Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
19-05-2022 07:24
General
-
Target
https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak?hl=de-DE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak?hl=de-DE1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msdt.exe-modal 328014 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF3EC6.tmp -ep NetworkDiagnosticsWeb3⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\msdt.exe-modal 328014 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDFCBD9.tmp -ep NetworkDiagnosticsWeb3⤵
-
C:\Windows\SysWOW64\sdiagnhost.exeC:\Windows\SysWOW64\sdiagnhost.exe -Embedding1⤵
-
C:\Windows\SysWOW64\sdiagnhost.exeC:\Windows\SysWOW64\sdiagnhost.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5cc4f50,0x7fef5cc4f60,0x7fef5cc4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1036 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3212 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=656 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1740 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3132 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3108 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3044 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1075291092481913287,6164638775197699368,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:12⤵
-
C:\Windows\SysWOW64\sdiagnhost.exeC:\Windows\SysWOW64\sdiagnhost.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63Filesize
1KB
MD560b3ecc11d722d74de4c9a3df9d556b4
SHA17c06f819e90a777bd7969c534ff2e796b07f1bfd
SHA25630f4bee4ab4756c731ea2df39a68452ae05b280c16e2bf8d4dba5b575a223003
SHA512783868202eca1d3d69ddf2bff5ee8fd1118d9ef3bc2b99d83bc567f2051c5a47e8f19e31f2ef81fa6f691bfdffde6d0ae98d67d97d22c97295f1e302005fdb3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63Filesize
434B
MD584765ea7bc1f2772d62a3a5afe64f466
SHA1ea0684c326712072dd19726380c97c4577864769
SHA256c9b36f9f4afdaf40bda4ae549ed3fc67273276813ce9540a73d959b108654184
SHA512314e93d29da56e64e4497df121a123443c1a7ed073471d21f96e07caf8e9b8668b4b991d99a176e9b3075cc0fc3121b70c743bc294a16d67bf6104c42af2b29f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cf796fab821d2c735ca11cb3cba8b1cc
SHA1ed2db5b68f3adf411e25d1012ee969ff91ed52ed
SHA2560eed72c653594ac1f07af73d7e5c15385e22b668888da498491230e86206c0c0
SHA5121d0de2f644dc2ca48bbd5bd5c7b49e87885405e7724110a5cb8dc9f10c07ede7c59e810210bbc71a9a7a6da714d71c228171da6128b0497c126d4a1b3585db94
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\latest.cabFilesize
17KB
MD5b1caffbfa28d00b34c2f17f0484bfb3f
SHA168a0b578b51cfef2fca571f324b02d581d7fed36
SHA256586003fd2bec208ba03e3bd95e5a308510878bbdb178c59552fbe957393726b8
SHA5125cade99b34fefeaf1977fdc26334aae899ea004ad971d020248a2233cd599cc8e9eb17d818c92e712bf2b9a63cb75b19f31df944cef920c5ea3c80faa08afce6
-
C:\Users\Admin\AppData\Local\Temp\NDF3EC6.tmpFilesize
3KB
MD50c301ac80109f3d2aff195c63d4919c5
SHA16348f4d2fe750fbd4f6677858a536337b02379f7
SHA2569d4772eb168f31d9423a96353ab8669a252fc862b314aa9e31ec81aae6cc1e20
SHA512f2ee83f87873354280d30dd6120075da609c39ee87de17e77f044f5e06f458d9e796ca9a40e930855752432c89a3832f5045148a5311fa9ff1a7270363a99912
-
C:\Users\Admin\AppData\Local\Temp\NDFCBD9.tmpFilesize
3KB
MD50c301ac80109f3d2aff195c63d4919c5
SHA16348f4d2fe750fbd4f6677858a536337b02379f7
SHA2569d4772eb168f31d9423a96353ab8669a252fc862b314aa9e31ec81aae6cc1e20
SHA512f2ee83f87873354280d30dd6120075da609c39ee87de17e77f044f5e06f458d9e796ca9a40e930855752432c89a3832f5045148a5311fa9ff1a7270363a99912
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5YEH3OXW.txtFilesize
602B
MD5fa051292509c97a47ccd0ee53559ac25
SHA1b89d75594ba46c8a721a3c41e483168fd253e89e
SHA2565e66870ea0e01da5b8e5ef4d8096ade220fcc9cb54f611f00eaac43a997c3b42
SHA51209e4d943bb0c518dd34ee4da215b02c891b0f08574cef9d15abbcafba3cbc3e2a19451d74d18a586693696a7f9b296b4a9b9335395de5c0a35ca87a62a42342c
-
C:\Windows\TEMP\SDIAG_229aca4c-b0c2-4011-b546-5c608ecdb3cf\NetworkDiagnosticsTroubleshoot.ps1Filesize
23KB
MD51d192ce36953dbb7dc7ee0d04c57ad8d
SHA17008e759cb47bf74a4ea4cd911de158ef00ace84
SHA256935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
SHA512e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129
-
C:\Windows\TEMP\SDIAG_229aca4c-b0c2-4011-b546-5c608ecdb3cf\UtilityFunctions.ps1Filesize
52KB
MD52f7c3db0c268cf1cf506fe6e8aecb8a0
SHA1fb35af6b329d60b0ec92e24230eafc8e12b0a9f9
SHA256886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
SHA512322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45
-
C:\Windows\TEMP\SDIAG_229aca4c-b0c2-4011-b546-5c608ecdb3cf\UtilitySetConstants.ps1Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
C:\Windows\TEMP\SDIAG_229aca4c-b0c2-4011-b546-5c608ecdb3cf\en-US\LocalizationData.psd1Filesize
5KB
MD5dc9be0fdf9a4e01693cfb7d8a0d49054
SHA174730fd9c9bd4537fd9a353fe4eafce9fcc105e6
SHA256944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440
SHA51292ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66
-
C:\Windows\TEMP\SDIAG_b7f3d96c-49c0-49fc-a9c7-d88b67a60df7\NetworkDiagnosticsTroubleshoot.ps1Filesize
23KB
MD51d192ce36953dbb7dc7ee0d04c57ad8d
SHA17008e759cb47bf74a4ea4cd911de158ef00ace84
SHA256935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
SHA512e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129
-
C:\Windows\TEMP\SDIAG_b7f3d96c-49c0-49fc-a9c7-d88b67a60df7\StartDPSService.ps1Filesize
567B
MD5a660422059d953c6d681b53a6977100e
SHA10c95dd05514d062354c0eecc9ae8d437123305bb
SHA256d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813
SHA51226f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523
-
C:\Windows\TEMP\SDIAG_b7f3d96c-49c0-49fc-a9c7-d88b67a60df7\UtilityFunctions.ps1Filesize
52KB
MD52f7c3db0c268cf1cf506fe6e8aecb8a0
SHA1fb35af6b329d60b0ec92e24230eafc8e12b0a9f9
SHA256886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
SHA512322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45
-
C:\Windows\TEMP\SDIAG_b7f3d96c-49c0-49fc-a9c7-d88b67a60df7\UtilitySetConstants.ps1Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
C:\Windows\TEMP\SDIAG_b7f3d96c-49c0-49fc-a9c7-d88b67a60df7\en-US\LocalizationData.psd1Filesize
5KB
MD5dc9be0fdf9a4e01693cfb7d8a0d49054
SHA174730fd9c9bd4537fd9a353fe4eafce9fcc105e6
SHA256944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440
SHA51292ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66
-
C:\Windows\TEMP\SDIAG_ddd8bfa8-313b-4ea3-a87f-981c85951144\NetworkDiagnosticsTroubleshoot.ps1Filesize
23KB
MD51d192ce36953dbb7dc7ee0d04c57ad8d
SHA17008e759cb47bf74a4ea4cd911de158ef00ace84
SHA256935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
SHA512e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129
-
C:\Windows\TEMP\SDIAG_ddd8bfa8-313b-4ea3-a87f-981c85951144\UtilityFunctions.ps1Filesize
52KB
MD52f7c3db0c268cf1cf506fe6e8aecb8a0
SHA1fb35af6b329d60b0ec92e24230eafc8e12b0a9f9
SHA256886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
SHA512322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45
-
C:\Windows\TEMP\SDIAG_ddd8bfa8-313b-4ea3-a87f-981c85951144\UtilitySetConstants.ps1Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
C:\Windows\TEMP\SDIAG_ddd8bfa8-313b-4ea3-a87f-981c85951144\en-US\LocalizationData.psd1Filesize
5KB
MD5dc9be0fdf9a4e01693cfb7d8a0d49054
SHA174730fd9c9bd4537fd9a353fe4eafce9fcc105e6
SHA256944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440
SHA51292ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66
-
\??\pipe\crashpad_1492_NCYTXFCKTEIXUJNJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/524-55-0x0000000074B51000-0x0000000074B53000-memory.dmpFilesize
8KB
-
memory/524-54-0x0000000000000000-mapping.dmp
-
memory/524-57-0x000000006FB61000-0x000000006FB63000-memory.dmpFilesize
8KB
-
memory/652-59-0x000000006F4E0000-0x000000006FA8B000-memory.dmpFilesize
5.7MB
-
memory/1776-70-0x000000006F4E0000-0x000000006FA8B000-memory.dmpFilesize
5.7MB
-
memory/2972-79-0x000000006FAD1000-0x000000006FAD3000-memory.dmpFilesize
8KB
-
memory/2972-76-0x0000000000000000-mapping.dmp
-
memory/3032-86-0x000000006F450000-0x000000006F9FB000-memory.dmpFilesize
5.7MB