6199825ca433dd97a463e1b2241b44ad4cb628ab114d1dd8db429de24f4c6cc0

Analysis

max time kernel
188s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2023 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

6KB
MD5

e07ae370fe33bbd8b197db3711b07f2a
SHA1

e90475376d3b3f19801f0706e76b1cb785cd7235
SHA256

144b214e88c77063c6bceff2a3d0fb08fb2bf03a90216aadcccb194d69edef9d
SHA512

afd36c726a7678c6d54753bf1c47b262bcd6902f8b382f82e0c862459b8b114fe718408531baac6129b1df01ea6ccfd40f063debb19a5365a0152c1f5c7a549a
SSDEEP

192:HyHeCxViiMvZlfFq/FxvMsKOsNaCdCjVHB:Kxop6vMM5jZB

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\NDF\{1C8B4960-50B4-49D3-B62A-23F27293C062}-temp-11232023-0136.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{49f64fbe-ceb0-49af-a16b-51b901e232ee}\snapshot.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin	svchost.exe
File opened for modification	C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1873812795-1433807462-1429862679-1000_UserData.bin	svchost.exe
File created	C:\Windows\system32\NDF\{1C8B4960-50B4-49D3-B62A-23F27293C062}-temp-11232023-0136.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File created	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{49f64fbe-ceb0-49af-a16b-51b901e232ee}\snapshot.etl	svchost.exe
File created	C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-1873812795-1433807462-1429862679-1000_StartupInfo3.xml	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5044	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31071661"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31071661"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 009a597ead1dda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8CE6D36D-89A0-11EE-88E4-DACA3DEA6480} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50826463ad1dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1633005218"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000353523d43f2231aaf48f15c8225f51a2c09f7f5cf194a7bedaa933ad6c568983000000000e80000000020000200000004f698802b705a44d5ae53757e56815de96628826412c359bd7f3c9d1f95e9c1e20000000dc97bdea8e56daefa3939c02fef237a26ea41f5ac56c45f1d3e696e1fedae6e8400000001437b2a69b47fa6622cae742e4e98036cd9e7b314327694536df7c05f895e72e5a3589332552a5440261b3824a0e078a7fe99a8c544c314aa262eed96a4053ee	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "407468290"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31071661"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20247563ad1dda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c6516bad1dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1644410486"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb910000000002000000000010660000000100002000000071053c840d5e375cad673822276a9eff66e3bfb6d760409caa038f82ccec0ff3000000000e800000000200002000000034fff8fb319e6b75a1facd64a6f53f035a6dc08edb60f8c4828140ff915a5bd3200000001cbe35d0b48f262cac07dba09fed348473334994764a5bee45a0023de6195c2e400000003e3d7fc0930d699185d15d425fd78cf76ced540d80a1dfe7158f246e6a91980914663b29061e1967cee29801e6b0a491df2c7d477500ebbe34741c696d478d4d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb910000000002000000000010660000000100002000000038511b811fa5d173805421ca7eb4b1f4d2809c9f17845d54014694e4b8a33d4c000000000e80000000020000200000007514c88ca4cba4e2ad04b116f80952546ce6e1c3e006aa6498e9caa5936cb147200000005cbed301dce4800428d60d569157801910285bffc450613b60803f3cf4ae8413400000002d7aadc8c4832a48febd99e6b57b500c8988af203bf39ceeb046eec86923a90eff30ed5ec0073de626b768c2ca80c64697980909b57395ed5c39a41094696aeb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb910000000002000000000010660000000100002000000084c1887e480a1c9aadbae6e4a4f3b5792571f2332e38dd2eb67a0fc6ba4d18ba000000000e8000000002000020000000e5b27dcf181dc185f71563da8156b537631eb4593a6e5e9e53783e5f1dd1f07320000000bc80f85bf2b39e4d45ad2657c60ef491e94f6ebea002bb8c91d22359cc4a2eb540000000a4e52abe4206302c376012d6023acb85d0f1a2c12f9b190c02116b8000d885dba05d174634fc86bd01495af02f56bd466558c97c621b9c5c8b7c15a6cba4bca9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1633005218"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2212	sdiagnhost.exe
5112	svchost.exe
5112	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2212	sdiagnhost.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4164	iexplore.exe
1184	msdt.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4164	iexplore.exe
4164	iexplore.exe
3744	IEXPLORE.EXE
3744	IEXPLORE.EXE
3744	IEXPLORE.EXE
3744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 3744	4164	iexplore.exe	83
PID 4164 wrote to memory of 3744	4164	iexplore.exe	83
PID 4164 wrote to memory of 3744	4164	iexplore.exe	83
PID 3744 wrote to memory of 1184	3744	IEXPLORE.EXE	96
PID 3744 wrote to memory of 1184	3744	IEXPLORE.EXE	96
PID 3744 wrote to memory of 1184	3744	IEXPLORE.EXE	96
PID 2212 wrote to memory of 1764	2212	sdiagnhost.exe	99
PID 2212 wrote to memory of 1764	2212	sdiagnhost.exe	99
PID 2212 wrote to memory of 1764	2212	sdiagnhost.exe	99
PID 2212 wrote to memory of 3948	2212	sdiagnhost.exe	104
PID 2212 wrote to memory of 3948	2212	sdiagnhost.exe	104
PID 2212 wrote to memory of 3948	2212	sdiagnhost.exe	104
PID 2212 wrote to memory of 5044	2212	sdiagnhost.exe	107
PID 2212 wrote to memory of 5044	2212	sdiagnhost.exe	107
PID 2212 wrote to memory of 5044	2212	sdiagnhost.exe	107
PID 2212 wrote to memory of 3968	2212	sdiagnhost.exe	108
PID 2212 wrote to memory of 3968	2212	sdiagnhost.exe	108
PID 2212 wrote to memory of 3968	2212	sdiagnhost.exe	108
PID 2212 wrote to memory of 3940	2212	sdiagnhost.exe	109
PID 2212 wrote to memory of 3940	2212	sdiagnhost.exe	109
PID 2212 wrote to memory of 3940	2212	sdiagnhost.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4164 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3744
- - C:\Windows\SysWOW64\msdt.exe
    -modal "983080" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF8E7F.tmp" -ep "NetworkDiagnosticsWeb"
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:1184

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:1764
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:3948
- C:\Windows\SysWOW64\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:5044
- C:\Windows\SysWOW64\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:3968
- C:\Windows\SysWOW64\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:3940

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5112

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
PID:3996
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:1152

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
1cab7bc814a92d41c8d3bd5c9577449d

SHA1
a5e9d7046bef68021618ca0ea2e6c3cfef910739

SHA256
a9826ba2c7389e30f8ee191ed8830004d8e93c056e43af4421d5a76fad7c539b

SHA512
bfd2b027b1d99547f5b7f3bfdf4b02bf0601c19cc9ec1a940a3a1f9e9b9c720b6053909a09d81316895a72dbab38b0eeac37fd65fe9555e3bd9ac599f40985a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
40dd9f77f61aef0bc76160cb2d245678

SHA1
37e9db9e4ea106d01d0c9a2934cfe3597152efb3

SHA256
b8d24ab7933434addab188b2da1c4eec86bee559a22f2dd471c5f1bd0b4beb25

SHA512
facd8cb152820d4f0895d2b1a6244ce2196cd89e8a8d53a16ddb4cb518882764937249714831b192a9cae78cf2a07c32f92f8f2dc7853a98695505ed18bd2ee9

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023112301.000\NetworkDiagnostics.debugreport.xml

Filesize
209KB

MD5
ea58cb2591e418253242abda3a86c1d5

SHA1
aca426bad5f4f624dd689f81b2d1c105c362b3d2

SHA256
5b4422d8ec167f88155c8042b2d3653cd83867ab64ba02181b97fae035582a0e

SHA512
2a06ea43d19cd2fa6e5097ce3e513cea89e4fd88055139ec7aae844ef3a780d9e09e3ea96779e6d17c6ef7c1f7091309f10bd100fc862ba6cfded7f4e4896a47

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023112301.000\ResultReport.xml

Filesize
37KB

MD5
5a95e6f3e6aeb0b51d9f79fee0bd26f7

SHA1
2dc0205ccd14ef0a9738fb7c3cc5591f02605a22

SHA256
48539c67d8966214ccd7847eda479af5e7f3d8ac872e51f19b59d421efeb2a58

SHA512
6b65c5542b27f2a72ac9b8d3c45c5a13dbb68411dbc1f02fd4b149a4e6ea1f89e9809dc9f027fb66b2ab42ce6a494839e548a613652610d7bcb8029fc15e0aae

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023112301.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-11232023-0136.etl

Filesize
192KB

MD5
983e626b97d9ba9a8acfd58b82e0823e

SHA1
ebbb0cfe0f066322a2b7cfa3b5e4ca5b7f3ed897

SHA256
5100994139d5094a01e68c7ed1df3cf7619aaf3128b9ee42b4c33ec10e788202

SHA512
e4779544562ee236d29c7862130930b36b2c9b69ae60f7eec92454e81fc3dea24ca9421bb9bf2576182ce28f86e82e8c1d1cb050c8e8e6c2fba957f7c162fbb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F5C5X26J\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF8E7F.tmp

Filesize
3KB

MD5
c8a457639400b818425daf8fd796c402

SHA1
d0955e65fc1718de720dba7ad7cd7b1caaaa06e5

SHA256
5a96f7959bf5ff02b0b9540987d0402b9c0e41083b088c12a4ef9a7af2d00d80

SHA512
5af6f164640a9ebc3744f7872334cda7e8aea3e0d99b1da2d99fe33526b12b5f0770bec861f712c213d12a57273dd0fb047546570e87bb3e80356a430999bc5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mkxsqo5i.cyj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB69.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
761b94d2508235e68c811c8d131b392b

SHA1
bcf3b504f666a820806b07ade0a61f8671255f45

SHA256
714ba9d6f72271afe0e7a555a7d9609f4c76816932dabbc7e1620c187fc5cfc3

SHA512
706abd32c8f843126ad5095f645123a03322b0af115767fcefebc0343552588f1f5a9199769ad36930642b7689575f74d3ea4ac918b42481be1bd4cb5011715a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB69.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB69.tmp\ipconfig.all.txt

Filesize
2KB

MD5
2632f07fe37fc5740b073b25ee814a1e

SHA1
ca3c89b030d282b274cbf1dd88c60726bf6352a5

SHA256
394646a6e9f70e2dcbef4e123901a927da6184e4539ad7ac0102b4a107d45b8b

SHA512
e0e7c989d43a5c755ebadcf38d4469aa5c664e6492029ce9076cccd1e2e5f0e939bc555efa815269c43d3fbeb334ba3141c1d929a5eec1cc85368c02b5dcb8fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB69.tmp\route.print.txt

Filesize
4KB

MD5
692089c45dad84542b3c4066512ccf5d

SHA1
e8befba599568c8ea19584bc0a6dff0c43d13345

SHA256
4c428eb5de4705dac44595794005a8fcf9dcfb15ad84ae1cc20e89781734c0d1

SHA512
9968fe25a17ec715371937ac123dae891bdb19f2f410b911fb46f8344775fc48f2286a456708da1a14f822bf46107cae010cd52ffabf322b684651b4ca150e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB69.tmp\setup.inf

Filesize
978B

MD5
03ea4b5298d8dfdeb8aedb42290b975b

SHA1
8b3c8da6c2c21d1cc4a720b353084a7c9c73ef09

SHA256
ce452809acdc775a2543a0fc1dee5c6ef8676a8c014234d02cac7f47933ad28d

SHA512
ddf431c59965767188d1115c948bcba655e987d49c990dc56052fb80d89b1f7c0319a02f9ed6860c432343892784a2236c63a87b5f125a651377c49b6b24511b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB69.tmp\setup.rpt

Filesize
283B

MD5
84aee40f1a0f3002aa99937f5c1af719

SHA1
578df1c0941690a455533ff30afef3a24240af9a

SHA256
104df447d053f7f6551509eeab1dd884dd0e632fccf6a80303cd5fe21b5bc58e

SHA512
e0bb8fc84284a36ce22caca27d12c36a520b9e726cb7ec2bfa6d74f0148b92b94721c7fe9be5381a34e18982bf48b717a16c2f10b48db70c614c8b5c2bbb339b

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\NetworkDiagnosticsResolve.ps1

Filesize
11KB

MD5
d213491a2d74b38a9535d616b9161217

SHA1
bde94742d1e769638e2de84dfb099f797adcc217

SHA256
4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

SHA512
5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\NetworkDiagnosticsVerify.ps1

Filesize
10KB

MD5
9b222d8ec4b20860f10ebf303035b984

SHA1
b30eea35c2516afcab2c49ef6531af94efaf7e1a

SHA256
a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

SHA512
8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
C:\Windows\Temp\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\result\1C8B4960-50B4-49D3-B62A-23F27293C062.Diagnose.Admin.0.etl

Filesize
192KB

MD5
983e626b97d9ba9a8acfd58b82e0823e

SHA1
ebbb0cfe0f066322a2b7cfa3b5e4ca5b7f3ed897

SHA256
5100994139d5094a01e68c7ed1df3cf7619aaf3128b9ee42b4c33ec10e788202

SHA512
e4779544562ee236d29c7862130930b36b2c9b69ae60f7eec92454e81fc3dea24ca9421bb9bf2576182ce28f86e82e8c1d1cb050c8e8e6c2fba957f7c162fbb4

Download Submit
C:\Windows\Temp\SDIAG_e51ef3ef-b0c4-408b-b742-0ee4641e6606\result\NetworkConfiguration.cab

Filesize
1KB

MD5
761b94d2508235e68c811c8d131b392b

SHA1
bcf3b504f666a820806b07ade0a61f8671255f45

SHA256
714ba9d6f72271afe0e7a555a7d9609f4c76816932dabbc7e1620c187fc5cfc3

SHA512
706abd32c8f843126ad5095f645123a03322b0af115767fcefebc0343552588f1f5a9199769ad36930642b7689575f74d3ea4ac918b42481be1bd4cb5011715a

Download Submit
memory/2212-389-0x000000006E7F0000-0x000000006EFA0000-memory.dmp

Filesize
7.7MB

Download
memory/2212-390-0x00000000048D0000-0x00000000048E0000-memory.dmp

Filesize
64KB

Download
memory/2212-408-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2212-537-0x000000006E7F0000-0x000000006EFA0000-memory.dmp

Filesize
7.7MB

Download
memory/2212-415-0x00000000048D0000-0x00000000048E0000-memory.dmp

Filesize
64KB

Download
memory/2212-410-0x0000000005810000-0x0000000005B64000-memory.dmp

Filesize
3.3MB

Download
memory/2212-407-0x0000000006240000-0x00000000067E4000-memory.dmp

Filesize
5.6MB

Download
memory/2212-412-0x0000000006AC0000-0x0000000006B0C000-memory.dmp

Filesize
304KB

Download
memory/2212-406-0x0000000004E10000-0x0000000004E76000-memory.dmp

Filesize
408KB

Download
memory/2212-405-0x0000000004C90000-0x0000000004CB2000-memory.dmp

Filesize
136KB

Download
memory/2212-404-0x0000000004D00000-0x0000000004D96000-memory.dmp

Filesize
600KB

Download
memory/2212-403-0x0000000005BC0000-0x000000000623A000-memory.dmp

Filesize
6.5MB

Download
memory/2212-402-0x0000000004C20000-0x0000000004C56000-memory.dmp

Filesize
216KB

Download
memory/2212-401-0x0000000004BC0000-0x0000000004BDA000-memory.dmp

Filesize
104KB

Download
memory/2212-391-0x0000000004F10000-0x0000000005538000-memory.dmp

Filesize
6.2MB

Download
memory/2212-409-0x0000000005540000-0x000000000558A000-memory.dmp

Filesize
296KB

Download
memory/2212-480-0x000000006E7F0000-0x000000006EFA0000-memory.dmp

Filesize
7.7MB

Download
memory/2212-481-0x00000000048D0000-0x00000000048E0000-memory.dmp

Filesize
64KB

Download
memory/2212-411-0x00000000068D0000-0x0000000006936000-memory.dmp

Filesize
408KB

Download
memory/2212-413-0x0000000006BD0000-0x0000000006BF2000-memory.dmp

Filesize
136KB

Download
memory/5112-444-0x000002D35F450000-0x000002D35F451000-memory.dmp

Filesize
4KB

Download
memory/5112-434-0x000002D3599A0000-0x000002D3599B0000-memory.dmp

Filesize
64KB

Download
memory/5112-430-0x000002D359960000-0x000002D359970000-memory.dmp

Filesize
64KB

Download
memory/5112-544-0x000002D35F570000-0x000002D35F571000-memory.dmp

Filesize
4KB

Download
memory/5112-545-0x000002D35F560000-0x000002D35F561000-memory.dmp

Filesize
4KB

Download
memory/5112-553-0x000002D35F3A0000-0x000002D35F3A1000-memory.dmp

Filesize
4KB

Download
memory/5112-550-0x000002D35F450000-0x000002D35F451000-memory.dmp

Filesize
4KB

Download
memory/5112-548-0x000002D35F450000-0x000002D35F451000-memory.dmp

Filesize
4KB

Download
memory/5112-547-0x000002D35F460000-0x000002D35F461000-memory.dmp

Filesize
4KB

Download