hxxps://pin[.]ski/3JGNfXN

Analysis

max time kernel
250s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2023, 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pin.ski/3JGNfXN

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{3FCB5E62-3822-48BF-8768-03CB5ECEE0D2}-temp-07062023-1109.etl	svchost.exe
File opened for modification	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{eeb50a21-f497-43c8-965c-fb79a86a4b28}\snapshot.etl	svchost.exe
File created	C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-3011986978-2180659500-3669311805-1000_StartupInfo3.xml	svchost.exe
File opened for modification	C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3011986978-2180659500-3669311805-1000_UserData.bin	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File created	C:\Windows\system32\NDF\{3FCB5E62-3822-48BF-8768-03CB5ECEE0D2}-temp-07062023-1109.etl	svchost.exe
File created	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{eeb50a21-f497-43c8-965c-fb79a86a4b28}\snapshot.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
4652	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31043578"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d07cf951faafd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000b1568214ef3675504883aa2ce142a408a66703f19f201d400d3e35267d675249000000000e800000000200002000000092ed90a934de3e034d81c6d96886bdd53380842a182f4b9f111d68513f8596702000000027a5f53426b119f284cfe20b2262559c9765c5e8fafe39515703b428610441b140000000430b67829a4b1a03c00e1c4a49c7955f8b2d88f2c7e491dc9a441cf0dfdfba3dc9b5e4a2d01559a2c29431bdb98e438e71092027ea4278ea48c137ea87c6f4ef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7B8284F0-1BED-11EE-A3FC-FA0B5353CFBD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1354357213"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f9e351faafd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043578"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000006fe97713d72a3f14f62a7dc95e2f9c30d67072e06b3c3bf75d770ae9c5d28fa8000000000e800000000200002000000090909993e54b1dc4e7abfc3d41d214cfad5d91cff2fbd87ffed026a47468214d200000000a06d378ee0857359ea0f3330ce05673d6bfcf4d1548de2d7e987837139b06f040000000218c8fac8337624542ea6f1331d0d01171257a768a0fae8686399d4a5d50300a830f11ca3dd0360f648c2433687afb48efeb9fc12752dc2f84f5cd8ea2606b4c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1342014062"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395406704"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043578"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000121d4280207f23861b728349008caa11e12ba3d3b46d5789998258331c3af40a000000000e80000000020000200000001b80ba69e93e6c0571c2719e6c9d28d895a1656fb807a22235a36ddcf7e5ec1c20000000f04f533c8dca5f75edb645a313b0eba3009ca9da778d85b7c7d2c4605c77e67940000000f606d6f530dccba9eb7c9130c6e9459052f75e7d01a6df0d0bd33c2695d73404df3d092a6be2322e47c88f1e84625f44bc5d47a7d17b46b2ec1676799ce2acc3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d58154faafd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1342014062"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
412	sdiagnhost.exe
2624	svchost.exe
2624	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	412	sdiagnhost.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2648	iexplore.exe
264	msdt.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2648	iexplore.exe
2648	iexplore.exe
696	IEXPLORE.EXE
696	IEXPLORE.EXE
696	IEXPLORE.EXE
696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 696	2648	iexplore.exe	82
PID 2648 wrote to memory of 696	2648	iexplore.exe	82
PID 2648 wrote to memory of 696	2648	iexplore.exe	82
PID 696 wrote to memory of 264	696	IEXPLORE.EXE	85
PID 696 wrote to memory of 264	696	IEXPLORE.EXE	85
PID 696 wrote to memory of 264	696	IEXPLORE.EXE	85
PID 412 wrote to memory of 4536	412	sdiagnhost.exe	88
PID 412 wrote to memory of 4536	412	sdiagnhost.exe	88
PID 412 wrote to memory of 4536	412	sdiagnhost.exe	88
PID 412 wrote to memory of 4256	412	sdiagnhost.exe	94
PID 412 wrote to memory of 4256	412	sdiagnhost.exe	94
PID 412 wrote to memory of 4256	412	sdiagnhost.exe	94
PID 412 wrote to memory of 4652	412	sdiagnhost.exe	97
PID 412 wrote to memory of 4652	412	sdiagnhost.exe	97
PID 412 wrote to memory of 4652	412	sdiagnhost.exe	97
PID 412 wrote to memory of 2976	412	sdiagnhost.exe	98
PID 412 wrote to memory of 2976	412	sdiagnhost.exe	98
PID 412 wrote to memory of 2976	412	sdiagnhost.exe	98
PID 412 wrote to memory of 2596	412	sdiagnhost.exe	99
PID 412 wrote to memory of 2596	412	sdiagnhost.exe	99
PID 412 wrote to memory of 2596	412	sdiagnhost.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://pin.ski/3JGNfXN
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:696
- - C:\Windows\SysWOW64\msdt.exe
    -modal "589920" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFAEAF.tmp" -ep "NetworkDiagnosticsWeb"
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:264

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:412
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:4536
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:4256
- C:\Windows\SysWOW64\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:4652
- C:\Windows\SysWOW64\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:2976
- C:\Windows\SysWOW64\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:2596

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2624

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
PID:640
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:1408

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:1220

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023070611.000\NetworkDiagnostics.debugreport.xml

Filesize
136KB

MD5
37b4e90c8cf645984c13e147f4784b3c

SHA1
01f0327f5605890a3e2fda071214469a266e4043

SHA256
a78cf459d864c7ca3021795d3ce2a85a29d9108db59fe61fc8d1f88739a427e7

SHA512
6e845065b67d7fa5da104a4678afe622660fc50ee2f4bb11933a964e46ae52bd80b893728d6a983acd89edfc1ceb1d3057f3f102812b4d37ddc9338ffcef15e5

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023070611.000\ResultReport.xml

Filesize
37KB

MD5
984d7452ef6848edb79b13e1a88dce7d

SHA1
358771c6e2ea1b198a23113043591e4e703e25e4

SHA256
fab1ac904da5ae64c05c2d0ad17ec4f942e7c7dd06f3f7fceed0c855a6e38d38

SHA512
6cd62ef1fe42925623bba070b62346e65d730b72b2dabbd6c776c7f02c00f9fd5858017373a5fa58ce291d49e740f6628e8eb5c0885cf45d82004132833979af

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023070611.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-07062023-1109.etl

Filesize
192KB

MD5
e8b314dfb494f67c3768d721f1affc6e

SHA1
f259fba7b396f50e4c69a1c2c40a41cfe85ae71d

SHA256
41cb22df323311ee90c929b9853e23be9046dd22ff576681f3cadbebf0b25e6e

SHA512
7b93f5ae080e08fab0bf43af0d5e84c606c78d7c90b5242ec3ff499040aada42dd62cfaeb0c90c14c25bbaf958149df98aaa2ccdcab7603b963929a390ff8a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RSFEJP46\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFAEAF.tmp

Filesize
3KB

MD5
f6a38d7534a8deafac6038548307c71c

SHA1
b65d1f786532b7a63a2a96993dc956c482f2790c

SHA256
814b803f2357a1fee22663902882e55a186c70ca1e630a5cee155e065252571e

SHA512
f07634e57a7152e31f7ee433c7d06fd1b4182ab6c008dc197e735b2d9f62f579436d6b855980efe8b80b21ff575bc5331def3f007be7bcf52c3a655e8e6157f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lzxqusbs.xpv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF55C.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
72e0a5b5c3d9b86e9ec78d9d9f44b835

SHA1
029cc8930302a1527557d8a024873d5d74b244e7

SHA256
9008b7f6b9ee31fb1590cdb8bdfe97992cf333c0f128031c11daddc57f81da29

SHA512
f556fbdf2ee6ac23f77a0754de3340d6144e8f3ee9b5ab9dd24e5b96485b9b4bbca6c99bbcff956d71ccba58a540996e8d0d42357fb63c919a19e53100be99cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF55C.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF55C.tmp\ipconfig.all.txt

Filesize
2KB

MD5
ef653d4f4eb877f0b3d52ec59f082f49

SHA1
c983c066c3c55ac88679b79155b0b8c8bef486f6

SHA256
ee8a188dcd6fdba599554f3d8f30f1e9af881f640b1cdf5586ddaf99ec0dec4b

SHA512
58d39509d3c168156e5b434f1048a22af4ced7cb6a370b4c9f188f60a415e5c6f8f8c4a971fd5b8be99e949ffd3eed497cfaf8aaaf4ea86cc41ad465cb7d4176

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF55C.tmp\route.print.txt

Filesize
4KB

MD5
b8003a0cc11716ee06ad9bd04c93032f

SHA1
e78ec58081146b7c6fe3cf1bd215bd3057f9ed73

SHA256
1ac6f71a446686b475c7fd157b3bcca33fc9b9aab4ca2d2f06613be331654a26

SHA512
6b5157da98d204e76c54c717725afa363c8248b1939c3da61015d3a83633f607896f8c6a7e7b4212274fd6ed2c1aa4c8257446546a023a927da383bc0c848fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF55C.tmp\setup.inf

Filesize
978B

MD5
bad268ea7830b5a24f8d76e7958d9f2d

SHA1
501f0a6f51f28b456d0fbae90ac9189f91013195

SHA256
adb5745f03e827851fda69111fa8e73495826ae4f7ca31f368b059a75993620a

SHA512
2c752c22006eeb5045eefabdfc99ab72adfdc913d7361b81219727d8c61814ff2404a574ac1a540488b4c226cc428d2ec27b7b2a72e5fe7e26c62b90cb263382

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF55C.tmp\setup.rpt

Filesize
283B

MD5
bb106c0b6625747bc6b906347d425587

SHA1
d0eb6d31d270099ea2ecff06647e31a29b802cfd

SHA256
4d6415b7cf1eabb7595074c93928e6cc9019d20e6b2a4c16af4558a36d89cc27

SHA512
5b4f8635e4e2606be591011570533b9deec4c19006c81a9151b5085f626893aaac50b206d03ea2f3a259054398e868565ef1ee21113b24d5cfd2dbe1bb9ec67a

Download Submit
C:\Windows\TEMP\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
C:\Windows\Temp\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\result\3FCB5E62-3822-48BF-8768-03CB5ECEE0D2.Diagnose.Admin.0.etl

Filesize
192KB

MD5
e8b314dfb494f67c3768d721f1affc6e

SHA1
f259fba7b396f50e4c69a1c2c40a41cfe85ae71d

SHA256
41cb22df323311ee90c929b9853e23be9046dd22ff576681f3cadbebf0b25e6e

SHA512
7b93f5ae080e08fab0bf43af0d5e84c606c78d7c90b5242ec3ff499040aada42dd62cfaeb0c90c14c25bbaf958149df98aaa2ccdcab7603b963929a390ff8a6d

Download Submit
C:\Windows\Temp\SDIAG_a5a5f320-a3f9-4d37-a25e-81fca9a34f7c\result\NetworkConfiguration.cab

Filesize
1KB

MD5
72e0a5b5c3d9b86e9ec78d9d9f44b835

SHA1
029cc8930302a1527557d8a024873d5d74b244e7

SHA256
9008b7f6b9ee31fb1590cdb8bdfe97992cf333c0f128031c11daddc57f81da29

SHA512
f556fbdf2ee6ac23f77a0754de3340d6144e8f3ee9b5ab9dd24e5b96485b9b4bbca6c99bbcff956d71ccba58a540996e8d0d42357fb63c919a19e53100be99cd

Download Submit
memory/412-523-0x0000000005BC0000-0x0000000005C26000-memory.dmp

Filesize
408KB

Download
memory/412-521-0x0000000005AB0000-0x0000000005B46000-memory.dmp

Filesize
600KB

Download
memory/412-507-0x0000000005DC0000-0x00000000063E8000-memory.dmp

Filesize
6.2MB

Download
memory/412-508-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/412-518-0x0000000005970000-0x000000000598A000-memory.dmp

Filesize
104KB

Download
memory/412-546-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/412-533-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/412-528-0x0000000007990000-0x00000000079B2000-memory.dmp

Filesize
136KB

Download
memory/412-527-0x00000000076A0000-0x0000000007706000-memory.dmp

Filesize
408KB

Download
memory/412-526-0x0000000005C80000-0x0000000005CCA000-memory.dmp

Filesize
296KB

Download
memory/412-525-0x0000000005B80000-0x0000000005B9E000-memory.dmp

Filesize
120KB

Download
memory/412-524-0x00000000070F0000-0x0000000007694000-memory.dmp

Filesize
5.6MB

Download
memory/412-522-0x0000000005A40000-0x0000000005A62000-memory.dmp

Filesize
136KB

Download
memory/412-534-0x0000000005780000-0x0000000005790000-memory.dmp

Filesize
64KB

Download
memory/412-520-0x0000000006A70000-0x00000000070EA000-memory.dmp

Filesize
6.5MB

Download
memory/412-519-0x00000000059D0000-0x0000000005A06000-memory.dmp

Filesize
216KB

Download
memory/2624-544-0x000001DBBD8E0000-0x000001DBBD8E1000-memory.dmp

Filesize
4KB

Download
memory/2624-540-0x000001DBBD360000-0x000001DBBD370000-memory.dmp

Filesize
64KB

Download
memory/2624-536-0x000001DBBCBC0000-0x000001DBBCBD0000-memory.dmp

Filesize
64KB

Download
memory/2624-662-0x000001DBBDF40000-0x000001DBBDF41000-memory.dmp

Filesize
4KB

Download
memory/2624-663-0x000001DBBD9F0000-0x000001DBBD9F1000-memory.dmp

Filesize
4KB

Download
memory/2624-665-0x000001DBBD8F0000-0x000001DBBD8F1000-memory.dmp

Filesize
4KB

Download
memory/2624-666-0x000001DBBD8E0000-0x000001DBBD8E1000-memory.dmp

Filesize
4KB

Download
memory/2624-668-0x000001DBBD8E0000-0x000001DBBD8E1000-memory.dmp

Filesize
4KB

Download
memory/2624-671-0x000001DBBD830000-0x000001DBBD831000-memory.dmp

Filesize
4KB

Download