957c4185da5894c6746b3225a5137e42a1130f4c20ba58148c0f0ee258875019

Analysis

max time kernel
80s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

7KB
MD5

626ec1ffe13be5c4969562d84c49d86e
SHA1

143005c5504ddbde91524e895d8e7fa5454f2cd0
SHA256

80105f4f0f1a2da3b761c6c4b2ce88b8099a53a1b7549d049642862a288c4a6b
SHA512

1e9197dfa33668fb6f4acae4e80292f36f683e2f6ddf7a0395d72510edd851b681811424e0ccbacc8d1f7cb80b246d90d6596796af1a75ae286a1fea967efbb0
SSDEEP

192:3fj8jiZKdxRhRqDGuCTt5sKhlj9t995awCKOCI4JsbJNSyI0gaC5WmWoND+zDfg6:r8jm6xRhRuGuCTt5Vh59t995v1OCI4JS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005369d61e60b0494e95eb084c1b37202d000000000200000000001066000000010000200000001cb737adb2627426773fce73cd7878f5e70fc8f8b17f5b2208ebf5484a98690d000000000e80000000020000200000002285046b59cda025e280c97d31e246e058d14e2215c71e03492da184b31568a8200000008c91de9fb4e78fa892bc4bdbc525bbea41622b766a1e4f0a11a937d152a51c094000000062e613d17cca52eff9b149f8fe46422d9ff19c59a1791714765fd53d1e1de9245dee34cace6565ea56557528ab6a23b95cf04cd6fb6d7a31619ba63ff5c09edb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500e0cb1e7b1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005369d61e60b0494e95eb084c1b37202d00000000020000000000106600000001000020000000ce13cbd74ee5d27eb18ad3d900feedbb4dcf2732d0ca4be90c4313c0d681b381000000000e8000000002000020000000d9abefddd621cce0bdf73532183af4dea3010a26dd89998d113a6f8980d399af900000004c8c5e0218b1be043784e2fc2ba68bca4e568737ab0a416872b04dc0a03bb9c49c831c32e832fba4398806a311020e5467199f7cf49e4ffe0311559bc9c898fce9b076be6c5506692f2e17e0279284f39d360583e3b9d547ebcc45b0b01626532197f693494ff185643856f777fc63868fe85ac1755c6a51cd356c440d60d56202f99e166b37bfd5e3ba2d5f3e57147a400000005cbc49cca70084ba011eb9f9221c1ce1217577d986e7fcf10abb539fb64c44e3fdc2f81150826208e9513cf3a271e66f8b23cba641454fda41c616c9e57a2d50	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423163024"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAF3C901-1DDA-11EF-BD10-4A4F109F65B0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
484	chrome.exe
484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1948	iexplore.exe
2732	msdt.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2664	1948	iexplore.exe	28
PID 1948 wrote to memory of 2664	1948	iexplore.exe	28
PID 1948 wrote to memory of 2664	1948	iexplore.exe	28
PID 1948 wrote to memory of 2664	1948	iexplore.exe	28
PID 2664 wrote to memory of 2732	2664	IEXPLORE.EXE	30
PID 2664 wrote to memory of 2732	2664	IEXPLORE.EXE	30
PID 2664 wrote to memory of 2732	2664	IEXPLORE.EXE	30
PID 2664 wrote to memory of 2732	2664	IEXPLORE.EXE	30
PID 484 wrote to memory of 2456	484	chrome.exe	37
PID 484 wrote to memory of 2456	484	chrome.exe	37
PID 484 wrote to memory of 2456	484	chrome.exe	37
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 2136	484	chrome.exe	38
PID 484 wrote to memory of 1196	484	chrome.exe	39
PID 484 wrote to memory of 1196	484	chrome.exe	39
PID 484 wrote to memory of 1196	484	chrome.exe	39
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40
PID 484 wrote to memory of 2032	484	chrome.exe	40

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Windows\SysWOW64\msdt.exe
    -modal 393502 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF5928.tmp -ep NetworkDiagnosticsWeb
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:2732

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
PID:1616

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60b9758,0x7fef60b9768,0x7fef60b9778
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1480 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1928 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2240 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1272 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3788 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1368,i,17643767045692205246,4863338066374758121,131072 /prefetch:8
  2⤵
  PID:1268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17b92e06acf2379ede6e31a445bcacbf

SHA1
eebab94967c79ddb2e8511894780ebbe21647f49

SHA256
0b978e92943714a1aa2ce9293b09d11bf17019ea56514f28fe6d8c984acb4741

SHA512
0e7a0d19dca9b2dc5c680953e0ee278c813b2e27a324124e968014ab43fb104a7b9625cf782dea2432e99ab595785895f9eed2c9384b1654f3c1964b2ffebe15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aed1fa34887b04567f9244216cd00ba0

SHA1
f8c96f5a7b4378f4d6f1862616735989ee5dba21

SHA256
cb1ba6af049995ea2b6eb5aae1e0873a77a6acd4e2a729ef1118b154accee55e

SHA512
181b07fd3af979307a225fde47907bb8ed261c9013d061ad4f70696d1f0ce91ea941ca89ac23452f57bc5506fe7cd0f673abce74464fbb27eed7a0ad673e768f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90f3b39661a22596ae1bcc555182198a

SHA1
6d173b01736ed9cf2c8543aef067b45802ee3343

SHA256
8f5250b2017811374cd8ba593439c000cab611632204009e8c85c4da6f80f1bd

SHA512
e640118596fcbfe7a67dbcefbdd5d0447d363541b4426e613e766e542763f0bdc105f5a3ad5e2cf301f3e7972586a9f93c2997a058e8d440a555459b0d392b04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4601995a5bfd32cb0cfeea1e82f39e0

SHA1
86bc4b169970e7d4417e8d405b7c1cf64d8a3626

SHA256
2f513f3995f4f2c97810350cad9f5f5fb3e6b382594f2b76fe882650c41e0854

SHA512
df818388dc97194d684e2c50091c5b51fda6aa9be4238c1b58bbd03b31f08321cb94c2b557877700d997afbe2ac0d5973688f68d8631c7ebde9bb625c5b3416b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cbfb08326109121c28a4e02d5c02e9e

SHA1
d4586479c1b2d5ebe8aa66fde5275aef29385d9e

SHA256
a7742df88dc6656625310a7b0932e26211fe8b5a0debfbcb7ee1227cff2f587a

SHA512
81e97f7801c8f7fdbbe36249db4982c0ab3c031ca24546130ae3cc5ac4119682a7ea7c3e68c4cf01b9f3f78d66d9bb50ef1982b6ef82caebdca41d56139c38ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
575d38d0d75bd2c5040246a9e287e1e9

SHA1
cb1a1d8c5877ecb577b5c4fb7c83d8a39f3ac0ad

SHA256
f03f50d0bb76a4263ae49b1812bee772107b771b47d7c04ade6cd7a242ed59e9

SHA512
0cdee87ca47ba4cd2da4cf5fb4a9d6605a006e35476b3fb7c84527a70c4464c88a4281280f14c637aec563faf17785fcc5a860d2e58cfc9fd4c32fc813e089ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a6a9a3837413b7b9a29c7447a5bf0db

SHA1
6045d63847bdbaff8d16073793664997d7336582

SHA256
cce06624d07a32b0c6fb3140910c68627bd1c0e04f1e9d783f703865dd73d8a1

SHA512
f407e6f9fcb13e67b191cc10c35a3ea15b5b7e42a3d29f21a207ba5ac8c210491c8e8dd168bf21cd83feb8dd82b8ad1d7643ee7253b617d7b6ec48638d0b7b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
513a36ac218c640612ab939ccb203873

SHA1
27c77364cae1069aa2012317599df0b0a9002042

SHA256
f6f515626be379097e7d20ed1349621171b2f52d12b6baab77599054d54ba20a

SHA512
747dd1e747b991f15776587bb0e87c3fc38a34293b9fe812047fb6729de5537968b59e44501673cb6269a3e3375321aba1e985c9a207787877e1de90fabbcf67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
349ab90b086d5485a167acadfddaf706

SHA1
78f4615b94921e4cf383012e7bce4b680a21436b

SHA256
ca6539dbc0cb57964be099827fb8109f79857e9f0338a3c6c30d866afe40ffe7

SHA512
64daf838e8c8bf1d94d2e14c79a962d1838d2f7e7b0b9a06316d2062a64fdb6af9a11944c56b3807bbb1fe2ac982b34b798b09b1df22ec86bb04cf6d7f3a84ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a317c41ccbccccb62a9329348d57ed6

SHA1
b3b6844c666d7487f98e04647c45423f86cface9

SHA256
cb6f602d91ad288a03e8a54a272c1ed3371c85abe252f7ae7f75165e92ce889c

SHA512
f68c334c498b61d99f1b792a150a029c36a641565ff15573049c4587bfc9462dbb6cb62ad11caf9700964ba7e1b1666d5bc6564086b47e4bc8ee7b4001ac401c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ef657bc958a7991b3de5497bb05ceda

SHA1
c79ae2b6e95289aeeb0b5d9f430ad0d06bb46e39

SHA256
6a0fc075ca6cc496b1ba106c17d76712d19e4345ab140e817c9dc778ac256e7d

SHA512
a5a013e7ce6a175e05b732fa33015c95577b85594061399a4dbf8c4551762ee8c5033214e7b6956e7f1578fa089ee2c595cc664ca61205796a95bf49304d8774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04930223ffe26dadf78301c376bb251e

SHA1
2e43f094315bb3169901e68bfb2a796a252f314a

SHA256
19b2e55582c2cf0f34ce12c54f97b8055a236d6b72ed7b9fd33acc44fdc2115d

SHA512
65f0440c5dd075bdc6fc194a1b9901a88a0fa3c944340a977e50aa3264063234f033dbed61d7019f47afe47f3c3a06b09aa154db7d3d70caef8ee4de14ec7e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f57bc30119de36d318174fc524608bf3

SHA1
8b33dc7811e01310278f556ea1b2113be0b31453

SHA256
b9ad234c25d1a2bd78a58a9c9fb974e187c85eca0dfbea250f699c3ab85c721d

SHA512
d1446a789802bd5eeca34a78afca21d5374c63cbeabb628592d49431c8a633b06eba45b24a1dd4acc5fd8a4dff94691e9295149ebd57bb0713e9efba5aa38725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a644d3207b09aade3dfb08ece98b9c2

SHA1
1c151e84e2c3b8595d9931c5e7b4bfbed1dabf4c

SHA256
e050761dc577e439c2524f29194a94d1f9a4698d9ae65eaf1d84402669883e02

SHA512
5046d3cf3233d77eab0ab20e12b5496f534c1c5eba488a6e623b9e49062d55e905b6c68cc05c176c54b2917b76e68f45bd778e4ef62f3b4335364d5c944834c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b92dceaec23956d8980b7fbd21ed85ed

SHA1
13211627de32bd7bfff8776c661032f7794a9a63

SHA256
31d05fa89ad6dc523f2d87816911a2302df9ece389f8318d0398879f6f4d3798

SHA512
ee28f92d2d79fe375da723fca0db9f43ba1a3a1d2a047eddfd309b36a5ba835aa63a268a5d3c35e25b452868127dd3331bdd5528c4c941dafa75e1c2ce04cc98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44201814840fdf14495f4baeefbd232c

SHA1
2d3318a2d96da430ba3342093348f9050fe96394

SHA256
8b58fc5bbad6ddaa76349891204a3ab3fd2e603b85d517c93e593571f898cda8

SHA512
8d9cd14b60aac14a8add8066ee750c8349ad0b87473731e4f55639a38e67ba6499fed739efbd75e7271f4045e46a1f4096a7d60f63d47759969ac633bc2dca07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f0cd7e4223fbd2acc3317c3f5a86071

SHA1
ab8b9090136523eda1874636559a739bd86a139d

SHA256
41a330040581b5d3eb0e392b2d4d000f356bb190bed31541c5d3a64bf891fba7

SHA512
89e0940de8d8db13f6da129a5f2178792f4469f9b98ec8244d8e80a96aeea4ef6772d61155790e2c952917a4d537019cbb1a8a9c232468a72b593d8af438dd76

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024052916.000\NetworkDiagnostics.0.debugreport.xml

Filesize
66KB

MD5
4368413fd1bb0cd3f963b5c428722b0f

SHA1
17da966b2b6663b9adbf1c02c0e0dc9360e53d1e

SHA256
4b1a2880d65e44563525b94dd98c9791c107c7f4c1eb367045b84865b944b3d4

SHA512
55e929e5f871ef07d1c3f6029f60c991d209992be56e22dfce7e2a8231b900b7535def7d8358b4d36cb15c38e366a19819c3b8e073fde89e15d6e4d4e572bbcf

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024052916.000\NetworkDiagnostics.1.debugreport.xml

Filesize
8KB

MD5
65f74fee9faf098a3a982592b589e539

SHA1
2615f793004cebd7d02b27a0e029549182bfdb4f

SHA256
552a03eca93c2131ef0231c0b60aef08bf5691545f463989fd20f6512ae50ecb

SHA512
c7f93964d126e2d54a0e8e6c5c9112cbc3da284b196fc8b736c4e1aa8530729effa284299119c4f9ae2d04a51b15a03a0095da53e74c63c1e9b4a147ca2d3384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eddc5eec03b3f117e7a4ca36eeb9a38b

SHA1
8f6680b6a0f9a9f5ef803110082abfcb5b1ffbf2

SHA256
254b79c06dab247167194c92b51e9f1184dc3b26228f2f78f60fee3ceaed5df4

SHA512
2f1a6917b74b3c02b2873e4fb7a8ceac3a5d79bcea657b824afa2231c60cd3ca71cee8a08ca358a162d48f00feaa39185ad5ac7df6f70a97ec33dd65f58edbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e3f39e2fe6ebf56fe82f0f552df90663

SHA1
0a6b2f95ebcb7e5d1e98735890448b0f65deb8db

SHA256
00b786264b703b2a4e8e1766e3737b52c68b999e4effd80209aada6fa03f696c

SHA512
94c7c8addb2dea0b9437a7b488bd21d40cd397d94848ce6e0e3eba783cf19e83ad073fe50f761e82c1add4093d01c77b9df918ebe3c87dd872e39cebdfde041d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2992.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF5928.tmp

Filesize
4KB

MD5
05b363c5e2105f7f14f3251ae85491d8

SHA1
116d91f19cc02fd2d78511ec8a2ee16aad09deae

SHA256
e9b5a1e9b572eaa6f769abb492daa3f7209892359e559bf0751a3a566e83075f

SHA512
7c212cdf76098dd989de1fe3d0b7d880c188f0d718e844ced621d17b479d594d5f050913694828599492754000254ed54f5ea9c8a7bd2004eff207ec683a773e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C0A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\TEMP\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\NetworkDiagnosticsTroubleshoot.ps1

Filesize
23KB

MD5
1d192ce36953dbb7dc7ee0d04c57ad8d

SHA1
7008e759cb47bf74a4ea4cd911de158ef00ace84

SHA256
935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

SHA512
e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

Download Submit
C:\Windows\TEMP\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\UtilityFunctions.ps1

Filesize
52KB

MD5
2f7c3db0c268cf1cf506fe6e8aecb8a0

SHA1
fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

SHA256
886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

SHA512
322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

Download Submit
C:\Windows\TEMP\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\en-US\LocalizationData.psd1

Filesize
5KB

MD5
dc9be0fdf9a4e01693cfb7d8a0d49054

SHA1
74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

SHA256
944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

SHA512
92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

Download Submit
C:\Windows\Temp\SDIAG_19b5cf52-c57a-4aaa-98f2-33891f44d522\DiagPackage.diagpkg

Filesize
152KB

MD5
c9fb87fa3460fae6d5d599236cfd77e2

SHA1
a5bf8241156e8a9d6f34d70d467a9b5055e087e7

SHA256
cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f

SHA512
f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3

Download Submit
C:\Windows\Temp\SDIAG_19b5cf52-c57a-4aaa-98f2-33891f44d522\result\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Windows\Temp\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\DiagPackage.dll

Filesize
478KB

MD5
4dae3266ab0bdb38766836008bf2c408

SHA1
1748737e777752491b2a147b7e5360eda4276364

SHA256
d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

SHA512
91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

Download Submit
C:\Windows\Temp\SDIAG_c6d48a83-f000-4569-bcc2-142a47d82086\en-US\DiagPackage.dll.mui

Filesize
13KB

MD5
1ccc67c44ae56a3b45cc256374e75ee1

SHA1
bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

SHA256
030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

SHA512
b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

Download Submit
memory/1616-835-0x000000006FC61000-0x000000006FC62000-memory.dmp

Filesize
4KB

Download
memory/1616-836-0x000000006FC60000-0x000000007020B000-memory.dmp

Filesize
5.7MB

Download
memory/1616-837-0x000000006FC60000-0x000000007020B000-memory.dmp

Filesize
5.7MB

Download
memory/1616-1239-0x000000006FC60000-0x000000007020B000-memory.dmp

Filesize
5.7MB

Download
memory/2732-834-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download