189c456c653e587b81b4f3950b102a94c4570c2a7057c50b138b511162a2c46a

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

892ac0ac36d3e692e581bde711ae2651.exe
Size

51KB
MD5

892ac0ac36d3e692e581bde711ae2651
SHA1

4f9784d328d1366a14ad3616ed434a5a37303222
SHA256

bc2eb35fefe924073242d098239d010a41b8d4bc93dcfa505cd3d2a01e66ef99
SHA512

8a2998b191884d83320c410b9663fe2e896085dc8e5a2e8d08900c7e296b113b91dd5cf46df7f96662bcaef724d4209061bb97761532d633a2bbcf2e06f22e9a
SSDEEP

1536:B+FFed0juNpO38EQPuNX22JdmCUO4ELf64Kl7SG91C:Mu0j52uM2JF4Ez64KlGG98

Score

8^/10

discovery execution persistence

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5064	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	892ac0ac36d3e692e581bde711ae2651.exe

Executes dropped EXE 1 IoCs

pid	Process
4920	start.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\start = "C:\\Users\\Admin\\AppData\\Local\\Temp\\start.bat"	892ac0ac36d3e692e581bde711ae2651.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1679435495\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1862662486\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1862662486\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1862662486\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1089126730\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1089126730\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1679435495\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping452_1679435495\protocols.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870979281521155"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{AF58B210-F769-4E79-91A2-2B38E55B9B12}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5064	powershell.exe
5064	powershell.exe
908	msedge.exe
908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5064	powershell.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
452	msedge.exe
452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 4920	4152	892ac0ac36d3e692e581bde711ae2651.exe	87
PID 4152 wrote to memory of 4920	4152	892ac0ac36d3e692e581bde711ae2651.exe	87
PID 4152 wrote to memory of 5064	4152	892ac0ac36d3e692e581bde711ae2651.exe	88
PID 4152 wrote to memory of 5064	4152	892ac0ac36d3e692e581bde711ae2651.exe	88
PID 4152 wrote to memory of 556	4152	892ac0ac36d3e692e581bde711ae2651.exe	91
PID 4152 wrote to memory of 556	4152	892ac0ac36d3e692e581bde711ae2651.exe	91
PID 556 wrote to memory of 452	556	cmd.exe	93
PID 556 wrote to memory of 452	556	cmd.exe	93
PID 452 wrote to memory of 2044	452	msedge.exe	95
PID 452 wrote to memory of 2044	452	msedge.exe	95
PID 452 wrote to memory of 1756	452	msedge.exe	96
PID 452 wrote to memory of 1756	452	msedge.exe	96
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1768	452	msedge.exe	97
PID 452 wrote to memory of 1708	452	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\892ac0ac36d3e692e581bde711ae2651.exe
"C:\Users\Admin\AppData\Local\Temp\892ac0ac36d3e692e581bde711ae2651.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Users\Admin\AppData\Local\Temp\start.exe
  "C:\Users\Admin\AppData\Local\Temp\start.exe"
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\start.bat'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\start.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/wergity_mods
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffcba88f208,0x7ffcba88f214,0x7ffcba88f220
      4⤵
      PID:2044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
      4⤵
      PID:1756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
      4⤵
      PID:1768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2468,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:8
      4⤵
      PID:1708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
      4⤵
      PID:2824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
      4⤵
      PID:744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:1
      4⤵
      PID:1136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4268,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:2
      4⤵
      PID:4868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3796,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:8
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:8
      4⤵
      PID:2284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3516,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
      4⤵
      PID:3612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:8
      4⤵
      PID:1180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:8
      4⤵
      PID:2724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6208,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
      4⤵
      PID:1064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4320,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:8
      4⤵
      PID:924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4276,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:8
      4⤵
      PID:2580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6556,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8
      4⤵
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6560,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:8
      4⤵
      PID:4268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:8
      4⤵
      PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4920,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
      4⤵
      PID:5816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6420,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
      4⤵
      PID:5856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
      4⤵
      PID:5924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4356,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8
      4⤵
      PID:5316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5076,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
      4⤵
      PID:5352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
      4⤵
      PID:5388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3528,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
      4⤵
      PID:4020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:8
      4⤵
      PID:4220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4916,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:8
      4⤵
      PID:5592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6140,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=872,i,9144569288605849256,3066465400668805381,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
      4⤵
      PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping452_1089126730\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping452_1679435495\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping452_1862662486\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15328ce8-06d9-4b72-8981-12d70e024337.tmp

Filesize
14KB

MD5
5348f01d8d5490ae298835beec97f656

SHA1
398fbd21d6f68eb4aa2f1f38e4d6da22d6f43708

SHA256
da5f2ffb87c2a72133ae43511c49eb9ee51d6f5f1195119f24340a5eda5ba579

SHA512
f7f10c6abf91d53c91ef4ff2728c321f0604bc1dcdaaacbd73a273bd5bd063ac294e42948d3dc884980d00f2c20114da5a3fad317a17ed815a4182a676f18d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
028fc6b607a50765ee279e66115d6513

SHA1
6f622d202124c7e423236ff79ef9e87ec95abb31

SHA256
e3c025645e003b0d41f1b88d34b415fcd316e5e74425b79515b61c58b618009d

SHA512
a6c2d863a0ab8476d345cb2df6fbe6c8301f96b4a8f19f93329fedaf8fdbb3c959d4ca6ffc6200e170fefe07ff902c6ce9a9ba394380d6df6ef4133361935077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57efce.TMP

Filesize
3KB

MD5
36d761ac7d73e35cf1394e681e7cf2d7

SHA1
2580f2c15d39945d68656280f81bba1136d573df

SHA256
44ee24d2c259eb64be730511d9a3de9a0c3367b69dccdc6763285ba5c8c4b4c6

SHA512
61ff9c0491bcd42e86fe8fa69b5584c043ba0e07954fbb804ff06abdb8187ec2ec75c06924c6e5b967d796cfc4d7bd6657deac4022eb68883231cbb1035a972a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6b4fb8d41fe246336174a9f4b7880955

SHA1
45eb3bf8d9bdee08c970fcb99fce769190185152

SHA256
ace1bc3e7f3d4bcec56ccde97e3004fdb9dbcb5374df8488d319d08a1b5b5272

SHA512
c5949ba735c59c02a007e95f92bef9c265ea67a882a6898269779468ba8bf841cf7dde53ca7627561288960f2b6c4a45819d24797965b16c7d0e3d422acb4392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5046a780e52bb29d72e0845662632338

SHA1
2161915623381f81b177f1a2e3459770185e3693

SHA256
c589970af82ba3c9f8bc00707de8e173a184a8504ae4c6482ca09e076f157b8d

SHA512
6e643bbd35efbf01a90a350ca9b8b6f9fbe4c1eac9135763ca1d59808ef2708059025a4b6b9710beda954254758e5a9109da285f11ab93f2ee94840d3a7fcee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
748a5d352a671c3f7df93bb1f5c9ad44

SHA1
a94be8d2aea10a7c5c0e1a5e784311a4149f88b2

SHA256
51b54ff41230f3ee63b4b8dee9f963d4778eef96f07650aeaaa7476dff9be258

SHA512
2e61a0b9f4af9c315848dd02b4c4e499bd647c1a47c9ee0a0c90719331f2e82522bca08ccc6977b2673dab92c4ce85f50b0df269cddd1e42fee3f992c2028594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
e4c06a359909a917593c755c5119d58f

SHA1
cf3837749a155c8776b2108b6bbaad5fbb24259f

SHA256
c5ec32e8417108533f55b85b82a04144a2300611789fac9fb3be6d74ca083534

SHA512
c944eb95ed63c0b907532cb53d8bd432ad37c44b549297dff045c0a92fc612c3055253c2a90aad9967361931534ffe23ce2dedf4565f863f427f6d6512cfeb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
063678cf72f6114ef3444bb26372cfb3

SHA1
cc1f13de55913678542548d9078f1cd5c0056dcd

SHA256
e295da23519c29a66ab58c0d4ea30b3754e52f7ba645f73767d58d91053b90a2

SHA512
6422fee0c434c1f5ac4f019b9c8c6d52462c57c1005b1c1f7f4198f26395bb5d00e9aa1d29e4acfb04afea202a9a24234cffd7702e12cc961ac454f792c3a432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
1c3a398084855722f0af379578199e16

SHA1
56884cc170dabe6980530abc2128ea4582fbb812

SHA256
216ffef17b0a500dbdefeb7926e58518c0ae5c0b6583fa2418d9e57c94dec5b2

SHA512
8d8e6da1667965168a16fcd1a614e5d531ba23d45f9bb774d30bea34feb1b904a23e36fde53d95fb2ae338cc9627bff5f667bd08936bccf3b5af58725619ce5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe587edf.TMP

Filesize
467B

MD5
7f818a9f8f3cd62c327c7ac74d1f83a0

SHA1
7358c3968a1b99952bfea9229198513d908ba1e3

SHA256
994fbd007ca4ab13d5fbd3fdfc3da4245e2c848243c31201cb3c6c8a3f2b952e

SHA512
3921e658769db18a59598c8e49e74b6fb38b470dbb6ea6176b4f25ba9f8839d75301694616224996dab7beea2415b259df2fe296fc897882d85e0bf02e4f899f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
21KB

MD5
e4dfd0504387a1ebcc4a48846e44a23e

SHA1
a5a91da421e3d8728ae857694dbeb24ea72b7866

SHA256
d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6

SHA512
94a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58823b.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
1258909adb6d6d73fe1fc1453ef2e3f4

SHA1
b405fb910690b722a2c863c410211ed15807ed3c

SHA256
ee0d86168c4199599ec9f68da9ea03c0611de61dff609c88a56270edbe4cac7d

SHA512
2f5b5894ccd8a5aa5d578183fa5cfcd4b77c499a37e80b7c4498ff9cbd6683b1e3a6746be88c803140c68adf5e3e1df7b5f19b5bd65f0300913877a31f5ebb22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
53de67b86c4b6e700a53d385a45dde58

SHA1
5f047992d49e2da24bc3215941fe59c4ec0cfd9c

SHA256
a17c5d0787c9a6ff4d80a305dc472c84fcc6095657a08bf6e926261a2e759c8b

SHA512
5a096e4306cc1482bb12e82c6d32e29ced40fe547f442e1e2fc340654e37a32f5ec040e4640c39521505a669ad245853bf9a0c2104add2f0278ee26c1fa243b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ba01756e-1a84-40c2-bf8e-9d3f5a92f2e6.tmp

Filesize
30KB

MD5
ac96dd6ed3cee30b05638de5a0f5c9d5

SHA1
105faffa35541a5221729c52398ed4bf5085c75e

SHA256
aa3394b4ecfe0d6e2111a40f37e65dd20748df42065fc3fa2cd3bc1d34d4b037

SHA512
41bf03bd231af2b9a3acaffe70ea5587aa073efba30bda32e1445e959f811b7d8ae6097caf60250607ceff1bac42d5afdf05b9b62fb1e4a5653240bd7e7477fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d24283ed-88d0-49ad-b029-acaede451326.tmp

Filesize
39KB

MD5
67ed87fc6a49896cca8ac3cf8284707f

SHA1
0c121b7095a5616886cc23e8f2544183dd8794df

SHA256
c6f21df1eff3a0f46af8aebc9ef1904477b731ee7f450320b6aed6ad50e6d2f4

SHA512
0597ad10fcbfcf77a6146dd313e939a7b8b6349f3dae4002aa6c4ec7547e8c1aaaa9f30ba605326b297ad7fd03293071393536dbd1a1ba92c6a3193481918266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fac96d56a16c6f9efc035ebd0985299d

SHA1
525ca949d73365866f1d659fb5e6264385771dc7

SHA256
f7ed9ac0e4dbbcff88ca5df486401d251efab314c91980564acc0c2a0c08e133

SHA512
1ff2656043ecb70ac2dbf498c43a1bb73a3a6e54022348a03fccfbf6a005722f4d26c39d3e584e8896fb957ba370ec898561085f36e8dd3e8ee1aee95a2ee1be

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u5jkicgy.2ue.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\c7161bfc-f482-4301-ac88-4747cee5ba59.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir452_1407688436\52805067-c973-4dab-bedf-7bd3b3a2f999.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir452_1691808200\2520542f-1f49-4f97-9e3c-691ce92ae994.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\start.bat

Filesize
395B

MD5
1e585a69dbdb56c6f59823b6dfa8e899

SHA1
440b4ec45b3a931849605c7c4f52ad638e6f21b8

SHA256
f2d8a482f053038f424d6ca8429a3fb3d688333fde9af3dcc88e090da50d8f0b

SHA512
239383368220cbb9a0ece2786d063bd1b76752306b15e0061041e9c9c310ea1615efb486481af446c836b22c3aebdde2fcdd303c8d4dbaff013fb002db6a40c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\start.exe

Filesize
81KB

MD5
096daaf44821a4712be416d5344a9acf

SHA1
6fc1ddee5576a367bc018a69d4df682bc38a9f3b

SHA256
42b1c67b1ed3102d6e19d755d4426aa3c0392fd004a42d79c9c576baa3fda555

SHA512
ac27c1eb3e0bbe44c5060ceebf9bf3fc660b64861ba21cf9fb56ac60b524bd162609f794ca021741700df4e9bf2b82158c2324273ef2ea0818a97ed263816a91

Download Submit
memory/4152-0-0x00007FFCB9E03000-0x00007FFCB9E05000-memory.dmp

Filesize
8KB

Download
memory/4152-38-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/4152-1-0x0000000000E80000-0x0000000000E94000-memory.dmp

Filesize
80KB

Download
memory/4152-11-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/4920-14-0x00000000004C0000-0x00000000004DA000-memory.dmp

Filesize
104KB

Download
memory/4920-15-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/4920-30-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/5064-16-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/5064-17-0x00000223AF0B0000-0x00000223AF0D2000-memory.dmp

Filesize
136KB

Download
memory/5064-27-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/5064-28-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download
memory/5064-33-0x00007FFCB9E00000-0x00007FFCBA8C1000-memory.dmp

Filesize
10.8MB

Download