34.0.0 Boulder Opal
IR
577501
CloudBasic
18:48:22
23/02/2022
LHRUnlocker Install.msi
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ca17c1bbedc959ad89f1c1dbf6b7aa32
d24658face1f6fd3b457d7250c9b1a630798678d
8fb46d2d56dd411ad10862204849abf9a4546f1ab1d40bcb6b0cac284debc055
Microsoft Windows Installer (77509/1) 52.18%
true
false
false
false
45
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
false
36DE9155D6C265A1DE62A448F3B5B66E
02D21946CBDD01860A0DE38D7EEC6CDE3A964FC3
8BA38D55AA8F1E4F959E7223FDF653ABB9BE5B8B5DE9D116604E1ABB371C1C87
C:\Users\user\AppData\Local\Temp\MSIEF62.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Users\user\AppData\Local\Temp\MSIF280.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Users\user\AppData\Local\Temp\MSIF34C.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Users\user\AppData\Local\Temp\MSIF447.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Users\user\AppData\Local\Temp\MSIF513.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Users\user\AppData\Local\Temp\MSIF69B.tmp
false
22D986F98F87F5521ED2F3EDAA9374CA
9A1A233277E5A3A0A2565BFCAE593AF13B907EBF
8E896FF52ED8FF11CC74907ECB2A5B9B9267289E54C956F9C9E07E8BA3A6D175
C:\Users\user\AppData\Local\Temp\MSIF832.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xdfaoyo.lnf.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i2ddoyuu.1tk.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lf5no10l.5dz.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xhr5i13g.js1.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\pss341F.ps1
true
FC1BB6C87FD1F08B534E52546561C53C
DB402C5C1025CF8D3E79DF7B868FD186243AA9D1
A04750ED5F05B82B90F6B8EA3748BA246AF969757A5A4B74A0E25B186ADD520B
C:\Users\user\AppData\Local\Temp\scr3351.ps1
true
2315AD4D342DA36907D6F4869069497B
5E3E895E13CEFA06D808F1C68F78C0CC36257399
3CD5D3E66D38E6E65263815493D9E60E7F2B7409871849C9D59CFD114E4393FA
C:\Users\user\Documents\20220223\PowerShell_transcript.878411.jRMym6xB.20220223184945.txt
false
28C57BA3B7B030A70108B8AF781422EB
68D31051121C9DB8F3442D8327BDF4D544B3A0B3
BFE176E6456C0E5DF3681A93DEFF659AAC3890666B296ADB648F34BEFEE03F35
C:\Windows\Installer\3c1a5a.msi
false
CA17C1BBEDC959AD89F1C1DBF6B7AA32
D24658FACE1F6FD3B457D7250C9B1A630798678D
8FB46D2D56DD411AD10862204849ABF9A4546F1AB1D40BCB6B0CAC284DEBC055
C:\Windows\Installer\MSI1FD8.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Windows\Installer\MSI2874.tmp
false
5D25243E90673C44AC420D69676F9062
23234013562F7EF738DB615246D391B8E191B475
0DDB820918F3918496E414617536226AF08E27A7F13E5A58444F8DCF297A65D5
C:\Windows\Installer\MSI3268.tmp
false
3B340A09B1218A0E699D497E1651B366
B60163743239704D217C983F040DAF256EE31BCB
462B7E38D364571DF6751FFC2624CC993F19025909CCE39801217267E544AAF2
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
false
CA1354FADB546AD9B3BFCF11E530A8E0
FBEC253189D62BFB3C42EB50C195D380F7C53E43
284817E661E96F813EBFC20CFC991C7C3D72129E395D8BAFD24AFB898FF93EF8
https://t.me/LHRUnlockerMSIFASTINSTALLAI_CURRENT_YEAR2022ButtonText_Decline&DeclineAI_PREDEF_LCONDS_
false
unknown
http://nuget.org/NuGet.exe
false
unknown
http://pesterbdd.com/images/Pester.png0
false
unknown
https://github.com/Pester/Pester0
false
unknown
http://pesterbdd.com/images/Pester.png
false
unknown
https://www.thawte.com/cps0/
false
unknown
http://schemas.xmlsoap.org/soap/encoding/
false
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
false
unknown
https://drivers.sergeydev.com/windows/511.65-desktop-win64bit-interr
false
unknown
https://go.micro
false
unknown
https://www.thawte.com/repository0W
false
unknown
http://schemas.xmlsoap.org/wsdl/
false
unknown
https://contoso.com/
false
unknown
https://nuget.org/nuget.exe
false
unknown
https://t.me/LHRUnlockerChannelButtonText_Finish&FinishManufacturerSergeyProductCode
false
unknown
https://contoso.com/License
false
unknown
https://contoso.com/Icon
false
unknown
https://www.advancedinstaller.com
false
unknown
http://www.winimage.com/zLibDll
false
unknown
http://www.apache.org/licenses/LICENSE-2.0.html0
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.winimage.com/zLibDll1.2.7rbr
false
unknown
https://github.com/Pester/Pester
false
unknown
Sigma detected: Suspicious Script Execution From Temp Folder
Bypasses PowerShell execution policy
Sigma detected: Change PowerShell Policies to a Unsecure Level
Sigma detected: Powershell Defender Exclusion
Adds a directory exclusion to Windows Defender