af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Resubmissions

30-05-2024 16:03

240530-thqrsaeh82 10

26-04-2024 19:20

26-04-2024 19:17

26-04-2024 19:15

26-04-2024 18:18

26-04-2024 17:46

18-04-2024 16:20

17-04-2024 20:42

Analysis

max time kernel
135s
max time network
136s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
26-04-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2832	advbattoexeconverter.exe
2832	advbattoexeconverter.exe
2832	advbattoexeconverter.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	svchost.exe
File created	C:\Windows\system32\NDF\{A5F2624B-D9C3-49C2-A4BF-C9EC6BE25C0F}-temp-04262024-1919.etl	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{A5F2624B-D9C3-49C2-A4BF-C9EC6BE25C0F}-temp-04262024-1919.etl	svchost.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1100	ipconfig.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586326967439877"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial\Default	svchost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
5532	sdiagnhost.exe
5532	sdiagnhost.exe
5900	svchost.exe
5900	svchost.exe
5900	svchost.exe
5900	svchost.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeDebugPrivilege	5532	sdiagnhost.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
4672	msdt.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 3480	2956	chrome.exe	84
PID 2956 wrote to memory of 3480	2956	chrome.exe	84
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 744	2956	chrome.exe	85
PID 2956 wrote to memory of 4980	2956	chrome.exe	86
PID 2956 wrote to memory of 4980	2956	chrome.exe	86
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87
PID 2956 wrote to memory of 2492	2956	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cd9cc40,0x7ffe7cd9cc4c,0x7ffe7cd9cc58
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4392 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4800,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4564,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3412,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3552
- C:\Windows\system32\msdt.exe
  -modal "262682" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFEFBF.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=212,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=1248,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4892,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4896,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4412,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4560,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3812,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5296,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5184,i,14010135025839690049,6242103189400435289,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4852

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5532
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5688
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5992
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:1100
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:3736
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:2844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5900

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:5932

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:6052
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:4624

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042619.000\NetworkDiagnostics.debugreport.xml

Filesize
209KB

MD5
2f8f8ba319bcf14ad26fe9e05594a001

SHA1
8df37e045d9772c31b6b159e985be1065177be70

SHA256
1e45e23c7034f5537e98eefe12fd17c26e20cd02ed963ba5d4b34b7e1b1d7306

SHA512
7c8c71e76d8620f5f33ed79ac1e59891c88942dd8eb10b5e632a5da625e6eedb71cc5d79c0b6af2d48c5f726989dea803ed8b8a0c8ee137d1229e7d7a8ef9dc6

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042619.000\ResultReport.xml

Filesize
38KB

MD5
b9a474219a0fd065b78ed9340c3c3f14

SHA1
0debcb37d8be122f76e22ffeb516f12efe1bfea0

SHA256
e84c51c366bc2fd040d3940f8286b7ee776003a11920f7fecfd6ed054f6b3a4a

SHA512
0379a61a94e70ec98cad0d73a370e178a440ed65ead04a8af5bcb14378f65d02b02dae0e6bbb746feefe9b9fa5af494149a1a7a2eddeb7360f6fe6472bacb93a

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042619.000\results.xsl

Filesize
47KB

MD5
90df783c6d95859f3a420cb6af1bafe1

SHA1
3fe1e63ca5efc0822fc3a4ae862557238aa22f78

SHA256
06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093

SHA512
e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2e3360552ad35199221d573471608aff

SHA1
a5c6a52cf6e02d053735e68e128c0ebff60ef6fc

SHA256
f9a5b85d3039cce9a5ac332b2ee4e178a83194dacb588bcfa6dad2883e8aaff9

SHA512
a449803d56455e2610ba5eb414891ffe3fbba827db0d4bddb119f5ad64fc09fdaa57caea974197147da7f520ee97cd4175822a798195258e1df9a0acb01a6b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2c41443d9c45aca94a958e0081e6a65

SHA1
37af1ad9a3f9c96997dd3e899b97edc8283317ec

SHA256
fb21f9df0a7ddc5f3b15729b89ea9030858d6bb3dccb921db8f1151bf89b80c7

SHA512
0122cba9bbaf9eb0a522e7e50e95e5ba0e28ac1b34c1306610c86ca331235b50b6612397cf67509a1bb7af2f52176c765b7a6de17a97ec4f3b3728998daa5eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f2c73ed303daca8133412559778c470

SHA1
d657fbb64930d5beb334ca58057baa56af587e0b

SHA256
2ff5c38953bc9469c97d022a5430537fcce5f9ae8998735e51885060b1658782

SHA512
469370f4941ce822ec9585fcebf44136a56644c5513ce476d16f89689e06135903a9c2f76e52f5e4fb50a35ded3a0b64d7b91cd72d3177759bf23f8f3f0f8cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dec2e62bc892fb8672aa03f2e96756b

SHA1
f38bde487ef4b90923725128a4e5ecd2aa2d6568

SHA256
e2286a6696c48d7b4d4b440f81c74eb477203daeab0c4afc67e171f4f92f7b3a

SHA512
fd7176288f904f38cc9a75762129349e35db28401ff10b0698fa5339e423b39d49aca16b7652bf1ae540661cac1c9c202ab3d8dda733feb92655d53ab77a26e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
739218416172cb7b6247956c6e6750b0

SHA1
b8c3daffc63f21cee188581b9c2d581e5260278a

SHA256
2e419de722fec0571ccdcdbf34b6dada3ab0d90b9b3d52a14a9fc5363656c7e0

SHA512
88f819c5e589e60635d90ba8b2da8000a67a4c32e2e52bf41e667df22b0b783c7f41f481e538f543ef584aac57b8170f3036731cc19dca71ab7e9a8d6e16f857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56ef39f9eb3222d965e343091ff273c0

SHA1
6f0a2e2f16de2ce8e59cefa44247f70a32a788f5

SHA256
32efa34964108461f260d186cf8e61634c3af0fa2869f8c1b590f700ad8da455

SHA512
02b5ec17ca27bf5405c8bef1d37c15a594f0d9f565991ffaa6b84c35cd7a449498a43cdd695e502ae53d1a7cd7b967e49109a3526fd2327014fe522d5870c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ad7f34602da6c3adb0ef2f184f8b5a5

SHA1
f324c3754869036e9ab679a5951940979bfd6451

SHA256
9ceeeae9161698c2cc622f119170c79dafbff2a7b6f4ea7838a75f9eb073907f

SHA512
8df512301b8730af4fdc2a9d6c5446fec700bfa698e21fcce0abfc654becc2a04e8bd1e6d2759c364a1672fab57cd1f265f81dbe6ba63d6aff615b0ba1d17645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d85d3cecc5a9082b42124590fd2a7bcd

SHA1
2238baf3bc963962bcdb20aecf0bea6f24d271fc

SHA256
d3dde2e637e98646ebe1d98d90010c27909be84e5a7bbaada742d05f4490035a

SHA512
7c2526e33cf4952e7c2c07fef4ee3003bb4be81878e23ff7d3f5cf303ec7df89b71dde7f089e29ad99e3d2f116f47fef501b0bca15c6df94129f04403fac3985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fce30d272cf447a165b3a47a8e11fd9b

SHA1
1982cc3c92b52f8d67f699ef6a83f0d4c98bb2ec

SHA256
2a03a29c67ce2ad25cb270c8a26df2578e952f65fba533a4061929cd464149a8

SHA512
10b85668b132b0d06c3ccc3e6f1377272c1a11b79f69ddf51aab03e907bb68f514f32dc995ea7a61d874fd57472caa3bd804856d97a41e4e17407c4fc31ef729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
7999d6a36adea8f7788dbccdb24a4dc8

SHA1
c7d125221f939641c702ff41dfaa1d718a1c6b9a

SHA256
0e1bd5563fa7098ad801bd9cacf85a4cf9e9c82f5a3e2e929453a6cc9491e72f

SHA512
47b984ad2f97f570e4a67cabcae9042e07b311de194c62d0f1e0d8a6c7a3d425b2b75b3b17db0de7435bd0244d8f625a7f2612661655aefa82e9ae667c65469d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c14cf024-e3ab-43b8-8274-de09886dbcf8.tmp

Filesize
77KB

MD5
fad818afc2a38671fffa381491f146e6

SHA1
4132316172f8f859ddbf51f7dcee357451699315

SHA256
4da20c13352becae87853cb4a61c4da022a565cd9c235c4eeb682d3d6dae68cc

SHA512
2c377fbf59eb68cc7ef81aac61930b120780e61d80632b2e256c55f8d726bfc2c869214bc809bea09aaf8ed1d457f7549995023790f695d26044c1e3d0145e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFEFBF.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kxd3ojqg.5sk.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA31.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
a9f42b8b80b0beee94ecbd7643ba9123

SHA1
3062ba4ebe34aa4decff68866d81892bd6f86c6b

SHA256
ab5f59213a8eb7df0bad5826994e58e993f640e45e021bddbc91b6ab150f0a36

SHA512
bc7df58272ae31537d0e0b33b3aaa37855a73996b1b3ff1e296f60e444992a13f2f2a9bf849e692525a0c478de039479adcda89e9ca04db328babc400d9af658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA31.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA31.tmp\ipconfig.all.txt

Filesize
1KB

MD5
5d20fa88574f8af49d1bd4a5e794bb8c

SHA1
50cfe60c0cab2b4674b03aebea869c79e6483fc6

SHA256
41b86add274a623ff180b3bb87bd7dd9940d62c4e70bc927c82583b5521ea328

SHA512
5894987b4418e3cf0aa90e0dcd91cb0fa98f914a154cccbad9ac0e107c0daf087c31fb6d417fbb420f1b150c7568bd8c1b3222c55172edeea946826b205286c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA31.tmp\route.print.txt

Filesize
4KB

MD5
dffec2f52777193d8c0f8f7b59d092ed

SHA1
74a13d3b9ccfd17a7e8d2a7c60ebbc5c63fcb6e9

SHA256
458f23a6a8d60b8ad59d1a3cbd3b55b44d035e4c3337f6e04acd1c60ecb27bf5

SHA512
69de519893372076ef26efa0b25440d513158e272d8952ff54f20c124f63238239de24cb10486585a39bc15ef2d2c95b223c531c6a2b4400104f16e114650567

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA31.tmp\setup.inf

Filesize
978B

MD5
1161d52b430af5ff48ae023ec394c74a

SHA1
4ffff68481f59508536796ea62e273027c5463c0

SHA256
5dab7b12c6158c96367c6e037bd9930c3b748a28f3c2c9dab21d3aa105ad7c1a

SHA512
4262fa624683f8a163e5448639d6696561cc959f366f1a9730cdbae6394f5407c4d8ef4557c0b75773d2e931de03c250ba3390dc3c9e3aa585d16bc3ca3f981e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA31.tmp\setup.rpt

Filesize
283B

MD5
f3386465e572c731198c770a4aa86285

SHA1
4f25b832fab2cd117c8049ed81122f65d92e1c76

SHA256
8554256a4087397524d3d58f240e60218c82188e1afa25703cb64396fc6da097

SHA512
f190702a54d83355cfe23973701d99d96aba8d1250a7c6c8c5970d693119a1bcfc95d9761db950fe256e88790d258003c29cc301a3bf1819834da06f1c882bd7

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\NetworkDiagnosticsResolve.ps1

Filesize
11KB

MD5
d213491a2d74b38a9535d616b9161217

SHA1
bde94742d1e769638e2de84dfb099f797adcc217

SHA256
4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

SHA512
5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\NetworkDiagnosticsVerify.ps1

Filesize
10KB

MD5
9b222d8ec4b20860f10ebf303035b984

SHA1
b30eea35c2516afcab2c49ef6531af94efaf7e1a

SHA256
a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

SHA512
8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\en-US\LocalizationData.psd1

Filesize
5KB

MD5
91f545459be2ff513b8d98c7831b8e54

SHA1
499e4aa76fc21540796c75ba5a6a47980ff1bc21

SHA256
1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff

SHA512
469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

Download Submit
C:\Windows\Temp\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\DiagPackage.dll

Filesize
488KB

MD5
ec287e627bf07521b8b443e5d7836c92

SHA1
02595dde2bd98326d8608ee3ddabc481ddc39c3d

SHA256
35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694

SHA512
8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

Download Submit
C:\Windows\Temp\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44b3399345bc836153df1024fa0a81e1

SHA1
ce979bfdc914c284a9a15c4d0f9f18db4d984cdd

SHA256
502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d

SHA512
a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

Download Submit
C:\Windows\Temp\SDIAG_b39913ee-9a67-4b87-bba2-c49f7dc2349d\result\A5F2624B-D9C3-49C2-A4BF-C9EC6BE25C0F.Diagnose.Admin.0.etl

Filesize
192KB

MD5
76923b8fdd75506dae5f8ee8135cb5bc

SHA1
e40b2328fc755c68093375fb5030ecf33ff07864

SHA256
c0210729b3d6f5e5c39af82aeb44c1afcc7c044bfafe57033dc145df12838744

SHA512
8e1c28827ee715efe7c39a2224ddaa39999a1202bd3b9d0e2ba21a46308db88b73c5ddaabc0778ff72fc9a2cca0474b8f7371b3a63dcea6b49c5adc2b1371017

Download Submit
memory/5532-450-0x000002A03F3A0000-0x000002A03F3C2000-memory.dmp

Filesize
136KB

Download
memory/5900-475-0x0000023215FC0000-0x0000023215FC1000-memory.dmp

Filesize
4KB

Download
memory/5900-467-0x0000023215E00000-0x0000023215E10000-memory.dmp

Filesize
64KB

Download
memory/5900-471-0x0000023215E40000-0x0000023215E50000-memory.dmp

Filesize
64KB

Download