f22a998e7d8ab415dfe854871c7a13d3b5256f41729744e7b0cf3bdafc169989

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Qt5Concurrent.dll
Size

128KB
MD5

31955f92dd3ca70cab821b6199018ebf
SHA1

3177661f6e066460f2c859d2d5453323b68d6eda
SHA256

d4a01961fff02cc38ab906d3bffaeb49db893edc624f840e06d07985086db29f
SHA512

ec5b65741685882008769abd68fb88cf12c58b0b9d76f0a6326f352ee7a78cc4567473c50e9abe12fd8af0c06bb1ae9840ee0d5f78024580aaaf1c34e0b14504
SSDEEP

3072:3Q8Eh7XgsZxlePu00k7hkNKSBMU+m3EkbnW6//V:3rg7wmePu01CXrUkV

Score

8^/10

discovery execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4664	powershell.exe
5588	powershell.exe
4656	powershell.exe
3632	powershell.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2748	tasklist.exe
3608	tasklist.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
1044	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876315908510375"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1056	NOTEPAD.EXE

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5328	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
4664	powershell.exe
4664	powershell.exe
4664	powershell.exe
5588	powershell.exe
5588	powershell.exe
5588	powershell.exe
3632	powershell.exe
3632	powershell.exe
3632	powershell.exe
4656	powershell.exe
4656	powershell.exe
4656	powershell.exe
5212	chrome.exe
5212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5328	POWERPNT.EXE
5328	POWERPNT.EXE
5328	POWERPNT.EXE
5328	POWERPNT.EXE
5328	POWERPNT.EXE
5328	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 3432	1068	chrome.exe	108
PID 1068 wrote to memory of 3432	1068	chrome.exe	108
PID 1068 wrote to memory of 1288	1068	chrome.exe	109
PID 1068 wrote to memory of 1288	1068	chrome.exe	109
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 1724	1068	chrome.exe	110
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111
PID 1068 wrote to memory of 3932	1068	chrome.exe	111

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Qt5Concurrent.dll,#1
1⤵
PID:404

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\RevokeResolve.ppt" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5328

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xa4,0x124,0x7ffafe48dcf8,0x7ffafe48dd04,0x7ffafe48dd10
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=1400,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1592,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4472 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5480,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5620,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5624,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5748,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4392 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5728,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5808,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6044,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3264,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6048,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6052,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6004,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6104 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4792,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4848,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3024,i,16285265775021144662,758605504083540576,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5212

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Temp1_Installer.zip\main.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Installer.zip\main.exe"
1⤵
PID:2676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic diskdrive get model"
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic diskdrive get model
    3⤵
    PID:3460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:2340
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Get-WmiObject Win32_PortConnector""
  2⤵
  PID:4332
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Get-WmiObject Win32_PortConnector"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4664

C:\Users\Admin\Downloads\Installer\main.exe
"C:\Users\Admin\Downloads\Installer\main.exe"
1⤵
PID:1160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic diskdrive get model"
  2⤵
  PID:4496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic diskdrive get model
    3⤵
    PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:4724
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Get-WmiObject Win32_PortConnector""
  2⤵
  PID:5532
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Get-WmiObject Win32_PortConnector"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5588

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Installer\Manual.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1056

C:\Users\Admin\Downloads\Installer (1)\Installer.exe
"C:\Users\Admin\Downloads\Installer (1)\Installer.exe"
1⤵
PID:1524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "net session"
  2⤵
  PID:4428
- - C:\Windows\system32\net.exe
    net session
    3⤵
    PID:884
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 session
      4⤵
      PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM SecHealthUI.exe"
  2⤵
  PID:1428
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM SecHealthUI.exe
    3⤵
    - Kills process with taskkill
    PID:1044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'""
  2⤵
  PID:3088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'""
  2⤵
  PID:3892
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cf4a274e39e7ca8dcdac4d28ac08786c

SHA1
7d2604f8c7645f4769a4e0f400ecfad033252022

SHA256
a4aaf5a9a9f4fad4a5f59dad7cb735a17d3eaf0334a21a66b08366adf18fe4eb

SHA512
ebb03790241c75881858a58f875fc546b83cc34602a7cc5c93145ecca7dcdfd959006b6bd615870e115787bee1f6215ae5e09bc6a7cc5cdd1864d11dc0265863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
49bfa72a039641c58587066f0a7fb1cc

SHA1
6a0e956488c473f95beac2d5ae3cde0f93431f46

SHA256
9a683eb49d3a5347c2a9b6e2298401bb5e8ddfb96c7443673d9f4b8e9132e401

SHA512
07649d1abb8be6a4194a6a18b6df2d6facd26d2035b947496b1f00719c4476ed21ca1457b4897b3aaf8e6e3ae7fa6b980f3e107d6598af381a3561c79fb002b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f69a9b53c709bcea8fb9de25cb2a9d76

SHA1
055d415dbf4bbb5fc3f6351aa3012a5ad881f3d8

SHA256
6c3021210573b093dc798468609e5a70c5d44f7b10da277fd195c21b5efeb328

SHA512
278fc26915dda0b71a2c14568f130670bc7cd9fb7d056b80155d5809fe5d55c8d6c7b4eaf16f37fbfde3b9aaf278816048e2984c4b93870a6cc3d4a01a1192a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
de8d0209579e9904bfb16d65756df985

SHA1
cf61f68ee1738b2735aeafcf0206a9ad6b0ced3f

SHA256
f4cf4c70f2338ca359110de02dc4f09c670edf53c88f2361e8e291835971fd60

SHA512
425947b8a59f5598a5bbf5fa9273d18cf513c9a1079ab9b172246744192b29b95276d1ce4db1ab225d27ae3ed15999b0585266f6552c4d9790ead31a2847177c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b4c0eb06e491eff83ab0f608063c2b9a

SHA1
4676d4c20f9897000983ef6163a4c858c6bfefa8

SHA256
70bf41c6e22b2a2e024e7bb865a1be1350f633e7f4c8cb177ce061832b1193b3

SHA512
f58cc6c5bc7d7141c1d974accfb622ac222249ed5f65ce1b4866322ad05cb70cd523ad202b1055e93bc0d3f7ddce0c1747463712e4dd4be48241ad3c83e7eab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9947f7a6351859df8082cd762c4f564e

SHA1
8cd91afd69fec2c771316d0e4ebce58d092bd1c2

SHA256
e0d1ff4f81fc66f6f3266be9d9217198a0a7d07f3e1ea45f3f404947c063b425

SHA512
f31e0f566ba9a79fdb32d2bf84a084ce87660673853602e2a11e0c500c6378b0a2132c7c103361c70464523aa7398ffac43c09ee47aa7d04e07c6107597ea5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
283cc5d1af4c990207a1b7f63b0728a4

SHA1
aa22f6918c10da12d567e70002b6c4ba573c1d71

SHA256
71b9f3734792d85d5886ae4b32de14eb2f6c1defad51b54104ef64af944937f5

SHA512
48736398e37a1361a93360b09943e445beacb1ad0e0098ee1817d67e932b2a85ae5067cdb17d2d514a28a99c00c5b044eb07684a1e33af9463559b949f28704a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
5219ac0d4cc31e0bee9884af453a3288

SHA1
e5406854d70f8a3899dfbc4818054eddc672017b

SHA256
031aad9e59f66ab55e967e57a677615afa6fec111c8a911ddcb7902230c3da19

SHA512
c21f68599d9bfb8308ed0602daf7ca8d4e7fb58b578203c29a5151ef22d7a16acd83c3e5a6ad56e28c7e2dc627aae106c2c3c52c5aed55ba5ff77c399b9170b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
63bdc165ecdd84e465d63f8199b84c9d

SHA1
cde0b1686f49c6ee5081d70fae29d17969735ad5

SHA256
279c2fde60612dbe783eb011c678d006e4a8bd63aaaa93d93f4236fcd3c7c73f

SHA512
373890b0aaab6093151d2e93c7513ac322272f7a6c93adad4e9e2efa323e5c84007ebff3003a8eb2887fad78203742f4b5ce80b36eb18d9182ec7ea49b852350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
982f70a50f9d7090cc18aed40b0011ba

SHA1
b39b26f9bc55c1f81cd79b57ee24701d9456fe85

SHA256
6144eba5302a046a9129a7f8e881074a65292d49194e613a20b856bb83888fc2

SHA512
a74f09cbdbd1f0b8683419920a46af0fabe7250ad2b85d1ccc945d4ca86e7f0dff67c7b73729f3e5590fba99f2c22bb62c954ab14dfa61b1d0b8c13f27edd725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35f6bd474b0e7772af33472b06fe9ad8

SHA1
728f782e3f2d3f2d219be981d13cffc0965e8c3b

SHA256
5729bfcd36470139624b8b71a5df046ade6b0377326119cfff6a954449742508

SHA512
c5701558851324e163a3a01ea6a101e5945b866c0f07de0a7d49e588d3c22a0a701b653c21d394b12241bae22c8f20fdd0a164312b40d02a83867205974c4296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582e00.TMP

Filesize
48B

MD5
6d81611fd64a2fc9ea42ef83ccf07309

SHA1
7ca464a0d9b9d1ea61ac57325534f7e1106040d0

SHA256
45f59acac93bfc455ee1d320e13924601cac482a72186cacca95668c5b332da4

SHA512
2f298f89a9565133f3b32439b8ac87d92a199256aa4881d97f83baec203ecddd4209cdedeb8ce91f137cc0cf4a3b9fd96072951cf428b35faa072124894e9fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
28994bacc1d5b7224f4b569a7dd51647

SHA1
05f1a0fb5cae32090d943d07a6597744df1f8a96

SHA256
e5111929a0e2bc871da65dcdfbec147727e56fcf8b0d6f15151103dbe1747295

SHA512
2377ae6464b650b7b7d275324cd79774fbc0c996939f2b37321862724e05b90a53c0aa7d00e1fe48ac603fbb03468a3dc6f9ef6101d5f83698850e50c558520f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
a8cec96fc1bf4100fdfce9b2611dc150

SHA1
94dd30daa28206f55af90031305933825adc8a62

SHA256
dfd58fe53d40bab4129f03af4008acf6c83cadec0d017913b4f9eeb4b60dff5c

SHA512
4e4a27fbf35329221537eba1bc7ed20a590d0b7b365eaf5573a337b311cc60d68a4571978a6d0b1ae7721b6489fab0689e0fb263a4a9d8a0e9e768019f27a19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
b797d34bb40167bdcf1c3697dbeb1272

SHA1
34496360b0832458ecf978193b54af664bedfed8

SHA256
71f749da1fb82d450f3f98a5ec3d51e320ed8e3202092e4c73c94925e55f6b8f

SHA512
8917cda8ca71f1d3ff99e6f1c2a14698a0cd2838696ea21e438bc187ee7b17ce3396219fe1e70e778e5395725378d30a522adf0970345adbe979eac1ac3d6422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
6cf293cb4d80be23433eecf74ddb5503

SHA1
24fe4752df102c2ef492954d6b046cb5512ad408

SHA256
b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

SHA512
0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
fa81c5c2adb1c518ed8bbd11e14c35a9

SHA1
aaf3c17a2207b4a09cb604f2523a72e37c4f11d4

SHA256
99f09c7d4d4482b5e8b942dcbce876d1eb950c81cb2c63695c047f0736bcd5c9

SHA512
247ffb8c9923ea99c18b42e1e7f4fbfc6d8992b13a09b8648b732187d5f57cd9ebb9562f5fad8eca8f068d3d0d0c58d0d02de792052df66fe73273b433929e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
446dd1cf97eaba21cf14d03aebc79f27

SHA1
36e4cc7367e0c7b40f4a8ace272941ea46373799

SHA256
a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf

SHA512
a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
96ff1ee586a153b4e7ce8661cabc0442

SHA1
140d4ff1840cb40601489f3826954386af612136

SHA256
0673399a2f37c89d455e8658c4d30b9248bff1ea47ba40957588e2bc862976e8

SHA512
3404370d0edb4ead4874ce68525dc9bcbc6008003682646e331bf43a06a24a467ace7eff5be701a822d74c7e065d0f6a0ba0e3d6bc505d34d0189373dcacb569

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ydvfyrn.4pu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1068_1524315465\480dd2b4-a26a-4333-b547-0b110185458f.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\Installer (1).zip.crdownload

Filesize
14.9MB

MD5
4e33aba9fe4e4330d6aea9f83b9b6bdb

SHA1
8d5bf8e1e808a8b8974c1df1e1eea94da9403308

SHA256
ff5caef49ac38e3a3cc0ef20b61987d248bf34c99eb8adfbcfabae8a66e8b230

SHA512
0756b7da6f7d17974fdc6c23694e018e5b110e3a5ea9df2fdbce1346d9e91846f110b6649060de5ac896eedfda760e2da18b37ba8b87fb2bba9e37b63770e376

Download Submit
C:\Users\Admin\Downloads\Installer.zip.crdownload

Filesize
14.9MB

MD5
30db1554024584e70c0b4039648d1f80

SHA1
c65eb35629fcc1a7178b2be9a2c6f6f44493a528

SHA256
f22a998e7d8ab415dfe854871c7a13d3b5256f41729744e7b0cf3bdafc169989

SHA512
2aa37dc57ae7e2d595bcb8e9e354365044dc6c23145c3a0fac389fc1ac1f22811b7f9ecf5dd1ca74536bf5ade623b25a3b3d0ca29acc2158233de0b81a4324f5

Download Submit
memory/4664-1074-0x0000027CC99F0000-0x0000027CC9A12000-memory.dmp

Filesize
136KB

Download
memory/5328-37-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-6-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-7-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-10-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-9-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-8-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-5-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-4-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-40-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-0-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-3-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-11-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-38-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-39-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-36-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-2-0x00007FFADDD10000-0x00007FFADDD20000-memory.dmp

Filesize
64KB

Download
memory/5328-1-0x00007FFB1DD2D000-0x00007FFB1DD2E000-memory.dmp

Filesize
4KB

Download
memory/5328-16-0x00007FFADBAA0000-0x00007FFADBAB0000-memory.dmp

Filesize
64KB

Download
memory/5328-12-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-13-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-14-0x00007FFB1DC90000-0x00007FFB1DE85000-memory.dmp

Filesize
2.0MB

Download
memory/5328-15-0x00007FFADBAA0000-0x00007FFADBAB0000-memory.dmp

Filesize
64KB

Download