da8911c1d7564aac0613fa0e73403
SHA1 b70ed8edaeb574c80c9b59cabe7f5e3f98719e78
SHA256 a1b1cb1af7ffe3af713e423bffed0e15e475733143c4ba06abc87d6ea0731456
SHA512 176fca10ecc65e27439ac8ec35bdd2aa08cc9b674b7bd6c5b1909fec786668a6d8b33d718ca7807de323ff3b8b7107de82c57aa71ac9e7079f2a37610fc0969a

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ms.pak

MD5 3dd48aca5a1b1f54abee583b28b03da7
SHA1 d42b7e2252776a7e960a7aef6b849fe6f6c8cbfb
SHA256 9d1353d27c77b38e18f22e4719f8781dd6c126f86f6a84ff5170d28a202aca7e
SHA512 f190939c13c2d1ab318084dca42d8132b723a4bba775ef547944675f7db37497bfb45c2391b792091ee4416bddff7bef25f3f707ba1346c5f7ebab7fef410c8c

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\mr.pak

MD5 4768c4daf4ce9ffdeb3d11ce64e0f3ec
SHA1 e4eebd9c013f0a7857b6678ddd76e51535f82102
SHA256 d1332150da50884e0caaf78c36117c0d5958e4b3ea067e3dfe7ae157fec01de3
SHA512 e60771b5e55defc66df1c6043f4f3214b71cff1509d928029bb3a13bcd3c3b665ddfd1426db300d08c1d978c5f62881ce37d64252c264c495e1b015ff11fe22b

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ml.pak

MD5 4ada3d6afca7a3536ca56766921a2e11
SHA1 22445c79906d71f75486c767e22562fd28fbae24
SHA256 901c7e8006d1e73a7e8146b383f54df5d90ea622f0ec4cb5660019acb8433d4a
SHA512 4ad124e2e57693592403b73d05993fb46b1bc1dfc50d0ab326ae96cd1c1461cd1cd1b4e8ca4445cede3f7ff12278d07b3a138201e9028dddb31e2b4d8b151748

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\lv.pak

MD5 a49f706e800b0679551442f2e98dad4f
SHA1 e3b505f693c111113fb47c436a8637e8f552fe95
SHA256 ebade538cf0ca8de4878f5ff703a18050d7494dd97e2cba8b0a0f27fe397d468
SHA512 a1f02ef0682727324b7a4f2eecc4bec3b6e363589c39d3ad63c92d9ef36a6f81c7ebf2ff68922f1966e8635a19aa38d109880526502f9a6c1a240c4272409556

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\lt.pak

MD5 ea646ce51bd07999529fb719ddf063d5
SHA1 94fee802cc876e5d2b722d1872c7ed927a14c33f
SHA256 af5ea09e52a33451c43dbcee0028ff0a19bce6877c00f2643b8fa1f9d060ef90
SHA512 58d0beb8d91825785dd4c0ad08070a04554cbad39b443cb9cc8b2747a8257a5295febfc4484dd3e7a3ede86859bcebbcb176a112016fd07c64be1d856bd39678

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ko.pak

MD5 fa3c8f5c1f1ee523c3f9d566ddb2be24
SHA1 171133dfe6c2200157b9f21e1bab690632f2ba64
SHA256 a02ddb9e195a9aff301f2e23c7abc41baf526e5f14cd4dbf15c55c5c5c78a09d
SHA512 5482a964ccd9ad951338cd09cd8f2f76acfe8516a73d2bea6390c9fac17d532a2ed47fd50642b6d9d7b1313cb688c3a997068cd71b9b985e423c0054fbcb4daa

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\kn.pak

MD5 58218cff338a420a4ce74a5414559782
SHA1 07c944732d5a2cc9b9b8bb90a78be4892630db22
SHA256 938bdd9eb4c5e278739a103c7bf435db41c3524de718e30f3d66ae60f8ce02b3
SHA512 ecd54a261a39843d51bd9198029d141b233a6b7d652c8afdabb5b44019cf869b1d9505d411e0ef3de7365255579e1ae2cda0677d91071a566c6509e09c32efa8

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\it.pak

MD5 7872fe9c01ce9eca8f0358fe718d5582
SHA1 7ba1adeda4f2dc7467b9af81f22b00ee9c633ba5
SHA256 3f9cf91feacbd3a8e18930aa536ae0c2097e8f3b56da1f356a6243ba27b9df26
SHA512 268264a2b7048d52f90e6b3b6704b848980c99d89937326359759411a529b97e024b9dc93bfedf90b84aa642681bc162f566f4fc5f48e8d007897a218496ed36

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\id.pak

MD5 c83b246a36389f1087d32e801091559c
SHA1 8a7d1d417868611ca3706a0d829c3b8f9774fcfc
SHA256 f2761928e6a189ad28183304a5d56fb1c51f03cca5f315112b7b8722b781546f
SHA512 ba39a82fc9a379f0f83f107876dfee73b4bf2f0e35b7c683002015dc3740c52402d0a5d3eb19cba383c17b07abee807c47a7c27e278c0db6847612097ef9161e

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\hu.pak

MD5 2f761b20258c04cc9e3335451160b33a
SHA1 2144a0cf0e994f3b7b030fc8c51584b4c1af11d0
SHA256 af4b5654ccf418e5bd34e2850c63e4e73c85eb06da1cbe75207743ecb70135b8
SHA512 b605c0dc34cb070afce84b4d189be63f976f60626f73f0258b52d169dbea59e338a54bb75f801f6c95203dcc179fdb284d3a836cf1420a6f77efa165e1bbb4cb

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\hr.pak

MD5 6249233aff4a7a2cab1a01681f3b555d
SHA1 62892f7cc147063bcfd097df52512c4caa39247a
SHA256 a6cc5da8b3b46f2a327de8f39c18a8a9b58031e1a0484321e2cebe397c30f29b
SHA512 23ae48ea57fcf4a43ac558131ddf6c001104e44840ae44f1324ee7af3f434d6279ed2c7e50fbedd04f419b3f15ae973f6d8ecb0c602faa449e64a62249d6203d

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\hi.pak

MD5 fefa6262231aff9dc0d2421990a3b634
SHA1 24eaf51449c77164b3128894949317e1d79112be
SHA256 69277e0864383fd2a975d1dce2df1a3763685ea52acc10401530e31f03c4e7cc
SHA512 7b31d1b6f9a48a0743c0639d3e7a80687973fe76f3e0717d6721571a696feee53e4af327661e4febb8a6702a42b9d1112e7ab259d8d6dea7827b2d61a67f4149

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\he.pak

MD5 a68fa2b08e442b05874dca64b65470da
SHA1 d79593cf29572a491b4f56680ec9f1bcce7f312f
SHA256 ddfc635cf22dd117b28929b196a46554d21656c60a7eb4ce35dde84a80032dc0
SHA512 b80328e2b4043decd45fc95c6ac4192e550ed21398563c7a8135be50ececa01a0f762cccbabd37265f14c25a0f4d63b6cb7ab98996533cd743fbbff4d195df6c

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\gu.pak

MD5 b54152f1794aac7d270f5cfbb7a020d5
SHA1 d14f3feb7206468be4abec39fcd14cb4d3fbf561
SHA256 b23b8f24e6a0a5267f4704f82dbbe5bd4ba34a3878a883bdbd9680f6512a2201
SHA512 8ec8fefdac754b6049b045985b754a4308ded71d79f43925a302076610fa8a69f29fe764ac5acf65618d684fe73097862f4b9b43c8d21f410ce7e94adf78120a

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\fr.pak

MD5 42433f8f6044f028ce65cd90a0080fbb
SHA1 7f3036c2def226d9a9cc040b723b07117e72ab3b
SHA256 784b1588645351fdb98fcba9cffa1afae84961e71fcfbf5b80c0b8cc29cff69f
SHA512 2363435ec520d0e80599149a628aee0011cbeb8cc8ebd44942a52030c92b72e7077b51edf65057af0c4ea0a56d78b6266edfa62873dfdde09be0356f68cb4aa0

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\fil.pak

MD5 fcba5a4988b87771b4c784fe13209b44
SHA1 2781cd227fd305f6a448156c99d742c622a945de
SHA256 75bd5b252c6629f9eb30c00006c9270e341d12cb94679d334cbff7d35a28d37a
SHA512 bf483c68a6cc236fe5f45ab7982df951f13be571838fef13a5da3a201c98e26dbbaaa3ccb18950d6bc823797590f2fd3caba65b63b6cc9fe11c3123532323286

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\fi.pak

MD5 5d693a7021eb7c4aef053bd0954b9fdb
SHA1 8500954dc82f8212fcb6e58db128e650479bbbe9
SHA256 c2b0402222e9e877618f908518d9bc62bca45ea4167734ce93f36382cb30f2cd
SHA512 425f5889fe6b1b3a38eface19419642cba5d03657a33a9a85eb457ac2882075f1e73f58d036ef459f3001e8f717b92df08d761d865711c3b2b560727841a9827

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\fa.pak

MD5 d764a7eac41aec2bcd9704f2a3e2122f
SHA1 88477fb426640c27dd95db6fc3cf4d0150a9b097
SHA256 0a174961cacce870d6eec050f1e41dd44155e583db7093f1caa33822d8c471f6
SHA512 50f59426fe77d48b79b5f502ffe46a3b7f591b3a7f42b6282b60997f766edba1f756783c40a9d3104a22ad9f7a8f930b9cf72d635ef88401daf272d69e2f69d6

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\et.pak

MD5 e2e6b9dca370e0492cecabe8cf284975
SHA1 fbbeccce405dcf52bd495677a9cd9eca16532977
SHA256 2fdcee1405049d9b2e77914cea04bfcebb9013063783a89e10a19e227c566135
SHA512 2c88a375d176ec0392f5b73e3f3c1b61ab7361a2ffc7365579698bbf80ad1754a49ff854b5fb268317267b7e367fc8aaa52c012de33812201689426511b925f7

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\es.pak

MD5 17cf466b44a9b3ff9232d298b0d351af
SHA1 3171e6fb16ec3c3a038d824a6ced6ba89c6a7a98
SHA256 bfd563b116a85bfcc1f0dd7373ce09f057d0c7a246f1213639f43b26611c4f03
SHA512 574d2247745415bcad2a8e43f9db06609dc160a84fa7833311d41260d6364d22663ff8ee55e0ed9184eb7abdd3ec8c251faa66185e9d069f542ae57abf8652e2

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\es-419.pak

MD5 b69c517bcc9dcacd327b8601a1ad85fb
SHA1 0065beafe7e12673010fe1009729baf507565e05
SHA256 f86e76bda0de5749f30eb7c4eda26d4f4daf7ea307ac4785cad33836e45535e9
SHA512 f4b2fb7f1d728351a7e98fb888dbdd560d84e6471d50ee700f443f549d958fa059be961d0a7e66de56057699b5c674dfc03996da55b09c48635d26f437f9e338

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\zh-CN.pak

MD5 d5ccef2d737df79adbbbfe4843a4a1ef
SHA1 26c4c4b4eedf1c620737c996b76ecf5d154ab7c0
SHA256 1ca7a26aff7c36a98a9d96550a5f77d15f4bbc546b8d16f7160c1531ac028595
SHA512 0feee9eba045aa1ea390b7e1ba8d2c3966db295e758ebfb7e912d3e224edb12c5a749247f7d5f6498a69ffde30d140db1b587ae42e58fd47ce153b186e238d2d

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\vi.pak

MD5 5238502d80387898467b5a6564d2e197
SHA1 574afdaca5f77f0470c218d0d945f76b38c0c192
SHA256 760436664a06f4c716991f45e17e00645738e8d1c46cd04a116dea8d1dedb5aa
SHA512 fea65ff62f13cd42c425c5055813277b9a0565c515c5ca8db4a4c8505b57f56a8df52d8e201355fa33d65b7d243cf2e6b1796e81c2daeee027dfafa7b86b6c55

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ur.pak

MD5 12cadb58e2cf3d01fb9bf1e9632a7b85
SHA1 c26507bf4bfd247ad51622314357a2f3ccf0f60c
SHA256 4ecf19c5a4eadd8909ff709803204cac4607590572b3ae6e3cf23c20e5b7476c
SHA512 6266f68ccc1b73b3a3944a43615ba23be266cd65f12a080d2331f609a182d8eee2b0553719071ff7f111dc38b92a544bac08f24efc26068032c7ff89da46d50d

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\uk.pak

MD5 8f20598d3c126890390195bb643ece95
SHA1 f2735743e167f40c4a116c8f6a2ddb4e2cb6e44c
SHA256 13a00f4232ce3c58ec32b87e3b81207038ae0d1812a4f579151a6e2d8dd1793f
SHA512 42c70a4170c80c512a264f9193c33e1a8270aeea637f2ded5faf5d7d19efca24bdf97e64a50a21dc92d19311704bd6e058b0d1f212870a52f26058217ecc7efa

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\tr.pak

MD5 ef23040bf284ad019f7e85bf1a4b66d5
SHA1 7d119fda04b876aff2b3c3dbb8da6410ff1b0122
SHA256 25387c543be8057f77d05fb6e19991f954b1d8ff47b369ed15cb23541ac8df6c
SHA512 b5e7e4787f26b9e2ec0672709f2bc06d01075e4b5d298352ff79edba39e3bce2eae60c65a597b051ecb2f964b89061a8f409bb6a4cdbd3383b00d0aa5b81ebb2

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\th.pak

MD5 821e1c0cd7ac4cc96e047df5f9b741d5
SHA1 cdbe922b53e89c801ed6596392f852f14dbd5be4
SHA256 2da181190b745bb7d5f6cb296d86ff87cc6dcf66404e9d991d74434ab47e4bff
SHA512 cd85f3a28c69d0c6d6a2d61eeafb6b24ae991e0ba55cbc5adde966de172111e77c6b11992d6e17c6cd1d1f2f138813cf74eba41b60ed5b3a7a77df9b789ab08f

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\te.pak

MD5 3dedb30de69864333e68f5ee77ef19c1
SHA1 859642c33bcb6c8df0fe7d9ae7d947f4c278cbcc
SHA256 439375bcd7b6533e08c8a73db25dc35e434b0d9fd9e4ace323d6847af7142b2b
SHA512 c15fd0e4bab18f62cae773b85b5d85d66369712d5c5c51f8ef38858de1164bd6f7e11b916eaa5262d7d08eefebf98efd4b3536a9fb1198ca26f38e1881414831

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\ta.pak

MD5 42ee2510d5a0adaaf7159b1f5ac2f6ac
SHA1 677a50f6371766400fd5d3c24f3cf4e5271c8fda
SHA256 5f591d92c509269b7af0501621499e01a411f1f306c014670b562d1e5341bbe3
SHA512 f2427a67b825263c469d85b99e9ee221c5dd8cd377c7276bf3408a2218dfafd1df1a75ae2f5a7a7e6220003159f55d8709d62301f662df0df2e64514fba15d01

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\zh-TW.pak

MD5 40004fc419866d484f8e05767c57bb7b
SHA1 8fffde55f401c477c77e1c26ce024ac9d22589a7
SHA256 0724dd6f642f15f198780405ffbe08303da6263ea13e73a6cf5ab2ca59e8ec72
SHA512 627009933056b71b921f18ee0af567a24d29b1af23b1333b700c15a05ed78e0c0c09b89579108876108a214458951a8d57376c98632a34b2ee59af6adae0deae

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\locales\sw.pak

MD5 98dd12a836df0e3967b8fcf44b18f8c4
SHA1 4762b7f8e5fd1b92c6984b76d4e965c32389cc05
SHA256 c8f6cd8602059e6fd7a1289b9a268d4ddaa1c2ecdef7a9d05ec4bde9bfd9c444
SHA512 f2046fe9ece161b6e39bf94c347e920ed3eaac7d05846270ed847011e319cc61d0ba01c4e80b603edd9e5ae4e3461029627a9a913a10180a311d373ad07520fc

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar

MD5 d0437e23421f668e02b0ef44c1b5562e
SHA1 baaae445fff7ee5d8848ccdbc95a9d307fbdc859
SHA256 5f73f9320350839aa2174c654058b2c285447446aefeb17dd71e6f19ab9b9f9b
SHA512 aea3a807bf5dceea25d8e18d8547ffd873a068faed45e9bd1eae82e13e453e9eefda5af695ba26c2a0c1dc8356e324f92aa926b75ef4786d7eb45a8280fa94e4

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE

MD5 7bd114b023fa6209fb7b02150a202ccc
SHA1 4451515f9d7b16ce8983abb4e85609fe4162c4d4
SHA256 455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b
SHA512 87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

MD5 0b33e83d33b01a51625a0fdcbef42ce3
SHA1 1c29d999ff7da39426b97f2eb31a3d83db8f5fc7
SHA256 a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2
SHA512 1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node

MD5 04bfbfec8db966420fe4c7b85ebb506a
SHA1 939bb742a354a92e1dcd3661a62d69e48030a335
SHA256 da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd
SHA512 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json

MD5 83a6b767cd4ade2116654eb0a90fec3c
SHA1 07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9
SHA256 59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12
SHA512 404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h

MD5 ea1e5899ec0210d7de4ce325d1d94022
SHA1 464da48d40547cb08a67a1ed38cb0ae8369f2f42
SHA256 18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550
SHA512 6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp

MD5 4a55597a2c7466278439452bb708b822
SHA1 eaadcda8f410f2dd1fd9522fd7a2221624dd1713
SHA256 da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e
SHA512 b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp

MD5 c510e65ebcb2fa7c00712e770ec8c692
SHA1 ca1ea3c8340dcf69f344d5eaa884631eef37472b
SHA256 7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4
SHA512 b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp

MD5 88934cc736b505ada3d07afe22083568
SHA1 6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a
SHA256 1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905
SHA512 9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

MD5 79558839a9db3e807e4ae6f8cd100c1c
SHA1 ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2
SHA256 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c
SHA512 b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

MD5 174bf28fccd7fdb6f0766f31fac3060d
SHA1 655f465658957fbdf935fcb7df0b97c93807147b
SHA256 91008a93e604674024bd65569670af5b01f1e4caf86cde50835ee58f59a5dc61
SHA512 fa1be386a3d74767731aa5ad44ff4d89fb456e7feabde2a6e6f238ed4608a80962cadd6b7ff96f15e306a8e819221b66051fa5a7b0658ad52a2efb488492ff83

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

MD5 f0a82a6a6043bf87899114337c67df6c
SHA1 a906c146eb0a359742ff85c1d96a095bd0dd95fd
SHA256 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74
SHA512 d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz

MD5 c02f40fd4f809ced95096250adc5764a
SHA1 8398dd159f3a1fd8f1c5edf02c687512eaab69e4
SHA256 1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407
SHA512 59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

MD5 0ad55ae01864df3767d7b61678bd326e
SHA1 ffedcc19095fd54f8619f00f55074f275ceddfd6
SHA256 4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632
SHA512 aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

MD5 0e4d1d898d697ec33a9ad8a27f0483bf
SHA1 1505f707a17f35723cd268744c189d8df47bb3a3
SHA256 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd
SHA512 c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

MD5 e5c2de3c74bc66d4906bb34591859a5f
SHA1 37ec527d9798d43898108080506126b4146334e7
SHA256 d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f
SHA512 e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

MD5 275019a4199a84cfd18abd0f1ae497aa
SHA1 8601683f9b6206e525e4a087a7cca40d07828fd8
SHA256 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973
SHA512 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

MD5 8582b2dcaed9c5a6f3b7cfe150545254
SHA1 14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81
SHA256 762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c
SHA512 22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node

MD5 66a65322c9d362a23cf3d3f7735d5430
SHA1 ed59f3e4b0b16b759b866ef7293d26a1512b952e
SHA256 f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c
SHA512 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

MD5 b60768ed9dd86a1116e3bcc95ff9387d
SHA1 c057a7eebba8ce61e27267930a8526ab54920aa3
SHA256 c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe
SHA512 84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

MD5 f2a075d3101c2bf109d94f8c65b4ecb5
SHA1 d48294aec0b7aeb03cf5d56a9912e704b9e90bf6
SHA256 e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36
SHA512 d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

MD5 0b81c9be1dc0ff314182399cdc301aea
SHA1 7433b86711d132a4df826bae80e58801a3eb74c9
SHA256 605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b
SHA512 9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

MD5 55a9165c6720727b6ec6cb815b026deb
SHA1 e737e117bdefa5838834f342d2c51e8009011008
SHA256 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f
SHA512 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

MD5 de31ab62b7068aea6cffb22b54a435bb
SHA1 7fd98864c970caa9c60cfc4ce1e77d736b5b5231
SHA256 8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283
SHA512 598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

MD5 29dd2fca11a4e0776c49140ecac95ce9
SHA1 837cfbc391c7faad304e745fc48ae9693afaf433
SHA256 556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9
SHA512 5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

MD5 e8c5e5c02d87e6af4455ff2c59c3588b
SHA1 a0de928c621bb9a71ba9cf002e0f0726e4db7c0e
SHA256 cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6
SHA512 ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762

C:\Users\Admin\AppData\Local\Temp\nsvD36E.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

memory/2948-732-0x000001F668CE0000-0x000001F668D02000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ddk3rol3.2lz.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:56

Platform

win11-20241007-en

Max time kernel

3s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"

Signatures

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5088 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 4488 wrote to memory of 5024 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4488 wrote to memory of 5024 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5088 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 536 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 536 wrote to memory of 1204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 536 wrote to memory of 1204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 5088 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 1448 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1448 wrote to memory of 5064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 5088 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 2072 wrote to memory of 860 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2072 wrote to memory of 860 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5088 wrote to memory of 484 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 484 N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe C:\Windows\system32\cmd.exe
PID 484 wrote to memory of 2804 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 484 wrote to memory of 2804 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "WMIC csproduct get UUID"

C:\Windows\System32\Wbem\WMIC.exe

WMIC csproduct get UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic bios get serialnumber"

C:\Windows\System32\Wbem\WMIC.exe

wmic bios get serialnumber

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell wininit.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell wininit.exe

C:\Windows\system32\wininit.exe

"C:\Windows\system32\wininit.exe"

Network

N/A

Files

memory/2804-14-0x0000020B35080000-0x0000020B350A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uzfvm2im.no4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

85s

Max time network

95s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Network

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

147s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Network

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

83s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

146s

Max time network

161s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4420 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50f93cb8,0x7ffb50f93cc8,0x7ffb50f93cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14768502956727109874,6360111984142192435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2388 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d91478312beae099b8ed57e547611ba2
SHA1 4b927559aedbde267a6193e3e480fb18e75c43d7
SHA256 df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043
SHA512 4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

\??\pipe\LOCAL\crashpad_4420_QAOREROCCSGLVKQB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7145ec3fa29a4f2df900d1418974538
SHA1 1368d579635ba1a53d7af0ed89bf0b001f149f9d
SHA256 efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59
SHA512 5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3609598f4c727bdd81a54afd6be2144
SHA1 d6eefb999e06e45b82bf4c8f90cf2fcf52921908
SHA256 154f9e67a85eb69ff83e3e1add315a28b6512bdc00e121f9bfad1b38c8de75f9
SHA512 92cc21415856025f3b70a538615911cfe79b87ee5c8d5c0c63021a11a012742f81eed318883c7059befdefaa7cc07767aade870958884156829c3e4a7e00459b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 987e3e47b669622a6357eaa1726cf57b
SHA1 46c36ea662a85598a35a13a544122e9cfaa6ad81
SHA256 ee606a12f7fb3c766786c9156efcb42a6c6ae874b63f2df129c2eba6aa428003
SHA512 16cbc4398da4f5b18badc98a9479da7a78df88a293284b2d792e892967343fef91ec22fb0dc574a5c5877ffb00c48ad9c630214aaaea2c869815a693a9821634

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38f87cd426e34392dd03cfbd7a64a6fc
SHA1 8f7910951586ebf45f9ccefbb883e5cf9d5b8b0f
SHA256 c78d9058c5e128b22242d46e41656d6e0380283fa29d256f251a80af9e033f1d
SHA512 680cfc225df02267fcea8a1e6b19e7972cd01655c51408b939a398d059852beb88667a0ed301ef9b5cd90a76b2ec35a8688087ada81044af7a98104dba2fdac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

80s

Max time network

97s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

84s

Max time network

96s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:57

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\configure.ac

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\configure.ac

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

83s

Max time network

96s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Makefile.fallback

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Makefile.fallback

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

147s

Max time network

157s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\win\makefile.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\tea\win\makefile.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241023-en

Max time kernel

83s

Max time network

104s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Network

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:57

Platform

win11-20241007-en

Max time kernel

93s

Max time network

95s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\install-sh

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\install-sh

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:57

Platform

win11-20241023-en

Max time kernel

146s

Max time network

152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\ltmain.sh

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\ltmain.sh

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

144s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

88s

Max time network

94s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1184 wrote to memory of 3136 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1184 wrote to memory of 3136 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1184 wrote to memory of 3136 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3136 -ip 3136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 540

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241023-en

Max time kernel

147s

Max time network

162s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1200 wrote to memory of 3616 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1200 wrote to memory of 3616 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1200 wrote to memory of 3616 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3616 -ip 3616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 468

Network

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:58

Platform

win11-20241007-en

Max time kernel

92s

Max time network

100s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\aclocal.ps1

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\aclocal.ps1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/844-0-0x00007FFF4BB03000-0x00007FFF4BB05000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pxab44au.0mg.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/844-9-0x000002281FBD0000-0x000002281FBF2000-memory.dmp

memory/844-10-0x00007FFF4BB00000-0x00007FFF4C5C2000-memory.dmp

memory/844-11-0x00007FFF4BB00000-0x00007FFF4C5C2000-memory.dmp

memory/844-12-0x00007FFF4BB00000-0x00007FFF4C5C2000-memory.dmp

memory/844-15-0x00007FFF4BB00000-0x00007FFF4C5C2000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-13 11:53

Reported

2024-11-13 11:57

Platform

win11-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\configure.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\configure.vbs"

Network

Files

N/A