35b63718a69aeb066b873e0439d29d9c72220fb8d41af52f2c872945aee245a9

Resubmissions

01/05/2024, 06:42

240501-hgjfjaac2v 3

01/05/2024, 06:39

240501-he57hsab71 5

30/04/2024, 20:51

240430-znhk9afe8y 3

Analysis

max time kernel
118s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TUI 737- MAX 8 MAN.jpg
Size

43KB
MD5

960c670e5f264fdfd32bfc2912a69154
SHA1

cc4f65846d8e30a0c7524164fecfd87ffbe24ece
SHA256

35b63718a69aeb066b873e0439d29d9c72220fb8d41af52f2c872945aee245a9
SHA512

d5fa59dd7c255bd9c41a61637418e736412e5ea1ac395a20d6debab7ce0eae7d75daaf34443b35c192c1e82fbd02f62723b257bcf94d4dcc66e0d590356d2ee2
SSDEEP

768:z+Jqv+vbEgzKTa6U4uGVqtS8wPCaJQ19pwPn7RMnPJN+jsDwgNx35qA7:z+oiIgZhs767+jsMgLp3

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\system32\NDF\{D446D899-AF31-4181-8C2B-75764B7FB74A}-temp-05012024-0642.etl	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{D446D899-AF31-4181-8C2B-75764B7FB74A}-temp-05012024-0642.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5248	ipconfig.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590192510869083"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\RAS AutoDial\Default	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
5656	sdiagnhost.exe
5656	sdiagnhost.exe
5928	svchost.exe
5928	svchost.exe
5324	msedge.exe
5324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeDebugPrivilege	5656	sdiagnhost.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
4248	msdt.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2084	2520	chrome.exe	93
PID 2520 wrote to memory of 2084	2520	chrome.exe	93
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 4024	2520	chrome.exe	94
PID 2520 wrote to memory of 3100	2520	chrome.exe	95
PID 2520 wrote to memory of 3100	2520	chrome.exe	95
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96
PID 2520 wrote to memory of 2184	2520	chrome.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\TUI 737- MAX 8 MAN.jpg"
1⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcc1ddcc40,0x7ffcc1ddcc4c,0x7ffcc1ddcc58
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1856,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5192,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4516,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4676,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3188,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4636,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3324,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:696
- C:\Windows\system32\msdt.exe
  -modal "917596" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFFF40.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4432,i,14373825038072925415,5070168761335601118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4092

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5036

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5656
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5820
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:6088
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:5248
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:5284
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:5316

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5928

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:5956
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:1412

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:5984

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault83d40619he42dh498bh9469hc196e794eb3d
1⤵
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcc2b546f8,0x7ffcc2b54708,0x7ffcc2b54718
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10771295229156459011,8246261769640814073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10771295229156459011,8246261769640814073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10771295229156459011,8246261769640814073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050106.000\NetworkDiagnostics.debugreport.xml

Filesize
209KB

MD5
481e954acd4f4c26814a65c53c3f4fda

SHA1
16a36cd5cbd9628b46e1091ff43c8881c02788f4

SHA256
723fea7251a799c1a01f091fc33dbc37dfa5474061065cc6a9a66762a6884f80

SHA512
13b2c26957bba7bcc97fde5312776c232cf304830481b7d601b399ca7c0d5bbc9944a949727420a0cc5e66acdf6468534b18fc580572e31d81a6f511da9e12c7

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050106.000\ResultReport.xml

Filesize
38KB

MD5
dd6be2025e1682715c5842b13137a3c8

SHA1
3b6fa5a6da5653616f71aa9739da5ca695fb98cd

SHA256
209172343ec19bdcf1f817b3ee4625aadee15481a331ee21110bc4c740ea0f11

SHA512
b3b8759bc0f3bad0d6ef15513692f2e0e12e853abfaac6b7f727079f22474278fa1a91336e99c384ac4fecba83949437df38fccb2a5f5afbc88ad6c8712c3c31

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050106.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f22dc31ff7b668dd11cde05cbfdcbd75

SHA1
97541ca3e243def1b885bde8a35cb6485e2415f7

SHA256
ad626387d6bcb294e6da7df994eb6b67f1e75d749af444f819996274f74ac371

SHA512
9cbc70b48749a5d05d76d0282b46c5f135d39979e455f9e4f593540c25923e474c6cbf2c63c82448b05dcd59584644568648a7d9117089901461a74440448e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
251538384642faad07ac3ee3acf8227d

SHA1
d4d043bbae50c380b0d183bb088be419a6fdcb05

SHA256
a0a0a16a51e888861264481f6f55359a7875868f8e94dd232dae487d35e28981

SHA512
393ea445bab332026ba4475f81e72f038dc38b461a52515312627f13859ed583beb3b3e86f13cc51bcb37a4c08349f98eba98a270e91836eaf94ee8ff872422e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
451ef264abf00ea6d868cabfb117b564

SHA1
dd97dbbf5466a9e680df33f0ccead468abfe1fd1

SHA256
af03c9570542bfb47db1875095c64d463e387fffed676648fdd513e151d803c3

SHA512
26eae72cd280f7dd8d020087ea6d76b759e892621836428a808e62d7f20f777ba265e54615c661574cdcf9de64d3fc3abdc5792e2f86be4355a88e6fdb4d2717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e511566969fe71cb6b042c80724503ec

SHA1
052f73202cd4998bf9d2aa9a31e8d24e226765bf

SHA256
0e0ee40901c678601eebf21ed1cf7909bb3b0cab52e1d38efb6b10708597bd8f

SHA512
2d76abd0fc2f38f6a0714c106f83886fbf0a498354dd155f827ffee127b8c39dcac08c77e3f0053599bc1ee349684d9133ef6e5ca055749239464cb52fa3ff36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8d4f05778da909be374a700283d92de

SHA1
a6187aaf25417651b9e73a8fc8eeefb1a589f885

SHA256
d7e0c82bc0bacaedf94d9a52d9b7663562025cef96534a872aef8168809266ae

SHA512
4de122de5177e5c2833c1677dd1e96b619b401dbb58fea78a8ff58f0382cd2f794ffd252cd9063ad0a04c4788930bf702f99098e3987849e0bbba6789054548c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
927db0edc6aa003b1a425470e4d25561

SHA1
0a69aad8cee925bd9611920c2f07c0a6ccdfcc25

SHA256
26cc597c7a2bc4203a7a0f5226e9e055da300d3e61cf518c01b34e526dbd612b

SHA512
710bd1a362baad5c6d7a01a0da939438c558242fb4ee2a319f10c148cf8942ad8b2f1d4cfdfd98094a5c45ddde16c615548e8014f549affc76a1af45832cc98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d30872c78ea81aefda3310b4fb966427

SHA1
301ebad06ce3979986f8826b7a04d15c4b3f58b9

SHA256
e57b97578390920bc6b91f6b54e4a84d7f4e58621704db0593555999ace6cda7

SHA512
ec422be3c64cfd4c15f30dd66923b0bf1b32219796c023efc64a24ee7dabb866eb3a92ad7ce725aea80dfa11fedb37e6efb9fc19c914b40420285b00b2b0bf7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
21d27f45e7e4c262d6fdbc95efdc39d9

SHA1
ed69e11ee9d85b631f0d9353b3e5ffc74b56c30d

SHA256
30125808421acc0470f9b18bf4b98c794d3bbad844e72ecb2cdfa8e925566237

SHA512
182c9eecb70f35f2e6be12f5ffd9af7379f2b9195148f1af5d68777a54e76ec334bcb6ceecc406b80a4b014bd7f961ad1cf48135a7bdcc6acc04aea6d93cf124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ed77161b8fb1fdc77b1e51bdebf7dc88

SHA1
27e8d6195b492a885c368d66812b273534c5630e

SHA256
d352f8013e21426fc26dd5d21ec608530966cc828717ce3eef0e6b11fcda21e2

SHA512
1a9b7d0ccc383f5d6f2f47a80d55165df1bd53fe75e3d3d2e807a0f739ebb0b0d2aa07809f6c4326dc336117f09f4c31a16c688fe150b390267912ae42dc97f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c6f5099a7a6a83a5d389930128c3cf0

SHA1
cb31c7897940f21d3d287d258844a00c82bd61ec

SHA256
9674fbd07502a984756ce39e9b43bb9b2ca26c0193cf36f316b5d6112793b1a1

SHA512
6362f891b9bb0f26ca7320854558e374b5c448ab3e2be4f8d53fa655965e692f1a04000e0b19dfe0ef40e76fb47414b65f03071370feef20c79e0107c603e5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6bbe85dff505db9fe110166314650f27

SHA1
91a76ffc3e65af6173a5a7978dd3b51ffc79381a

SHA256
7f960bd68e8015637d0424dd5d7cc4fb0b78d711ecb97589da711b35f60c26ba

SHA512
1920f097313189cf5453033bbaf89af1090c6295e6cffa0c6839161cd654fcf1504fdf3c8366a921710636c43ba897a7c63440ff11de60cc27c531a61a193e98

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFFF40.tmp

Filesize
3KB

MD5
3bbd6cfb9550771226f3a9401dacfd25

SHA1
911fd7dd9ffd55031a2d6d43cd89b297f4739837

SHA256
051adb559b1925c7d00ac39fa0c204994579ab6ec33afd4667e6638508a9c69e

SHA512
9425e15f56fdce62ab47abefa1b558c8519d8f7b2e9a5ddef583723b8c6c7438d04a8f39412fd0fa6f62680f915e021a7c886b006e7a611558705df4f2298320

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nsdxvqcl.5wb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC455.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
387b056ee0524323437677f5553636e6

SHA1
caa3f951a4b380a0ea8efc47ba46f121694f555d

SHA256
026ffd5c238b612b615372c9df568dc9d476ec533146763ca216f3febf4de789

SHA512
8661f7cb130e4fadba237739a02529010e237e4c6775789062acc3f6a832c52d7903957d0b00303dc61415ad14bc795c06374dc05a6c052d3c710b6afcf01675

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC455.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC455.tmp\ipconfig.all.txt

Filesize
1KB

MD5
9601d10072ab4465c2cb5e2ed356ac57

SHA1
1c6f2270029b544a4a54d7757145b179d8f814ee

SHA256
5a9e5a1fa0c0ec97c4d31ef179ddedc94118d6bef4ed45e5db4e2dfcfbc74a0e

SHA512
865fa0f7c45b04c195debc5015b7eb36cafca132d3b19c680c4aeee8f27d51dcfbb721ba273f77ea4d1f972420448f30e57b477ba7172a8d35b15606b36ef78e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC455.tmp\route.print.txt

Filesize
4KB

MD5
c53f1612bb0230f1715ccaaa58bda412

SHA1
43a048dbcc46e753e4cff95841ba1b457b8ae624

SHA256
393d166dcaa4afab36a90fc6978587c52bf102613e12471fd732ccdf4e0467d1

SHA512
9e96ea71af64b6d393940f187125426e9838083291bda04b1410938ba8798ed29a66c507b7cbb014c16d90e066edbc50755463bec879fc1ef411f4ee822f0aff

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC455.tmp\setup.inf

Filesize
978B

MD5
321b26c6de07b48d591c4703da9993c3

SHA1
c8243cc7b9900624a87ae113e9b8e9031577aad0

SHA256
9b233aedc2de564f595b70561ddd367dfbf462fedd7f6df10e4be18cb1c0f0dc

SHA512
b464a688812b06aeecad2cd7a6b6837b4c3fd261ba12612b9a7c24937a7f363e0eb70e58b9001e65891042d396136bfaa9169bac25616dd558e29401db598314

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC455.tmp\setup.rpt

Filesize
283B

MD5
0668e69c3718f8847331d2d4d38f205c

SHA1
fbcb8e9f2b7a07f1772a58b1754d10aed8d28cd8

SHA256
e077221e32c4873d97826813c8d08ba0869bcf739464b8dfadc832d321ecf3df

SHA512
079fe0fccac15d777816a4379e473d6bbfac9dd3d95fdfc62f47ada4b5ef88532443a25383007fbd1b05bc041770ec7bdb4b65def285b2bdf83f0ddd86ee98eb

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\NetworkDiagnosticsResolve.ps1

Filesize
11KB

MD5
d213491a2d74b38a9535d616b9161217

SHA1
bde94742d1e769638e2de84dfb099f797adcc217

SHA256
4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

SHA512
5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\NetworkDiagnosticsVerify.ps1

Filesize
10KB

MD5
9b222d8ec4b20860f10ebf303035b984

SHA1
b30eea35c2516afcab2c49ef6531af94efaf7e1a

SHA256
a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

SHA512
8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
C:\Windows\Temp\SDIAG_c5230487-2728-439e-b09f-3d91aba42df4\result\D446D899-AF31-4181-8C2B-75764B7FB74A.Diagnose.Admin.0.etl

Filesize
192KB

MD5
42bc25bec3a3b0d53ec2b7121840fa89

SHA1
e1d04e10962136c2fe09c681af9f34474b5394da

SHA256
7fbebd418ab50c964e3103c77fdd1293bc3059db4af3fdec31253a73432210af

SHA512
f2e46a80a285a686c7390ecca4a6b89b9db9f4fff10a8b53c0de65968ac5f4edbeae5c3977982cec56b2eb2b6fc3d65d986fe5841093da0b83df2f2e69e06db7

Download Submit
memory/5656-435-0x0000021A702A0000-0x0000021A702C2000-memory.dmp

Filesize
136KB

Download
memory/5928-441-0x0000025CA1810000-0x0000025CA1820000-memory.dmp

Filesize
64KB

Download
memory/5928-445-0x0000025CA1850000-0x0000025CA1860000-memory.dmp

Filesize
64KB

Download
memory/5928-449-0x0000025CA1D10000-0x0000025CA1D11000-memory.dmp

Filesize
4KB

Download