Overview

overview

10

Static

static

10

FFH4X CRACK.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    182s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FFH4X CRACK.exe

  • Size

    229KB

  • MD5

    06d16f85b86a25e8bcc3cd54891f3fd7

  • SHA1

    a86eea204adfe0a1f62e02c3913c64f5a9ae9d02

  • SHA256

    ba9c10926b5db69c9ebaac2c7b9f45536c8db55627268b71f9c813e1f8990e17

  • SHA512

    e8780bced5ab07f7ba6bec5580af43333294252b149b226ce53aada7d85962a96f28430eda174bcb04cc5f08b217ca62e32749848739377d671e318191570224

  • SSDEEP

    6144:tloZM+rIkd8g+EtXHkv/iD4AJ7quMzvEMlwOffuQeb8e1mhi:voZtL+EP8AJ7quMzvEMlwOffur/

Score
10/10
umbraldiscoveryexecutionspywarestealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Umbral family
    umbral
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 36 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 16 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\FFH4X CRACK.exe
    "C:\Users\Admin\AppData\Local\Temp\FFH4X CRACK.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" csproduct get uuid
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3364
    • C:\Windows\SYSTEM32\attrib.exe
      "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\FFH4X CRACK.exe"
      2⤵
      • Views/modifies file attributes
      PID:3672
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\FFH4X CRACK.exe'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5840
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4856
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2160
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1660
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" os get Caption
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5140
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" computersystem get totalphysicalmemory
      2⤵
        PID:6076
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" csproduct get uuid
        2⤵
          PID:5228
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
          2⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          PID:1592
        • C:\Windows\System32\Wbem\wmic.exe
          "wmic" path win32_VideoController get name
          2⤵
          • Detects videocard installed
          PID:1244
        • C:\Windows\SYSTEM32\cmd.exe
          "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\FFH4X CRACK.exe" && pause
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Suspicious use of WriteProcessMemory
          PID:3228
          • C:\Windows\system32\PING.EXE
            ping localhost
            3⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:2740
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:2636
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe"
          1⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:5268
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9ed4dcf8,0x7ffa9ed4dd04,0x7ffa9ed4dd10
            2⤵
              PID:5884
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2056,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2044 /prefetch:2
              2⤵
                PID:3276
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2172,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2216 /prefetch:3
                2⤵
                  PID:4060
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2448 /prefetch:8
                  2⤵
                    PID:4368
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3252 /prefetch:1
                    2⤵
                      PID:6056
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3316 /prefetch:1
                      2⤵
                        PID:5388
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3220,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4480 /prefetch:2
                        2⤵
                          PID:5116
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4796 /prefetch:1
                          2⤵
                            PID:4016
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5380,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5376 /prefetch:8
                            2⤵
                              PID:4984
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,6869918493526667021,6845857037645667626,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5528 /prefetch:8
                              2⤵
                                PID:5980
                            • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                              1⤵
                                PID:5108
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:4812
                                • C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3DViewer.exe
                                  "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3DViewer.exe" -ServerName:Microsoft.Microsoft3DViewer.AppXee4wbwh7vy3ejyrqsebr3ybk1vd6bkyn.mca
                                  1⤵
                                  • Checks SCSI registry key(s)
                                  • Modifies registry class
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2744
                                • C:\Windows\system32\AUDIODG.EXE
                                  C:\Windows\system32\AUDIODG.EXE 0x304 0x2f4
                                  1⤵
                                    PID:1560

                                  Network

                                  MITRE ATT&CK Enterprise v16

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                    Filesize

                                    414B

                                    MD5

                                    ab41441bfdb58992b7f6c19de1dd7a50

                                    SHA1

                                    c6e169f4c233efa974a05dc1392b8befdfbc8397

                                    SHA256

                                    b541fca1feff2bd02715a9c033467f00b315fb4b5f82dec0bed2b0f7e5bd1272

                                    SHA512

                                    b73d06930bb54cf555466118b2fecf904e36c29f372adc041db2b8582145186b62211415bf48523b1d1428824886c9cf5e45869706a613bea212ac65b6ab41dc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1
                                    Filesize

                                    264KB

                                    MD5

                                    f50f89a0a91564d0b8a211f8921aa7de

                                    SHA1

                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                    SHA256

                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                    SHA512

                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    92b4ad4fa8bfb09ba066e1240d52a4f7

                                    SHA1

                                    228cce74ad63259384314063574927e76cd724c8

                                    SHA256

                                    3ee786a0285d0a197ea90db02b60d697505ca35eab953acfec7f5a6074431448

                                    SHA512

                                    c44c93a6bd1d42ac0e959f83de6527569592f6b8f6ecc7a5b618a952ebc5304a33cccc0a92be76837a560eb34a3d24797ca12fe492809568897e05a857ff721a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    356B

                                    MD5

                                    70cc757cf6ec3b74f7c6d40bd6724715

                                    SHA1

                                    1b866c4a4bf31252df6f9565956b5d67f74bc87a

                                    SHA256

                                    28cc97e5df67ab2e2154a502f66742cde492b7b93314f0b9f794340c8916bebd

                                    SHA512

                                    e864ec5d1c19cdb199fb98d9cb753ec9b159c8ac063df3f5edfa28e33d1b28c05b6eb31a0a9c8d1da7203fdce7e8691b4d828aab4d1dd91b7eff638bd36a9bd9

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    eb7f94ace16592a22b4e7b0814be3341

                                    SHA1

                                    896e897739ee44a1b8593485182bb03ed57283fc

                                    SHA256

                                    d88fde92841520b6985f32f533d22774e42634f8c75d406390db3ff743472ddf

                                    SHA512

                                    0899ddf3fd1da3ac4f1a5bad684bb0f3ed406f8060e596d11e28baf07c3492f58c7f24609c6dd8414204d63e206f8670828d11fb0bffa10e9de10d5b8eae1e21

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    db6b44f94abcbcc3c86daae9c78c6b82

                                    SHA1

                                    82a19936d7d27bec1159be5fe3834d9b5d08c291

                                    SHA256

                                    997266a541d8d3dcc46249768b68ddc0b2a6826b358b13e2e760e9e5376650eb

                                    SHA512

                                    423dbc97b9403c007e1a42cc6ae83f03c5f8862e879301b251c4b29379664fe7521ef118a9ee84057fc2fddc5fb32d7a25ec3de5241ca2b081f906c5bc785cac

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                    Filesize

                                    15KB

                                    MD5

                                    44919017172bdd7c51ab5d9e948a045a

                                    SHA1

                                    d3ea7e19be4f8f1d92759cca353d2538e194e801

                                    SHA256

                                    34e1f241303e0aecea5a8a9d32794c90fb7be1d3752215b2229e611abd6700e7

                                    SHA512

                                    726e112a3c1e3fe678750956000d1be4b7301e30e30d00bdb19ee6fafd5db1f0f62567d2c91455a5f568aa602d014ba9af12949a3d5707985d330ced62b7953d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                    Filesize

                                    72B

                                    MD5

                                    1cf736ac376404271d6bb275f5e3a206

                                    SHA1

                                    0407cc89f65a51a219499de6560a3b1c01b6a3bb

                                    SHA256

                                    f81d9fada641779f840ee1ef37110ebdd964607a024d4a87e09b60d831172217

                                    SHA512

                                    78b272345ade7eca466ea23f85cef9bf5d49ae4676b4d1d8c8821ca3b78b6c0fbcd81c928ef1f780e7eb4914dd9518a59a8acf434570026fc2d04e4f6b82d241

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5868f6.TMP
                                    Filesize

                                    48B

                                    MD5

                                    03e2a4d8b4c36f8e8d6660b7fd1436f7

                                    SHA1

                                    d785563375c566ae6fc7e53ff554a13cadbe8130

                                    SHA256

                                    148921437ade4ae453257b97615bfb470f0704498f204d000a956ba5c056aed8

                                    SHA512

                                    05ee6d5787adaa7d10d04e6c7a34d312b3ae5a523ded581912d940f72b4695e4290916dd31c930b686671d37ece529a73f9bfe4c64e63da22f7a94d5a24de200

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    152KB

                                    MD5

                                    f28fe97094c89fc715c04573f11461c2

                                    SHA1

                                    a98d4a3ed0c26c3a26258c24ddbc8694cf0a33e0

                                    SHA256

                                    ed8769398ef4cc025814f02d4ebd43925336e112a8b6879afc2c432485cb1269

                                    SHA512

                                    5a400b2355fd51c67eca6f674de4c3ea502b745cd5b3699179e42f7c489dfc5612b87b541de594dd067708266ae360e880da60ee58b865ed2a91fe33ac45e4d0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    78KB

                                    MD5

                                    039ccc6ebde546ce6b3e943ba0e9e426

                                    SHA1

                                    6d360cc4e326286974523e4762c20794c5084bd4

                                    SHA256

                                    ef6a12e17a9d967facb4028e6a2e55c4f470846228be78cc39c18d7973ed2ccd

                                    SHA512

                                    4445daf336da1bfa2bb2e60810bd46c0dab5f2419629bf4c287256af3d2e19bcfd4e546800f939c72cd5b54a81db11f77c3783ea6e84264b8cf549358eb966b2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    152KB

                                    MD5

                                    b94845e175322818f6421216781cc887

                                    SHA1

                                    2b61115d517e257bf361830e5042f54f8446d069

                                    SHA256

                                    151efd300a8a9e52a7fe85a9a4db935457f9cdc09a740266442021613d8a5563

                                    SHA512

                                    0e74f2ea8cf22b304996c86d2b5c34cd43bc72c4dbdcf6a593e42fbfb46c8d2ebe75b3835f93b33a4306ace4ea0b8384bf74b42fc362fe0edbdea855b4e39c7f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                    Filesize

                                    2KB

                                    MD5

                                    d85ba6ff808d9e5444a4b369f5bc2730

                                    SHA1

                                    31aa9d96590fff6981b315e0b391b575e4c0804a

                                    SHA256

                                    84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

                                    SHA512

                                    8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                    Filesize

                                    944B

                                    MD5

                                    029fbf628b046653ab7ff10b31deeeb2

                                    SHA1

                                    93c2cb1905c8f5e71f5ea97a1e8a8c891eae077c

                                    SHA256

                                    85f6b0971e94daf9fd4e39413824f162851a9f5ce7f989bd92c903a4dbcbef26

                                    SHA512

                                    d4e3626dba2572bd1e53446b384962f955cc0c7e56a72cacf50a845d74714ec1020bcb0fdcc50636a1dfd4f08dc34143dbb5638dd90180df6aa31dab9228c98c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                    Filesize

                                    948B

                                    MD5

                                    0b8cb2e6dd5794b6a56a4bdbbd430fd7

                                    SHA1

                                    2b08e348c3489c6a35761af073018e3784c12074

                                    SHA256

                                    bcce0d44e33747e4c39df9afbd0a4e98a47ded0188375e4dfdd94cafbb366e1f

                                    SHA512

                                    15ce3b588aa80899f69b0313c7e188d886bddbd09783ca732ac33f9ae8e4e017a72b6f98919f581383a4582732575e5faedb0dea87e01cf2b657424945fdf4d2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                    Filesize

                                    1KB

                                    MD5

                                    276798eeb29a49dc6e199768bc9c2e71

                                    SHA1

                                    5fdc8ccb897ac2df7476fbb07517aca5b7a6205b

                                    SHA256

                                    cd0a1056e8f1b6cb5cb328532239d802f4e2aa8f8fcdc0fcb487684bd68e0dcc

                                    SHA512

                                    0d34fce64bbefc57d64fa6e03ca886952263d5f24df9c1c4cce6a1e8f5a47a9a21e9820f8d38caa7f7b43a52336ce00b738ea18419aaa7c788b72e04ce19e4f2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                    Filesize

                                    1KB

                                    MD5

                                    6317adf4fbc43ea2fd68861fafd57155

                                    SHA1

                                    6b87c718893c83c6eed2767e8d9cbc6443e31913

                                    SHA256

                                    c1ead17eef37b4b461cedc276504a441489e819c7f943037f2001966aeec90af

                                    SHA512

                                    17229aae8622e4bfc3caaac55684f7d4ccd3162af5919c851b1d8ac4060b6bb7b75044ecee116523d05acb55197dcb60780958f629450edef386f1e6f65f49f0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalCache\SessionSummaryCache.json
                                    Filesize

                                    6KB

                                    MD5

                                    7a53b3f45e885ff06603a75e4fa369d6

                                    SHA1

                                    5834d6e705f0742369f8ebd2f1bbd30b21aed443

                                    SHA256

                                    fd32f042045bcb959b6b050d2d3e84aae3a375542933011a579da7fa2e3a2159

                                    SHA512

                                    da96b1ddd6f636effd13d73cc2a1c267547db60dd7ef62361ff981b121bc4f808c53a6e801ea603c7440b812b2219f945176545021f6e879225ba446f75e9b32

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\TempState\Settings\OneSettingsCache_6_1908_2042_0.json
                                    Filesize

                                    533B

                                    MD5

                                    eb10ac059c50f1b4d95536f1f1c3f0e5

                                    SHA1

                                    8aae21305e34b398019677f03247a885c8505320

                                    SHA256

                                    9223f2c8214fbb9ae03386c27afc9eb19aa488b927c9ddd210958a42cdd8e128

                                    SHA512

                                    ca59ae779542b0bf3bb629cda0d5631dbe6dc53d097a06c57d5e8895fc2855e4db43dcd1c2d68d1ebec41a230664307148702f8bcef377a6b834ff02903eaf42

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bo1hksqg.quc.ps1
                                    Filesize

                                    60B

                                    MD5

                                    d17fe0a3f47be24a6453e9ef58c94641

                                    SHA1

                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                    SHA256

                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                    SHA512

                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                    Download Submit

                                  • C:\Windows\system32\drivers\etc\hosts
                                    Filesize

                                    2KB

                                    MD5

                                    4028457913f9d08b06137643fe3e01bc

                                    SHA1

                                    a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14

                                    SHA256

                                    289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58

                                    SHA512

                                    c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

                                    Download Submit

                                  • memory/1304-33-0x000001A0C3790000-0x000001A0C3806000-memory.dmp

                                    Filesize

                                    472KB

                                    Download

                                  • memory/1304-2-0x00007FFA9DF20000-0x00007FFA9E9E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/1304-35-0x000001A0AADF0000-0x000001A0AAE0E000-memory.dmp

                                    Filesize

                                    120KB

                                    Download

                                  • memory/1304-0-0x00007FFA9DF23000-0x00007FFA9DF25000-memory.dmp

                                    Filesize

                                    8KB

                                    Download

                                  • memory/1304-34-0x000001A0AAE20000-0x000001A0AAE70000-memory.dmp

                                    Filesize

                                    320KB

                                    Download

                                  • memory/1304-71-0x000001A0C3910000-0x000001A0C391A000-memory.dmp

                                    Filesize

                                    40KB

                                    Download

                                  • memory/1304-72-0x000001A0C4610000-0x000001A0C4622000-memory.dmp

                                    Filesize

                                    72KB

                                    Download

                                  • memory/1304-1-0x000001A0A9050000-0x000001A0A9090000-memory.dmp

                                    Filesize

                                    256KB

                                    Download

                                  • memory/1304-90-0x00007FFA9DF20000-0x00007FFA9E9E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5840-18-0x00007FFA9DF20000-0x00007FFA9E9E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5840-8-0x00000190BDFF0000-0x00000190BE012000-memory.dmp

                                    Filesize

                                    136KB

                                    Download

                                  • memory/5840-13-0x00007FFA9DF20000-0x00007FFA9E9E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5840-14-0x00007FFA9DF20000-0x00007FFA9E9E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5840-15-0x00007FFA9DF20000-0x00007FFA9E9E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download